ifeg.info Open in urlscan Pro
144.202.4.162 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Submission: On August 29 via api (August 29th 2023, 9:42:26 pm UTC) from US — Scanned from DE

Summary HTTP 242 Redirects Links 13 Behaviour Indicators

Summary

This website contacted 31 IPs in 8 countries across 26 domains to perform 242 HTTP transactions. The main IP is 144.202.4.162, located in Piscataway, United States and belongs to AS-CHOOPA, US. The main domain is ifeg.info.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on August 2nd 2023. Valid for: 3 months.

This is the only time ifeg.info was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
35	144.202.4.162 144.202.4.162	20473 (AS-CHOOPA) (AS-CHOOPA)
1	142.250.185.72 142.250.185.72	15169 (GOOGLE) (GOOGLE)
1	142.250.185.161 142.250.185.161	15169 (GOOGLE) (GOOGLE)
43	172.217.16.194 172.217.16.194	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	142.250.184.206 142.250.184.206	15169 (GOOGLE) (GOOGLE)
1	74.125.133.156 74.125.133.156	15169 (GOOGLE) (GOOGLE)
1	192.0.73.2 192.0.73.2	2635 (AUTOMATTIC) (AUTOMATTIC)
6 25	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
12	172.217.16.131 172.217.16.131	15169 (GOOGLE) (GOOGLE)
44	172.217.18.1 172.217.18.1	15169 (GOOGLE) (GOOGLE)
8	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
12	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
4	172.217.18.10 172.217.18.10	15169 (GOOGLE) (GOOGLE)
2 4	142.250.185.132 142.250.185.132	15169 (GOOGLE) (GOOGLE)
3	142.250.186.35 142.250.186.35	15169 (GOOGLE) (GOOGLE)
2 4	54.171.7.45 54.171.7.45	16509 (AMAZON-02) (AMAZON-02)
5 11	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 4	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
2 3	37.252.172.123 37.252.172.123	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	2.16.97.41 2.16.97.41	16625 (AKAMAI-AS) (AKAMAI-AS)
2	64.233.184.157 64.233.184.157	15169 (GOOGLE) (GOOGLE)
2	13.225.78.4 13.225.78.4	16509 (AMAZON-02) (AMAZON-02)
14	44.213.255.228 44.213.255.228	14618 (AMAZON-AES) (AMAZON-AES)
2 2	3.74.29.98 3.74.29.98	16509 (AMAZON-02) (AMAZON-02)
1 1	185.29.134.244 185.29.134.244	30419 (MEDIAMATH...) (MEDIAMATH-INC)
1 2	104.18.24.173 104.18.24.173	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 2	213.155.156.165 213.155.156.165	1299 (TWELVE99 ...) (TWELVE99 Arelion)
1	178.250.7.11 178.250.7.11	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
11	172.217.23.102 172.217.23.102	15169 (GOOGLE) (GOOGLE)
4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
242	31

35 144.202.4.162 (Piscataway, United States)

ASN20473 (AS-CHOOPA, US)
PTR: 144.202.4.162.vultrusercontent.com

ifeg.info	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.161 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f1.1e100.net

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 172.217.16.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f194.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.206 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.73.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 142.250.186.162 (United States) 6 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 172.217.16.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s46-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

44 172.217.18.1 (United States)

ASN15169 (GOOGLE, US)
PTR: fra15s28-in-f1.1e100.net

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.186.34 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.18.10 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.132 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.171.7.45 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-7-45.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 142.250.185.162 (United States) 5 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.80.39.216 (Canada) 2 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.252.172.123 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.16.97.41 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-16-97-41.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.233.184.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wa-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.225.78.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-4.fra2.r.cloudfront.net

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 44.213.255.228 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-213-255-228.compute-1.amazonaws.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.74.29.98 (Frankfurt am Main, Germany) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-74-29-98.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.29.134.244 (United Kingdom) 1 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.24.173 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

a.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s.tribalfusion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Weil am Rhein, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.165 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.7.11 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.217.23.102 (United States)

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f102.1e100.net

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
86	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 tpc.googlesyndication.com — Cisco Umbrella Rank: 155	969 KB
43	doubleclick.net 11 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 93 googleads.g.doubleclick.net — Cisco Umbrella Rank: 42 cm.g.doubleclick.net — Cisco Umbrella Rank: 242 bid.g.doubleclick.net — Cisco Umbrella Rank: 825 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 371	341 KB
35	ifeg.info ifeg.info	2 MB
20	adsafeprotected.com 2 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 914 static.adsafeprotected.com — Cisco Umbrella Rank: 632 dt.adsafeprotected.com — Cisco Umbrella Rank: 586	212 KB
15	gstatic.com www.gstatic.com fonts.gstatic.com	193 KB
13	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 1120 www.googleadservices.com — Cisco Umbrella Rank: 150	328 B
11	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 328	391 KB
8	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 222	452 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 594	3 KB
4	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 2	863 B
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 45	4 KB
3	adnxs.com 2 redirects ib.adnxs.com — Cisco Umbrella Rank: 245	2 KB
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 4837	651 B
2	tribalfusion.com 1 redirects a.tribalfusion.com — Cisco Umbrella Rank: 817 s.tribalfusion.com — Cisco Umbrella Rank: 1944	1 KB
2	w55c.net 2 redirects pm.w55c.net — Cisco Umbrella Rank: 877	2 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1339	326 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 481	418 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 37	21 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2753 pixel.wp.com — Cisco Umbrella Rank: 2673	3 KB
1	criteo.com dis.criteo.com — Cisco Umbrella Rank: 626	363 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1700	587 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2024	174 B
1	mathtag.com 1 redirects sync.mathtag.com — Cisco Umbrella Rank: 1116	732 B
1	gravatar.com secure.gravatar.com — Cisco Umbrella Rank: 1966	2 KB
1	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 428	24 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 48	61 KB
242	26

	Domain	Requested by
44	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com ifeg.info tpc.googlesyndication.com
42	pagead2.googlesyndication.com	ifeg.info pagead2.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com tpc.googlesyndication.com www.gstatic.com fw.adsafeprotected.com
35	ifeg.info	ifeg.info
25	googleads.g.doubleclick.net	6 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net ifeg.info
14	dt.adsafeprotected.com	googleads.g.doubleclick.net
12	www.googleadservices.com	googleads.g.doubleclick.net ifeg.info
12	www.gstatic.com	googleads.g.doubleclick.net
11	s0.2mdn.net	ifeg.info s0.2mdn.net
11	cm.g.doubleclick.net	5 redirects googleads.g.doubleclick.net
8	www.googletagservices.com	googleads.g.doubleclick.net ifeg.info
4	googleads4.g.doubleclick.net	ifeg.info
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	fw.adsafeprotected.com	2 redirects ifeg.info
4	www.google.com	2 redirects tpc.googlesyndication.com googleads.g.doubleclick.net
4	fonts.googleapis.com	googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	fonts.gstatic.com	fonts.googleapis.com
2	d5p.de17a.com	2 redirects
2	pm.w55c.net	2 redirects
2	static.adsafeprotected.com	googleads.g.doubleclick.net
2	bid.g.doubleclick.net	googleads.g.doubleclick.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	dis.criteo.com	googleads.g.doubleclick.net
1	dsp.adfarm1.adition.com	1 redirects
1	tr.blismedia.com	googleads.g.doubleclick.net
1	s.tribalfusion.com
1	a.tribalfusion.com	1 redirects
1	sync.mathtag.com	1 redirects
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	pixel.wp.com	ifeg.info
1	secure.gravatar.com	ifeg.info
1	stats.g.doubleclick.net	www.google-analytics.com
1	stats.wp.com	ifeg.info
1	cdn.ampproject.org	ifeg.info
1	www.googletagmanager.com	ifeg.info
242	37

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.pinterest.com
www.linkedin.com
api.whatsapp.com
jegtheme.com
jnews.io
themeforest.net

Subject Issuer	Validity	Valid
ifeg.info ZeroSSL RSA Domain Secure Site CA	`2023-08-02` - `2023-10-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.gravatar.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-23` - `2023-12-24`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh
*.openx.net RapidSSL TLS RSA CA G1	`2023-08-18` - `2024-08-18`	a year	crt.sh
teads.tv R3	`2023-06-26` - `2023-09-24`	3 months	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-08-07` - `2023-11-05`	3 months	crt.sh
*.criteo.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-19` - `2023-10-18`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-08-07` - `2023-10-30`	3 months	crt.sh

This page contains 33 frames:

Primary Page: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Frame ID: BEC6F486DEA79F3A808A255226DEBFD1
Requests: 52 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20190131/zrt_lookup.html
Frame ID: 633D19E13996B98BC77E9713B7FE9B9F
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203
Frame ID: E270C10E19555F1761B46EFC448B0C0E
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=7627006716&adk=657587231&adf=984530530&pi=t.ma~as.7627006716&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338834&bpp=1&bdt=480&idt=203&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Hmt5Moh0ny&p=https%3A//ifeg.info&dtd=237
Frame ID: 3DBD214899F81951226D4711BC225DE0
Requests: 15 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=250&slotname=1240673719&adk=2612090567&adf=258218646&pi=t.ma~as.1240673719&w=300&lmt=1693338139&rafmt=12&format=300x250&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338835&bpp=1&bdt=481&idt=251&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=SXksr8LQDA&p=https%3A//ifeg.info&dtd=254
Frame ID: F8C03444CEBA7909A812A712FD35451D
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=781603041&adf=2589558187&pi=t.ma~as.1240673719&w=728&lmt=1693338139&rafmt=12&format=728x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338836&bpp=1&bdt=482&idt=278&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90%2C300x250&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=xlOfiC0gLx&p=https%3A//ifeg.info&dtd=283
Frame ID: 13BA4B444F7532316D28F21F2FEF508C
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=7627006716&adk=1808787621&adf=3320784342&pi=t.ma~as.7627006716&w=728&lmt=1693338139&rafmt=12&format=728x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338838&bpp=1&bdt=484&idt=288&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90%2C300x250%2C728x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=4264&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=XYLHnwXMwM&p=https%3A//ifeg.info&dtd=297
Frame ID: 893D7B9961A3704A4F2F1B7BAF914E90
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&adk=1812271804&adf=3025194257&lmt=1693338139&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_r&format=0x0&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asrtr=1&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338918&bpp=2&bdt=564&idt=249&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90&nras=1&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=7&uci=a!7&fsb=1&dtd=271
Frame ID: C983C6FFF12B8C31C7B45A16CEBCFC5E
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8DAF695D3A66C75BD455637E5D3AA233
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js
Frame ID: 4E012B115F306A9C43BFEE81BF26D80B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 4A5268AECBEE0A53AC74C59BD62FDA44
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js
Frame ID: B4E721F490FAA698B3BF1FA4F77F8C78
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js
Frame ID: 0DAD80C2D2423EF540252896B403FBE3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=280&adk=4008274141&adf=2489288063&pi=t.aa~a.2176458453~rp.4&daaos=1693292574399~1693292574399&w=1140&fwrn=4&fwrnh=100&lmt=1693338140&rafmt=1&to=qs&pwprc=7853647499&format=1140x280&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345340466&bpp=3&bdt=2113&idt=3&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90%2C0x0&nras=2&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&psts=AOrYGsmqZIEu38c6_m-IydOxfvxbdPiLnYM0tigtgiQFvj3jdeVhk2YJdgq41IbthX4gHXLoP7p1xJXF82FelvGegVxe0BYjOo_oOiQ5KQXZrBPhwWhQ8sTN72maFrVH-Q%2CAOrYGsmgaH7XT2cMuAI_BtB2vvh4pMfXuNDeHvFSMYoa_RLTNV-WwcKNKMUlCItotWzNAol8imVxAH8ZQt4lRVesuRl3xGs%2CAOrYGsnUZxQKVPprHTJKvSqGwTMZIRPtCsHEqODLRfEXOddCG-7nYf1aecrBrQSkn1z-cAGFtGRU2Vgt_N3B9YiEz4gDHw%2CAOrYGsl4brJ2F_VHw7QDNj1y4-6cTFDBkOE6d6HaO3eJXbSGNAOkpWE3dm-31A04uCQRECYOATIIBHsstad9SeRPRgy5BqCv&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=l6pvXfickw&p=https%3A//ifeg.info&dtd=16
Frame ID: D98F452681D6F7913E3F42D2A8CA22EC
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Frame ID: FDA34ADA94F99A715177AC9085019ADA
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Frame ID: 214B97150EECCF81D26773405110B230
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Frame ID: 070F7804AD56725CF99C9339A51AF6EF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjuv9zgATAB&v=APEucNXmi02rNyKjT84LPuhRIWgHuq_Ir7snZY8VVSIkS6w3toLwy57ibNDFd3ffEXJBU7FhLMwFD2kPutzPvgM5VAFbK_IpFaIsMExznc5uq0oKRrZecM493Lpt9x4h9HAKdoHXizJ-N66kA5CzDphRXodOgHlgMjUXTo3ELmFnLGVMjbgnyJo
Frame ID: 7E76854DE38620291CE824C7E258E2C6
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 4FF9CAE54B8B8E44553F22A714AD2F01
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjAydzgATAB&v=APEucNWCObujPuf7QPmDMCBUEor4d7J2Gt_uiW6h6suZpDwtcGIznV10H3dZ2-zUyARDMYDPATb2w2zIDmcx5ZGLa4LTEV329nV11jXbm4DMu1bSEFoXFiDelusaIQMTOXUiaBAcniygPHQH08dzhXiFdXcpRlm24VXquXQH4z6pVeAHJs_KT6E
Frame ID: 956CB607F373CFB904CC8AEC23049037
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: A01F649D58F85BFD0B275AC0753F3118
Requests: 28 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: EDAA4F9EF836A2EC625AA090C358C63C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 0360BD30066343C007235BC86179210B
Requests: 2 HTTP requests in this frame

Frame: https://www.gstatic.com/mysidia/63e0a2a793d720ddab32c7ad1c79b976.js?tag=client_fast_engine_2019
Frame ID: 4C0BB24B42970758ECEFE6C1B1875944
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js
Frame ID: EB3204263269C212456365BFD11EE14B
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 9A87F4EC6F27468B2962A662C0EF4BAD
Requests: 1 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 5CAA0971F7D3DF8AC18EE50641E2BA19
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BB03857C712647AF4239FF5883758D6A
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 5373A80F99BFCA0D8EF2195866FDDBED
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 7F243259E19678F59AAFA1BC9092127E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js
Frame ID: 15BC4B987C6F6C0B6941CD77EAD5B7F9
Requests: 1 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250
Frame ID: 29B744960B2C63C02999B789B2ED7083
Requests: 7 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250
Frame ID: 565FBA92A844B9746CDAD90A53360E15
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

A Discreet Exchange: Conversations Behind the Black-Hatted Man – News 24/24

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

242
Requests

92 %
HTTPS

0 %
IPv6

26
Domains

37
Subdomains

31
IPs

8
Countries

4670 kB
Transfer

10271 kB
Size

22
Cookies

13 Outgoing links

These are links going to different origins than the main page.

URL: http://www.facebook.com/sharer.php?u=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F
Title: Share on Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=A%20Discreet%20Exchange%3A%20Conversations%20Behind%20the%20Black-Hatted%20Man%20via%20%40jegtheme&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F
Title: Share on Twitter

Search URL Search Domain Scan URL

URL: https://www.pinterest.com/pin/create/bookmarklet/?pinFave=1&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&media=https://ifeg.info/wp-content/uploads/2023/08/image-3138.png&description=A%20Discreet%20Exchange%3A%20Conversations%20Behind%20the%20Black-Hatted%20Man

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&title=A%20Discreet%20Exchange%3A%20Conversations%20Behind%20the%20Black-Hatted%20Man

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?text=A%20Discreet%20Exchange%3A%20Conversations%20Behind%20the%20Black-Hatted%20Man%0Ahttps%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F

Search URL Search Domain Scan URL

URL: https://www.facebook.com/1972532013133438
Title: https://www.facebook.com/1972532013133438

Search URL Search Domain Scan URL

URL: http://jegtheme.com/
Title: JNews

Search URL Search Domain Scan URL

URL: https://jnews.io/landing/
Title: Landing Page

Search URL Search Domain Scan URL

URL: https://themeforest.net/item/jnews-wordpress-blog-news-magazine-newspaper-theme/20566392?ref=jegtheme&license=regular&open_purchase_for_item_id=20566392
Title: Buy JNews

Search URL Search Domain Scan URL

URL: https://themeforest.net/item/jnews-one-stop-solution-for-web-publishing/20566392/comments?ref=jegtheme
Title: Pre-sale Question

Search URL Search Domain Scan URL

URL: https://themeforest.net/user/jegtheme?ref=jegtheme
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.facebook.com/jegtheme/

Search URL Search Domain Scan URL

URL: https://twitter.com/jegtheme

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68

https://googleads.g.doubleclick.net/pagead/adview?ai=CorZoO2buZK7sBs6OmLAPlZinyA_Xh57Ncu_52bLeEdzZHhABILilkDEoAmCV0vaBlAegAcueovopyAEGqQJDMNQMKTqyPqgDAcgDAqoEnAJP0Aj28T7gALRUM6s5e2cpukzmZqaZ2gPzAyEtDWAjZK5xFlseQx1wIVyElfLhvz0ND_gLpJolfWyhi8x3pHObQgRvzzBVx5XvzzY0HK5dJyirxY_l7rEEnGp-PfrzQydjuhpUWjWkpmVq8qFYBTGn4P8OmXC44bgX6VCnSfnU-HOK-KplpKtEFJcZ91WJb4WoURFKHjP3y4yXcN0GJYQIQMcvwxb9XAqIQoF2g-4Dg9Dj14oVMWeLk7MsEBwdzbTZZHXCRTnCPQqTZgIz-J6ovuzlqKSgA1ddFXTmiwNyO_F3MBjuYPTpoBu044U6SOBE5R4GYVUl9_XrLrKi5-qpestTBVydAN6WhYUUj1sGf4v95ydENRuUfhzeb8AE_M6i0LcEiAXpo_STTJIFBAgEGAGSBQQIBRgEoAY3gAfL1vLZBKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcDELZe0ggWCIDhgBAQARgfMgKqAjoCgEBIvf3BOpoJU2h0dHBzOi8vZXBpYy1hc3NvYy5jb20vZXZlbnRzL2VwaWMtdGVjaG5vbG9neS1tZWV0aW5nLW9uLXBob3Rvbmljcy1pbi1kZWZlbnNlLTIwMjMvgAoByAsB2BMN0BUBgBcBshccChoIABIUcHViLTE3NTU5MjA5NzgwMzQzNjkYAA&sigh=FywrGcGbjXg&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWh0e0_cO6_d7p3MNe9ntprmUQWUH7VBgB&template_id=492&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215721417973075440654%22,%22debug_reporting%22:true,%22destination%22:%22https://epic-assoc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211262267211%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222797655999315367585%22}&andc=true

Request Chain 69

https://googleads.g.doubleclick.net/pagead/adview?ai=C3Q7UO2buZK7sBs6OmLAPlZinyA-C7Kmrcvm7yPjTEbms5JyTDhACILilkDEoAmCV0vaBlAegAeSsjr4pyAEGqQLiCoCY4iy1PqgDAcgDAqoEngJP0CF35iTZOQfnO8s2eGVg_Uvub3Mi3Tz9BGlsBIr4Pp1tFl8dCghwZ1OHl7umuDUET-UJpps5YmS2lcls6j_STx5_3idV1syn0i0_FaFUJWDlyY79_aYFjn9jO_vuHWhktxtTUHz9umgiva9VBznhpfYbmWG5qPgb5hFoqPpWenBLMroPP88d8Y8D116pZNiiDBtxFQj88I6scqIBR4P9S8dnNlWoX6qIt4KDAO6DdtMW1IgVxmR-kLMs5R_ozrTZkXY3RjnCyAlmZQIzDZ1cve3lSKLcwA9k4Fzl3dZA47h1_RDuIG6jCRlZHakKzmKIbDgZiqHEMrXczxwgxUajWMJLwYHdNz8yqKcYl7CXWZQWMQtmOwNMmDDu6egdwAS6wsOtrgSIBfb6ushKkgUECAQYAZIFBAgFGASgBjeAB-Tk3p0EqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwHyBwMQtl7SCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgldaHR0cHM6Ly9wbHVzY2x1Yi5uZXQvZW4vZ2FsbGVyeS8xMDI2NS0yNS10aGUtZnVubmllc3Qtc3BvcnRzLWZhaWxzLzUvP3V0bV9zb3VyY2U9Z29vZ2xlX21lZGlhgAoByAsB2BMCiBQF0BUBgBcBshccChoIABIUcHViLTE3NTU5MjA5NzgwMzQzNjkYAA&sigh=MXNTs_AaqEA&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWh0e0_cO6_d7p3MNe9ntprmUQWUH7VBgB&template_id=492&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226086197599096802033%22,%22debug_reporting%22:true,%22destination%22:%22https://plusclub.net%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211136112228%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228551250908608159153%22}&andc=true

Request Chain 78

https://googleads.g.doubleclick.net/pagead/adview?ai=CG7hzO2buZI-gB675mLAP8tuG4AnXh57Ncu_52bLeEdzZHhABILilkDFgldL2gZQHoAHLnqL6KcgBCakCQzDUDCk6sj6oAwHIA8sEqgSZAk_Q516OnP9nQOn4nSjUvuIYHtBs7EQks_BZcM8uuyuFxg5dcJZFUB5f3U9eeVyZ8pl1yxIFPllstwNXYQxvbQc9UXDIHlXBgcZ-qzUiDz0Aqe-XWujz_FT6Ku9FjvFYu35PlNbnfmWRWM5brxje78oxa1_WLj5wdTQnbRmu7N5DyL-s0Id-b418fUsFuL0EYvCuto0TuZE27lHPLQgXeo33j8-9fsjbzaouafTpUh9RJ-Y1ILiuYFVyUbX7Wew6xzyEs5RFEm7b1SXjQwj3SjNfGArZGfGRHaOt8zYUlMg4SE4Td-3EJxwcfifaC6VxI1cd4jmZI_ZoIhaXxh_eSpIGdQDNoIaZsBp7MyPdxx6vz8OiIZ3aDuP9wAT8zqLQtwSIBemj9JNMkgUECAQYAZIFBAgFGASgBi6AB8vW8tkEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwMQ8VbSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mglTaHR0cHM6Ly9lcGljLWFzc29jLmNvbS9ldmVudHMvZXBpYy10ZWNobm9sb2d5LW1lZXRpbmctb24tcGhvdG9uaWNzLWluLWRlZmVuc2UtMjAyMy-ACgHICwG4E-QD2BMN0BUBgBcBshccChoIABIUcHViLTE3NTU5MjA5NzgwMzQzNjkYAA&sigh=sOV964qRHCI&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWW0Ks7pRFYhXU1u-1UGYXQJOOHJ8GyhgB&template_id=484&nis=5 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212693455477687727210%22,%22debug_reporting%22:true,%22destination%22:%22https://epic-assoc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211262267211%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216227583109249118673%22}&andc=true

Request Chain 81

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 88

https://googleads.g.doubleclick.net/pagead/adview?ai=CJHr_O2buZIuNCfrzmLAPgra1kAXy4tSgbMOWk6P5EWQQASC4pZAxYJXS9oGUB6AB05yJ0APIAQKpAmXelzOXNLI-qAMByAPJBKoEkQJP0EVVJVpzRU-hxRG112uUSU013BcaBQFk3nDc5MIj0ojpV1plCs3U6RSjaYJQv7fWFbA21uLBt__PMRikUqadITh4FQMF-xnjkggc2IozVZa7O7wIzEIloYOQ2GtvCuSIIOA3xytim6Yf4ynSzPChBEVaCzXvmQmGTAn-Mw8Z9N4eExgxJu9krMoIoL_tv3LCeiBqLCEKJ3KRvKSKvW7hN4VGOMAGRo_1HvyD8YUHxuh6RroqH3mgZu8Qtz_lByHujXHvJTTNDfaAQXM3J3K457-u3uQps56offN_PjNwZr3bh6RmXr8YFvTGGci4gvrQa94mc1PFkCB07yVr_zxkDkuHE9BFzTgsWhqUTjCOcHTABLHB0eGzBIgFnerR_0OSBQQIBBgBkgUECAUYBKAGAoAHleP2L6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4b2AcB8gcEEOTSAdIIFgiA4YAQEAEYHzICqgI6AoBASL39wTqaCVJodHRwczovL3d3dy5ib3hzcHJpbmctd2VsdC5kZS9ib3hzcHJpbmdiZXR0ZW4tZmFjaGdlc2NoYWVmdC9zaG93cm9vbS1vYmVybmRvcmYtYS1ugAoByAsB2BMN0BUBmBYBgBcBshccChoIABIUcHViLTE3NTU5MjA5NzgwMzQzNjkYAA&sigh=dEbulEVJA9I&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJW6NcBigORd_1uPoS3eHUpTflQppb81hgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2218216676311047388923%22,%22debug_reporting%22:true,%22destination%22:%22https://boxspring-welt.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22973229651%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226977408908055179809%22}&andc=true

Request Chain 101

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 103

https://googleads.g.doubleclick.net/pagead/adview?ai=CsiuwO2buZPaPB9P8mLAP-uK9iAvEnJa7crKT-fbsEf6g4p2MDhABILilkDFgldL2gZQHoAHss_LAAcgBAqgDAcgDyQSqBJACT9DlmGgJwEQ7tNRRvEzN50swULIRbpGRLufsTkRL03tM6jc2N75r9fsJ0xkA42cHiwer0FfoH4CV3cI-rEagdeT4RiU-H8P2kVNHkjD-ZewwHSxUyZukhp0y3khIPEaj-yrsVj0W_u7AuogQIgPF5QQfW6oWj-z-dGVN4rh8coQwvvrsAVOlGVPW4yRX1UlQ5DZpSaR5L4OlgYfQX3oTr0-2ZmJplP3JIXglXEGSCK3sprfS4OZlP26LLc2gyifFLAxPzQnDCX6xjUBaiP1wm6mtuOK6MknxJXaIw9EipqczHZ8ivbYgMiINkiAqc9xRiS50eraVS0h8F8qSar5XV7nWGRt3mGTTNY-bgtjm4r3ABPz46JfABIgF972JmkuSBQQIBBgBkgUECAUYBKAGAoAH_MuNvwKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCs6ALSCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgkgaHR0cHM6Ly9tYWRtdXNjbGVzLmNvbS9zdGVwLWdvYWyACgHICwHYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItMTc1NTkyMDk3ODAzNDM2ORgA&sigh=IuRafdECZ-4&uach_m=[UACH]&ase=2&cid=CAQSGwBpAlJWx7Z0A0ztMTmO2mu_kTnTwUMC3VamSRgB&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217111378867502606112%22,%22debug_reporting%22:true,%22destination%22:%22https://madmuscles.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22404527596%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22161440383031997905%22}&andc=true

Request Chain 145

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1

Request Chain 146

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO5mPJ8eB9OQbJGx32XKvQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1

Request Chain 147

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEEwiVVay7IAoO7KFLfXicIs&google_cver=1

Request Chain 148

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODE4NjI3NzE2MjI4MTI5ODY5Ng%3D%3D

Request Chain 149

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEERjazXd4VLlquzdJDjJJ4c&google_cver=1

Request Chain 151

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEFAZbBvxvKpOqMDhKeWUjO8&google_cver=1

Request Chain 167

https://fw.adsafeprotected.com/rfw/bgd/1135760/69474524/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKUrkyJxRInOc9WbWOrap7w264TV03WWmDNhj49SM17PYhg42In21qHV5NjUTIN2VCGvwg5jKneIJB2FwpvA5KYWxlNNbHFKmKDbMSuRUAoCZ_4LP6MRihQrl31jXrBhQkTE-KIEbpdl1Qk8uWLuVQWwzDQcyUcbsMmYjbmJkQX1O7Q53sVtzOdbTXnsDjHmS84KQlF38P4nDiIWbBeh4POJOvUvpVhOUxY4Wkb9P-4JDtmA9PCm1hdqSo4WJjSW3gwzf9pDnIFu84aA26I9i5XsDwvpTY3WbgEHXjv0MPOPYcgm-nsCwUkSk7gUZ1T8MR2ZNJQR_S9lwUcBo0QUEOADgKqdmxwocApWfanChDMUJdyCaIPWEVg6tuHgCkgoQ8yvOqziCG__FLrjz9c823MMNKB0V-xpSGq3m3Emp3-O86wSCYh34kFeiTixbQq6oKt7lEzvyZs2RYLAT8ko6eO6EuXPVdNpBGVNEqBvbt2D5zH_Gsbv5KMC5nOC2CaBJKmCuUcpB8yuo1Ut9kVCEBI_9kTs09H0cLh2FdgRDxgtusyFGEKuzkDLQw-3uHzQCecJhsEfGvZyOPyDwUbD4jCUf2XPArL1EjxgWIYd6uV6Rw9MUdWGj7Hswb1ocUqWae5fQ-_1ZF2cEhVOO_MdnQFewSeEdpxr1FVkZ2gwZxWUpICYROT5NK3WN7j54u19S2D9JdZNcSOy-v-mLjeKSlIPwThWo9uz9j2V1nWWjt4FnqE5_zaRn_qL46-i0ESYWoXrRubLo_Qpt3VCDH8F1v2S4HfXoLMGXuXzN8wh7v_ZnNQZhElVRfyvZMF84x31NSjtLGVCMazTyuVVXnta4F2CyOCQXsx0mAlJZ0Xxxd9qucPrYmpFyPxQUl5zzB5srk_pO-PQVEGKBg12ZeafIqiHsGXEIgbiY_9ZXFDjF-kqLh13Sq1RIGav32QS7Ut0heuhw3VJ6q9-ox_BnB8PE1TdTXPt2PH5Y1Uf_O307OgWvCCUZUkk2rPK7qj0PvnJclGXO7mxe_scL0qgQdz3rh7NSkjdqMiVpApep9Y6hLJSeMQPZul5NIkR_j59yQ-edyvugKoEiuDWFUTHvGSDigwzGT30BOLPH9RRU1CGa_W_MaUUCparalUAoQYneMNuMUju3QxL03ODNWD-7LwP1DU7AYzhVPAzYJc8xOKmngKiixzlsE-mY-xk7rF86AxBYasY-bxkL8oa4GzGKRLM--Kenys66o-zZfDGnse5TtT0kCbaiUZRSZ0rrHzolyzXvVDC0oOoXslLREXvo9vS3Rm8FaqMxOWGQQAk9JBbTd2MA5xf9DxyxJAh5jO8Dk6JfmvbfzHui1CXAa2pqJFF5xwX3rgqV0-muEHYc_8fUiqldX-_zAvJ-QoViLx3ATxFzqLDaErCllSJxpsEilXp5COspMAv3I8U5YyJ8Ewvo98dL0CaaMDq_dH_zdVixyrT8Gq8-f9Kj5VqhYODwlTXhesPl08Qk-QcHoFYjU_Gl7J-doZAZH_IffpInCX-MsMhnn5RVi9V8-y8f08CZrYliyH0q39okAkYkFMlRjeYCDHVQnVTd5CoLy3IR7K7HRAf9ShMjQGc5gqanM_UFYbTqEzI-UoFOhM9gqajvQbl3Cs-sWwticMmd-C9TrEnPrim8iOWsPuBXCV7JgY5wCS_C7cJYlOHZxZ2ITFnCVkoHp6gGarQcaIsmJVAlrSvz3My5RSFpdcxkWE2muHDAHD5L00QyDy90zHtWrgYWYMmlZ4rBNWaLx2Ivu2mZeDG6FtvDoPAyX53FjJvq4vUsIPGlAcu3PQGfgWcMwrd8zATI6WXlkUPoJ-6srDx5BgzmewruGtvF0z5Rzgqc16ylZFw0FYvn-h3WikYVjMlkINqFRCAuohODXBwYmnLID3sikZrY_U0GqcPBv8-BHw8S1-gx9UnJ48erg6-RYRFVjAy0VBydLj1xqGYprDrLfUP-brhCHU4qpFi-C3gxFR_bxtctSBQbmPGwhhV1FKw8DNRmTzfiY1tCUn4MmovDPCGusLcoU0_C4c6E9Zgrg9oBbMRd4XmBFbKgdZqD0TJ7MEw4BINfALR8Z8XGE-0py3sw0fpDoPDZ_ADkx1_7gqL4QXF2TGj_iH7QM9p9HH09gLrMlpnW5PduVGX0t992dEM8rc_uaTsDapbh4KxbZEMAzVH2-nbxvz1ovEo6vVPf31xJVENs1P3gPu349M6UgQWjXjUGq9DXH_q6f4VOk3bDHO58wumGOW2Licw-MPNgyhmYrgWAgzcs0rng8c0o84mr1L1_Z3i-VeQrALLBl-rJamRfvErZ4id4GavVpKVWcBCVPQ0UkmZLYA0QuZYxTplHD9M1L3MbKG6BWgW5S249HteTLNzVu18MK9T4jQbSpF2g2KAyBBwx-8SBL1gXua1ZFrVhvKijZm4by4i4tNwBYY7hBlZLX0x_kW9V2BoHcKmOAjrmYU-hUstKkoU1UfQ9lNq_tYSWH6UWviZApwhGmZphaNTKjbqbOCmA5RH2MgPKhao87B3jFlpZH3k_IzUJWKl4rzuqP_w-DnHdIO0Cc_yFYB6MbSxjOkGvzE8AW8z1ze1YovIZ7nhcXRTXfgXKLsVpAe-PeAWW8xnKlZDYrVparqQ1W0nNiSGD_D_l-8fz77awSP2T6bS756qzzxLto6tSlXGWsSHNKDRfn1vYFx3hK5O0w_KoJH1XierresQifoVXqLvvfCrPUoNqVSuyty4Wk7C29Bmt6kVJLeNZxMia0g9a4MHV9BqyNedervZsZim0z7iv6lYaWqKEtf3oD4UVypVmH0orF7Bf8HXKA4_HvuEQ7jtNh75NOZ28w2c0B1GZd2R8pqIs614SUVO4d2-ig0b_toxbAOzqmTKEwPqw7p4FuATvqcPiMs5gtCxpsM0MhTaXzyzoHPfRkfndB_lbXW9HOzvBn2XXi3UjjzP5oTjt0f0zWa_FQhUKBBGiJqmSlLrDHTkpl4DEOuDLVxLpQL7rJ62A7ZWJbmm50s-jN96FcullwRm7T0SvjSpuu60HK5siJkTY8Z1Z-VZgN2UAdCbzXk3lrl7oFYhbjgR0WazRMOl6RKx-ILy2lnjxrGDRaZPnrAQW9ujxKOk-dAfAwjfLtROIt4OoPm8bFq1jwDNaS3-Ee6Ip0RIrGN3wL2pLFA59bNF1bDbwbDDPLaSs5aez5qRdreO8e2xIMmMFmyk_S_d24L8E3EI2MzxOY-OugOrpwc36KSGMM6E29xogZ1WYA-g0zFF9DrSLDldibnHM1DLH78NclDTzKZIlZ6-IThF1JjPOXwO5QNZ6SKBasMDhSDrV5_TLT4tVJ2foBY8ktcm2GPaors6IP9-qj-OSbljSsmua8r2uZKVb1wDEMaYbiwA6mvNj5AECNcWoahQCkAJZJQudH1k7Z8PEbpHpOcR1wlSVUNx6HMjhYj9XhCVxY3s_A7qd0ca5VKlVTxyRsqM6KBYQ8wwOnVWHSo66_Gixz1yzchnFJFZBU7NTKUv8VEqTx43hcQhZInNu_t89qCP4hHpCW6AOS2l6qhl21pB_ecLXQLxXwVSRsmkWOYX5re-fIW9V4Kdri0jXYa_wbTEZFXA38ztP6BkbHF0cIvsbjXwOIXFpabUsLccJz2ePRu6xI8POtvwCU_rVCuoRhY_vVEK_u5tpLZla0HBY0QF2SvrLmA4jtcgeBy768D3Urf_VIWIhlWZeqH5UWArPRxnh2j8hB7W3R7V1zBhzdBGDjYpcaUQgEEksAaQJSVgZYkic_1wOzO7c2Ip6zkRAbIyNt2F7rCszTTKgPkNTXPQLLjrdwH9YwefH3FUpiESb4RVYXw84bGXl87d4vx8fBjiDJ36oYAWAB&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-1755920978034369&ias_chanId=1&ias_placementId=20171342326&bidurl=https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hsGRw_iT9WYQ5CV-3iOnnH&adsafe_url=https%3A%2F%2Fifeg.info&adsafe_type=g&adsafe_url=https%3A%2F%2Fifeg.info%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271801%26client%3Dca-pub-1755920978034369%26fa%3D1%26ifi%3D11%26uci%3Da!b%26btvi%3D6%26xpc%3D4yhhRWfi5m%26p%3Dhttps%253A%2F%2Fifeg.info&adsafe_type=be&adsafe_jsinfo=,id:f49197b5-d337-f770-95c0-9dddc4339cb5,c:mIR7pw,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-hbrfg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:5,mot:0,app:0,maw:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:eeb0ddc0-46b4-11ee-8c92-26eb2574325b,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKUrkyJxRInOc9WbWOrap7w264TV03WWmDNhj49SM17PYhg42In21qHV5NjUTIN2VCGvwg5jKneIJB2FwpvA5KYWxlNNbHFKmKDbMSuRUAoCZ_4LP6MRihQrl31jXrBhQkTE-KIEbpdl1Qk8uWLuVQWwzDQcyUcbsMmYjbmJkQX1O7Q53sVtzOdbTXnsDjHmS84KQlF38P4nDiIWbBeh4POJOvUvpVhOUxY4Wkb9P-4JDtmA9PCm1hdqSo4WJjSW3gwzf9pDnIFu84aA26I9i5XsDwvpTY3WbgEHXjv0MPOPYcgm-nsCwUkSk7gUZ1T8MR2ZNJQR_S9lwUcBo0QUEOADgKqdmxwocApWfanChDMUJdyCaIPWEVg6tuHgCkgoQ8yvOqziCG__FLrjz9c823MMNKB0V-xpSGq3m3Emp3-O86wSCYh34kFeiTixbQq6oKt7lEzvyZs2RYLAT8ko6eO6EuXPVdNpBGVNEqBvbt2D5zH_Gsbv5KMC5nOC2CaBJKmCuUcpB8yuo1Ut9kVCEBI_9kTs09H0cLh2FdgRDxgtusyFGEKuzkDLQw-3uHzQCecJhsEfGvZyOPyDwUbD4jCUf2XPArL1EjxgWIYd6uV6Rw9MUdWGj7Hswb1ocUqWae5fQ-_1ZF2cEhVOO_MdnQFewSeEdpxr1FVkZ2gwZxWUpICYROT5NK3WN7j54u19S2D9JdZNcSOy-v-mLjeKSlIPwThWo9uz9j2V1nWWjt4FnqE5_zaRn_qL46-i0ESYWoXrRubLo_Qpt3VCDH8F1v2S4HfXoLMGXuXzN8wh7v_ZnNQZhElVRfyvZMF84x31NSjtLGVCMazTyuVVXnta4F2CyOCQXsx0mAlJZ0Xxxd9qucPrYmpFyPxQUl5zzB5srk_pO-PQVEGKBg12ZeafIqiHsGXEIgbiY_9ZXFDjF-kqLh13Sq1RIGav32QS7Ut0heuhw3VJ6q9-ox_BnB8PE1TdTXPt2PH5Y1Uf_O307OgWvCCUZUkk2rPK7qj0PvnJclGXO7mxe_scL0qgQdz3rh7NSkjdqMiVpApep9Y6hLJSeMQPZul5NIkR_j59yQ-edyvugKoEiuDWFUTHvGSDigwzGT30BOLPH9RRU1CGa_W_MaUUCparalUAoQYneMNuMUju3QxL03ODNWD-7LwP1DU7AYzhVPAzYJc8xOKmngKiixzlsE-mY-xk7rF86AxBYasY-bxkL8oa4GzGKRLM--Kenys66o-zZfDGnse5TtT0kCbaiUZRSZ0rrHzolyzXvVDC0oOoXslLREXvo9vS3Rm8FaqMxOWGQQAk9JBbTd2MA5xf9DxyxJAh5jO8Dk6JfmvbfzHui1CXAa2pqJFF5xwX3rgqV0-muEHYc_8fUiqldX-_zAvJ-QoViLx3ATxFzqLDaErCllSJxpsEilXp5COspMAv3I8U5YyJ8Ewvo98dL0CaaMDq_dH_zdVixyrT8Gq8-f9Kj5VqhYODwlTXhesPl08Qk-QcHoFYjU_Gl7J-doZAZH_IffpInCX-MsMhnn5RVi9V8-y8f08CZrYliyH0q39okAkYkFMlRjeYCDHVQnVTd5CoLy3IR7K7HRAf9ShMjQGc5gqanM_UFYbTqEzI-UoFOhM9gqajvQbl3Cs-sWwticMmd-C9TrEnPrim8iOWsPuBXCV7JgY5wCS_C7cJYlOHZxZ2ITFnCVkoHp6gGarQcaIsmJVAlrSvz3My5RSFpdcxkWE2muHDAHD5L00QyDy90zHtWrgYWYMmlZ4rBNWaLx2Ivu2mZeDG6FtvDoPAyX53FjJvq4vUsIPGlAcu3PQGfgWcMwrd8zATI6WXlkUPoJ-6srDx5BgzmewruGtvF0z5Rzgqc16ylZFw0FYvn-h3WikYVjMlkINqFRCAuohODXBwYmnLID3sikZrY_U0GqcPBv8-BHw8S1-gx9UnJ48erg6-RYRFVjAy0VBydLj1xqGYprDrLfUP-brhCHU4qpFi-C3gxFR_bxtctSBQbmPGwhhV1FKw8DNRmTzfiY1tCUn4MmovDPCGusLcoU0_C4c6E9Zgrg9oBbMRd4XmBFbKgdZqD0TJ7MEw4BINfALR8Z8XGE-0py3sw0fpDoPDZ_ADkx1_7gqL4QXF2TGj_iH7QM9p9HH09gLrMlpnW5PduVGX0t992dEM8rc_uaTsDapbh4KxbZEMAzVH2-nbxvz1ovEo6vVPf31xJVENs1P3gPu349M6UgQWjXjUGq9DXH_q6f4VOk3bDHO58wumGOW2Licw-MPNgyhmYrgWAgzcs0rng8c0o84mr1L1_Z3i-VeQrALLBl-rJamRfvErZ4id4GavVpKVWcBCVPQ0UkmZLYA0QuZYxTplHD9M1L3MbKG6BWgW5S249HteTLNzVu18MK9T4jQbSpF2g2KAyBBwx-8SBL1gXua1ZFrVhvKijZm4by4i4tNwBYY7hBlZLX0x_kW9V2BoHcKmOAjrmYU-hUstKkoU1UfQ9lNq_tYSWH6UWviZApwhGmZphaNTKjbqbOCmA5RH2MgPKhao87B3jFlpZH3k_IzUJWKl4rzuqP_w-DnHdIO0Cc_yFYB6MbSxjOkGvzE8AW8z1ze1YovIZ7nhcXRTXfgXKLsVpAe-PeAWW8xnKlZDYrVparqQ1W0nNiSGD_D_l-8fz77awSP2T6bS756qzzxLto6tSlXGWsSHNKDRfn1vYFx3hK5O0w_KoJH1XierresQifoVXqLvvfCrPUoNqVSuyty4Wk7C29Bmt6kVJLeNZxMia0g9a4MHV9BqyNedervZsZim0z7iv6lYaWqKEtf3oD4UVypVmH0orF7Bf8HXKA4_HvuEQ7jtNh75NOZ28w2c0B1GZd2R8pqIs614SUVO4d2-ig0b_toxbAOzqmTKEwPqw7p4FuATvqcPiMs5gtCxpsM0MhTaXzyzoHPfRkfndB_lbXW9HOzvBn2XXi3UjjzP5oTjt0f0zWa_FQhUKBBGiJqmSlLrDHTkpl4DEOuDLVxLpQL7rJ62A7ZWJbmm50s-jN96FcullwRm7T0SvjSpuu60HK5siJkTY8Z1Z-VZgN2UAdCbzXk3lrl7oFYhbjgR0WazRMOl6RKx-ILy2lnjxrGDRaZPnrAQW9ujxKOk-dAfAwjfLtROIt4OoPm8bFq1jwDNaS3-Ee6Ip0RIrGN3wL2pLFA59bNF1bDbwbDDPLaSs5aez5qRdreO8e2xIMmMFmyk_S_d24L8E3EI2MzxOY-OugOrpwc36KSGMM6E29xogZ1WYA-g0zFF9DrSLDldibnHM1DLH78NclDTzKZIlZ6-IThF1JjPOXwO5QNZ6SKBasMDhSDrV5_TLT4tVJ2foBY8ktcm2GPaors6IP9-qj-OSbljSsmua8r2uZKVb1wDEMaYbiwA6mvNj5AECNcWoahQCkAJZJQudH1k7Z8PEbpHpOcR1wlSVUNx6HMjhYj9XhCVxY3s_A7qd0ca5VKlVTxyRsqM6KBYQ8wwOnVWHSo66_Gixz1yzchnFJFZBU7NTKUv8VEqTx43hcQhZInNu_t89qCP4hHpCW6AOS2l6qhl21pB_ecLXQLxXwVSRsmkWOYX5re-fIW9V4Kdri0jXYa_wbTEZFXA38ztP6BkbHF0cIvsbjXwOIXFpabUsLccJz2ePRu6xI8POtvwCU_rVCuoRhY_vVEK_u5tpLZla0HBY0QF2SvrLmA4jtcgeBy768D3Urf_VIWIhlWZeqH5UWArPRxnh2j8hB7W3R7V1zBhzdBGDjYpcaUQgEEksAaQJSVgZYkic_1wOzO7c2Ip6zkRAbIyNt2F7rCszTTKgPkNTXPQLLjrdwH9YwefH3FUpiESb4RVYXw84bGXl87d4vx8fBjiDJ36oYAWAB&bundleId=

Request Chain 169

https://fw.adsafeprotected.com/rfw/bgd/1135760/69474492/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj8_jiWHMnCa-znWhr9rcIcOgYzDlEUSobs-CtjDMJmKswkGgInb0BJiIG3r3gKcA3Pj-vlr3f8SXcUMxr1w3-DAWEBLm5aZGqsQSqRUAoCZ_4O3tPfyXpxdBjXSvx4sjZIKFjuwyiJWdyxo7_HHEklXBW8jsimoL6he5v60DDzSHP1oNnAvuW19fIGiKA9RZxe6-ZGDJFgxaxpjwZFPjMSGVeynKCaiH6wQ_W2lCJlSs-sebv3ZXJl-WlM8uaqSDD_N62JAfO0SGetg0LBim9MlPAOuH1PziznzGsEFSNPo-dXIfY33wEWzX0qX2x5s29071rnX3miPutmGIUDjgJwtnD-hZc14S6o5bpJWP_XFXHMzfBqAKk0mbjZPCru4ASoq4DZe2SFt1JZVWtqSpPN5STq97QBfT1Rrd591Y0Yx6uVM4V5iGaZ-7wnBb9WjUtVtDx6gBnUuI-tXLe3EWCfza_29yrr8X5SvsrH9NR3NuA2wmW9qXeOJXeg2cepQTM8WKewbw87QKemWk2GJUFwY6fb3CblABdC7tiEFu_WzuI7DVKI_k86lh2n-qKtf1yVkKGoBuMOLdVwJ7MbaGtf_aqz0qAYIER022PDoFr9VFtDPf9Bqy7TVJ1OL2Kj9doSSUA014pjecuH-21iTB6G32vHHRBITuN-QeZrkhF9joZTc4tuVl2LGs_zDJm-1pgmTgc-s9YpeRxgIfDQyuYAaEicZYZTAvlXzQHbpKBUqs9Z-CKhcp25XkUQR35CTxxpct2-TMH8f-UOsFAfX8Sy63BI9KxqY6HEPJ_6oJGRGoYGPQOemZkYrwFsAxJxM5iSHXyvzvT9HFX9mBfL9-Pv6GYHE0rz7Hrg47C7BL5GJ1hL5EZr9WPpkHZuinXkWAKkM9sOkvm1NGM41Za5Q3uovWxdUXjz4eIJuD4RGwavES9YRNwTExQvI545sP6qdOkXRXyeezwwQPmexVZSmj9s0WOXmBNB5UcVqspTJh9e3WcTkrAuC3piAHftsqLrJZPHatrBBozQBHtyt306791A9mzlYImeZycOkTJIQVfbHmo6EyeOsiT5TGMo19JQNC5PW1ajoYj_X2BdSn6vOkpqOqCmEYPm5etHPkj1_JyNENNTv2zXzDDVwSN0VIJeUiwdMChTT34dnRYRlzBlX3A_Hh8uTFzgpxb5bu8Tx_zCNuPJ0z5jxizCOSD1XZADNhk7izLoLSXAaLmz2s6zToWEK34svG056oTmxX2KZh5ByiqMF0mUryDXuWCvUqtZAk8ojhCVcYmuFKwbKhCd9zkuDlOrrv45f51EeCWsLXkrS2Z9HthlGVZQ6rNYIOXNCeffG2REgAhdsr1Zm2LmFeD4jFAO1wFHcnXY69boW0jJLyfs9Tkw9Y0pHPiXF7kCvlSVRHjN-9S7pV55xfTjY6AzppDqZqr6iWAnPZkuxd--be-C-q2mviQ8Fm9x4bSeklDYWrsgAnwc0xRtOkHWjPyrsohxO-TW-8tEKTXXA2ga1yFwM7oV2azgTB8mafux-DWiVrAl9nkcfv9g2uKDuoYGlQhCPRJ1R0WPSuP5CrhcFWDcjTQctVxkW8Y1vMikR9U6IfLYtr19Cr_xeEsLKMlaGX2H5y2K_nVMsSoVM1JqetUv6SqdSmcp7cA1B7zBDI-TFRDnMQsaD3uO2LUVcj5vzJaPKMVvJ0AsatcNBtYxbj4YAjasAezD26ipwz5YP5Gf8nMJL0A4Jgk5aSfXwvC71tZuAuX4tQCzcB2rX66_5DGfl7aOFAAJs3Q4uRyTND-NWxqKJqxTJfkXC9k6VGtPa2ONLihKpGTZrcSxuRfgWeVJYfdBj-mxfQn31ho_ouA2QElWJ_vYROciG9HKavnZQ-Dr7-w5t_JgcIz8R0LgMZOiY-pW5NBAjbJjxQt4yZga6LChPm0Jmz87kOlOlmKXWJDolQGeYqkPuxIH8koqprpQ0AJJp5zqa0iTw6VD_zq3XKNn34IuN_f2_uut_TnXKSrPGqS0tueBx4oo096D0gzwxh7wfQLnCd71RDxYecSywdmZ-v_iFUgU0WBXrI46MzyaXqgDD8XgQRz0Qel95ZCX9Uiy7LjehuztjZGPWI9tYmJ6Erwbgv8bN1Kqz-6j8NUkrafqjzt1mdmB9qjP6RR9CI1LetkoaLaysksws-1Xknpi6aaTaCdYE-LePFRyBf8zJFbxvk8kvuReqf5rkEU08VE0o9OWuV09SJFtc7LupFtTiiFv2-1syTMs2MrHa1Qw-nLVOHG9ayFCBNdD5FmADurXmstXEXqCCyyoVsUGbR4Khdd1RXE4MOxNXEiuenJAt_DT9DWB201rfDcy9V-lSmoCxsY5kdrYTSBDsEmPlQo1kSpe-pq4PyazEAlzQ5UF_teIrCS-0zlVxRC0Nq4Ai-6CiKxwxC2U3N5HASXNNIrWEtbo1HK0lRHJB1H5aCD8MgMbFdiCfC7u7V3h6SWV-Y-LAZuNWUUDMXMNJds4qFHF0q5lX8c2oSzT_lmIiItwQUn5RfBIxLJBIuTNJIAwD_r4zW4ki9575f4APQFEEjCSg8DtP1tkzf6WWymP53Epa9DTMutm2bH9LfGYXz-uLMpiHJZMCLsSY5JiBPay7QbsQSyJCTpNZAFHDrOIBWVPF7OGm4kmsCEbhWs5_VOy5ILX2s-i2NwmkyuDAmVaHuQueTwiD4LiJcu3AzI0oZHxFVdWcJoKYXHUAsulklh-GgXSLAVfOohitgwXOwFv8h-M022NglP5HoqLSJmdSYfzz711Vf1s03TyRczRby7uokCKxXWi6p-a5R6Cmu0D14b18VLBQ9gEac62ArSPwmSMsl3wfa5qYrlP039KmyOLWjJ0dtC5P66Mr7FzvyZOGRF6B0STJ2QJC34c9LfCgTYkzoMnbPLZ_0LAS4UNpVNGqc3oiP-C9kbup33WJuKJ8Psqw7u8qFUv6TM38CenSqmCn8sI8wUEQanDb10a321AyV01g_RUWXGfagmHW37laV7xdRBpC7hF001Mwlj7oO7K9l7l64Ye6Ck4AcQpl2Zs1CphDtuUNrWA8ZUwhYuZd5KwYnKZCCck9r9x3Yzb4K3vC_GMA1IegC2g6XDnuSb9pBBCkoDfw21vxcYZnKoLKsUXAdshGuZraRiaWz1kK7EKLPii1r7HEevERgSWoFgaF95-RvWP4H5WzMKjYnrDsKP4LYcMgaxJzvl111_DuqEdePBBAmtxn_ZfmPZkmRJuN2tHTtUl7ZyNBtv8P6xNtyXnJFytbfEx2Qt7HHUlyaHm_3RedVkEHyPlZ8DAtwZ47dVQB7zk2CRaCf98CQfO_rkPCEl5WcYxmLGkCxe7zgYcsE25f9c-syrTneAjL0lB3HHBiX2zpnok3DXb1wDFD3Y3FbBPMXBWGOE7yLCEr5sxTxHM62c7ItfuMFPk-qfytkCB1mQfZrtV3a-h1wsrUlD60ZMlDYdwvBu49ukzwv7CF-Frw-pZpS_HkAvAIXPteeWOtBZ7Of588q4zivhaf_GV_cl0ZRXteBBjgPQILlMMt-0WHu6RnunxQaH808hKtZc6pbljJFcvHs6eGQltGuxgLosFGH5Ugoix1Ty9Ltx1nICVvLFqVC7KfwNTfU19e-jvYNzmv52VoHd6A_fjRtdpIwba753xrxPmkynI6_vzjDKkFkrYlt4l9_7WaJoPa8er-WwamXreB-b-EM_cLH0TFa_HxbXcT-TGISTt_LYCaZHRpRCAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgBYAE&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-1755920978034369&ias_chanId=1&ias_placementId=20171342326&bidurl=https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g6Rmyg8p6OXoPQyB6kUQu7&adsafe_url=https%3A%2F%2Fifeg.info&adsafe_type=g&adsafe_url=https%3A%2F%2Fifeg.info%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-1755920978034369%26fa%3D4%26ifi%3D10%26uci%3Da!a%26btvi%3D5%26xpc%3D1e5EmwA6Ev%26p%3Dhttps%253A%2F%2Fifeg.info&adsafe_type=be&adsafe_jsinfo=,id:efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b,c:mIR7qo,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-h7xr7,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tOmstSW+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:eeb0dd9d-46b4-11ee-afe9-0e54d760e1e1,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj8_jiWHMnCa-znWhr9rcIcOgYzDlEUSobs-CtjDMJmKswkGgInb0BJiIG3r3gKcA3Pj-vlr3f8SXcUMxr1w3-DAWEBLm5aZGqsQSqRUAoCZ_4O3tPfyXpxdBjXSvx4sjZIKFjuwyiJWdyxo7_HHEklXBW8jsimoL6he5v60DDzSHP1oNnAvuW19fIGiKA9RZxe6-ZGDJFgxaxpjwZFPjMSGVeynKCaiH6wQ_W2lCJlSs-sebv3ZXJl-WlM8uaqSDD_N62JAfO0SGetg0LBim9MlPAOuH1PziznzGsEFSNPo-dXIfY33wEWzX0qX2x5s29071rnX3miPutmGIUDjgJwtnD-hZc14S6o5bpJWP_XFXHMzfBqAKk0mbjZPCru4ASoq4DZe2SFt1JZVWtqSpPN5STq97QBfT1Rrd591Y0Yx6uVM4V5iGaZ-7wnBb9WjUtVtDx6gBnUuI-tXLe3EWCfza_29yrr8X5SvsrH9NR3NuA2wmW9qXeOJXeg2cepQTM8WKewbw87QKemWk2GJUFwY6fb3CblABdC7tiEFu_WzuI7DVKI_k86lh2n-qKtf1yVkKGoBuMOLdVwJ7MbaGtf_aqz0qAYIER022PDoFr9VFtDPf9Bqy7TVJ1OL2Kj9doSSUA014pjecuH-21iTB6G32vHHRBITuN-QeZrkhF9joZTc4tuVl2LGs_zDJm-1pgmTgc-s9YpeRxgIfDQyuYAaEicZYZTAvlXzQHbpKBUqs9Z-CKhcp25XkUQR35CTxxpct2-TMH8f-UOsFAfX8Sy63BI9KxqY6HEPJ_6oJGRGoYGPQOemZkYrwFsAxJxM5iSHXyvzvT9HFX9mBfL9-Pv6GYHE0rz7Hrg47C7BL5GJ1hL5EZr9WPpkHZuinXkWAKkM9sOkvm1NGM41Za5Q3uovWxdUXjz4eIJuD4RGwavES9YRNwTExQvI545sP6qdOkXRXyeezwwQPmexVZSmj9s0WOXmBNB5UcVqspTJh9e3WcTkrAuC3piAHftsqLrJZPHatrBBozQBHtyt306791A9mzlYImeZycOkTJIQVfbHmo6EyeOsiT5TGMo19JQNC5PW1ajoYj_X2BdSn6vOkpqOqCmEYPm5etHPkj1_JyNENNTv2zXzDDVwSN0VIJeUiwdMChTT34dnRYRlzBlX3A_Hh8uTFzgpxb5bu8Tx_zCNuPJ0z5jxizCOSD1XZADNhk7izLoLSXAaLmz2s6zToWEK34svG056oTmxX2KZh5ByiqMF0mUryDXuWCvUqtZAk8ojhCVcYmuFKwbKhCd9zkuDlOrrv45f51EeCWsLXkrS2Z9HthlGVZQ6rNYIOXNCeffG2REgAhdsr1Zm2LmFeD4jFAO1wFHcnXY69boW0jJLyfs9Tkw9Y0pHPiXF7kCvlSVRHjN-9S7pV55xfTjY6AzppDqZqr6iWAnPZkuxd--be-C-q2mviQ8Fm9x4bSeklDYWrsgAnwc0xRtOkHWjPyrsohxO-TW-8tEKTXXA2ga1yFwM7oV2azgTB8mafux-DWiVrAl9nkcfv9g2uKDuoYGlQhCPRJ1R0WPSuP5CrhcFWDcjTQctVxkW8Y1vMikR9U6IfLYtr19Cr_xeEsLKMlaGX2H5y2K_nVMsSoVM1JqetUv6SqdSmcp7cA1B7zBDI-TFRDnMQsaD3uO2LUVcj5vzJaPKMVvJ0AsatcNBtYxbj4YAjasAezD26ipwz5YP5Gf8nMJL0A4Jgk5aSfXwvC71tZuAuX4tQCzcB2rX66_5DGfl7aOFAAJs3Q4uRyTND-NWxqKJqxTJfkXC9k6VGtPa2ONLihKpGTZrcSxuRfgWeVJYfdBj-mxfQn31ho_ouA2QElWJ_vYROciG9HKavnZQ-Dr7-w5t_JgcIz8R0LgMZOiY-pW5NBAjbJjxQt4yZga6LChPm0Jmz87kOlOlmKXWJDolQGeYqkPuxIH8koqprpQ0AJJp5zqa0iTw6VD_zq3XKNn34IuN_f2_uut_TnXKSrPGqS0tueBx4oo096D0gzwxh7wfQLnCd71RDxYecSywdmZ-v_iFUgU0WBXrI46MzyaXqgDD8XgQRz0Qel95ZCX9Uiy7LjehuztjZGPWI9tYmJ6Erwbgv8bN1Kqz-6j8NUkrafqjzt1mdmB9qjP6RR9CI1LetkoaLaysksws-1Xknpi6aaTaCdYE-LePFRyBf8zJFbxvk8kvuReqf5rkEU08VE0o9OWuV09SJFtc7LupFtTiiFv2-1syTMs2MrHa1Qw-nLVOHG9ayFCBNdD5FmADurXmstXEXqCCyyoVsUGbR4Khdd1RXE4MOxNXEiuenJAt_DT9DWB201rfDcy9V-lSmoCxsY5kdrYTSBDsEmPlQo1kSpe-pq4PyazEAlzQ5UF_teIrCS-0zlVxRC0Nq4Ai-6CiKxwxC2U3N5HASXNNIrWEtbo1HK0lRHJB1H5aCD8MgMbFdiCfC7u7V3h6SWV-Y-LAZuNWUUDMXMNJds4qFHF0q5lX8c2oSzT_lmIiItwQUn5RfBIxLJBIuTNJIAwD_r4zW4ki9575f4APQFEEjCSg8DtP1tkzf6WWymP53Epa9DTMutm2bH9LfGYXz-uLMpiHJZMCLsSY5JiBPay7QbsQSyJCTpNZAFHDrOIBWVPF7OGm4kmsCEbhWs5_VOy5ILX2s-i2NwmkyuDAmVaHuQueTwiD4LiJcu3AzI0oZHxFVdWcJoKYXHUAsulklh-GgXSLAVfOohitgwXOwFv8h-M022NglP5HoqLSJmdSYfzz711Vf1s03TyRczRby7uokCKxXWi6p-a5R6Cmu0D14b18VLBQ9gEac62ArSPwmSMsl3wfa5qYrlP039KmyOLWjJ0dtC5P66Mr7FzvyZOGRF6B0STJ2QJC34c9LfCgTYkzoMnbPLZ_0LAS4UNpVNGqc3oiP-C9kbup33WJuKJ8Psqw7u8qFUv6TM38CenSqmCn8sI8wUEQanDb10a321AyV01g_RUWXGfagmHW37laV7xdRBpC7hF001Mwlj7oO7K9l7l64Ye6Ck4AcQpl2Zs1CphDtuUNrWA8ZUwhYuZd5KwYnKZCCck9r9x3Yzb4K3vC_GMA1IegC2g6XDnuSb9pBBCkoDfw21vxcYZnKoLKsUXAdshGuZraRiaWz1kK7EKLPii1r7HEevERgSWoFgaF95-RvWP4H5WzMKjYnrDsKP4LYcMgaxJzvl111_DuqEdePBBAmtxn_ZfmPZkmRJuN2tHTtUl7ZyNBtv8P6xNtyXnJFytbfEx2Qt7HHUlyaHm_3RedVkEHyPlZ8DAtwZ47dVQB7zk2CRaCf98CQfO_rkPCEl5WcYxmLGkCxe7zgYcsE25f9c-syrTneAjL0lB3HHBiX2zpnok3DXb1wDFD3Y3FbBPMXBWGOE7yLCEr5sxTxHM62c7ItfuMFPk-qfytkCB1mQfZrtV3a-h1wsrUlD60ZMlDYdwvBu49ukzwv7CF-Frw-pZpS_HkAvAIXPteeWOtBZ7Of588q4zivhaf_GV_cl0ZRXteBBjgPQILlMMt-0WHu6RnunxQaH808hKtZc6pbljJFcvHs6eGQltGuxgLosFGH5Ugoix1Ty9Ltx1nICVvLFqVC7KfwNTfU19e-jvYNzmv52VoHd6A_fjRtdpIwba753xrxPmkynI6_vzjDKkFkrYlt4l9_7WaJoPa8er-WwamXreB-b-EM_cLH0TFa_HxbXcT-TGISTt_LYCaZHRpRCAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgBYAE&bundleId=

Request Chain 198

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cver=1&google_push=AXcoOmQcf9jyPmUqvvaK4oVzy7Mm5Dh_lSQJWTbLT4uT8-INnla1hSluzVCYTCtR7ReV-WgsmrjRwSjtTWLlLEgIpPpXzmbeRLOltdY HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cver=1&google_push=AXcoOmQcf9jyPmUqvvaK4oVzy7Mm5Dh_lSQJWTbLT4uT8-INnla1hSluzVCYTCtR7ReV-WgsmrjRwSjtTWLlLEgIpPpXzmbeRLOltdY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3I0bDdyV1QxUUI2dEQ1&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cver=1&google_push=AXcoOmQcf9jyPmUqvvaK4oVzy7Mm5Dh_lSQJWTbLT4uT8-INnla1hSluzVCYTCtR7ReV-WgsmrjRwSjtTWLlLEgIpPpXzmbeRLOltdY

Request Chain 199

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEItUbLve8we7JItnXbJOICY&google_cver=1&google_push=AXcoOmSPuXhUtN0twEFwK0UREnJ9xcwnGnBM_mSCgdO_WD0eVX3lcyk_C0Is8Asslfpxm2UuuIVkHOFd52XjLO8loRo6Mwpf8XLEzio HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AXcoOmSPuXhUtN0twEFwK0UREnJ9xcwnGnBM_mSCgdO_WD0eVX3lcyk_C0Is8Asslfpxm2UuuIVkHOFd52XjLO8loRo6Mwpf8XLEzio

Request Chain 200

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPhN-j4mFWui_QbXwng-384&google_cver=1&google_push=AXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPhN-j4mFWui_QbXwng-384&google_cver=1&google_push=AXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 202

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIWZ7kWjUQ9rGVdaZ4Wegq0&google_cver=1&google_push=AXcoOmT-F8T8IeXklyirSn-cYVtlij1GFhjZHVW8rgZTs6Rrcmw11cyusxk1NazYcXKFkcUi3GYQIz8cV91pHueU7MkKFjlTLEN6Vzw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3Mjg2Mjg2MDQzNjM3MTYwNA%3D%3D&google_push=AXcoOmT-F8T8IeXklyirSn-cYVtlij1GFhjZHVW8rgZTs6Rrcmw11cyusxk1NazYcXKFkcUi3GYQIz8cV91pHueU7MkKFjlTLEN6Vzw

Request Chain 203

https://d5p.de17a.com/cookies/google?google_gid=CAESEIRF5rOnSRLrxXwLYYbjse0&google_cver=1&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zpwp55FRQ HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIRF5rOnSRLrxXwLYYbjse0&google_cver=1&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zpwp55FRQ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zpwp55FRQ

Request Chain 216

https://googleads.g.doubleclick.net/pagead/adview?ai=C_NGOPGbuZMKVH4OlhcIPxOeLuAHwzvajcrbY1peoEbfFrI_ZDxABILilkDFglYKAgJQHoAHz1pqvKcgBCakCZxYlskZFkj6oAwHIA8sEqgSbAk_QVuIVZHZwJa8Er5TRbrVbUcbIZuPHiaJCv20xOUY8jFYhbRYGwb-dqU1nObDx_gcbsN1_MsJjDpoZwOVIpEsZXAxZbgmNBVkBQN4pHtIQVXTa5WTYoRPiFd7Cp655hYEpKlXFxjoPE16gvO13VriaFdhPTErMt2v_09sxVqWZ5tKm82jGpfIIuJ0rfNL8CSM_vf2p9MvIefBNoDk8wAbVSHycEaMQOOrIozgWb0lSC-BBDH_VRBwREsQ1e1-9UOlaCgdCGqok59ewi7tm7o_sN2g7D4He9T7CGGxSXW2FbUuyl5uwGL815WfZu88wOewpD3BIRebIyUbIA1EZWsHP7NgiT_XPu0fAoiR6VA8cDVr714YmpP_jlfzABP6x6aCoBIgFzYiQnEuSBQQIBBgBkgUECAUYBKAGLoAH847rjgSoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAPIHBBDDgg7SCBYIgOGAEBABGB8yAqoCOgKAQEi9_cE6mgkuaHR0cHM6Ly9wcm9tb3Rpb24tYml6LmNvbS8_cGxhY2VtZW50PWlmZWcuaW5mb4AKAcgLAdgTDIgUAtAVAYAXAbIXHAoaCAASFHB1Yi0xNzU1OTIwOTc4MDM0MzY5GAA&sigh=1nF5ly0l71Y&uach_m=[UACH]&ase=2&cid=CAQSOwBpAlJW1rutjXEXL19VBI1ezDIF85DtNrUBMdUAtNZryFIdW_tFgv4Jd2xlJLBQHQICaPDbiuMznuUPGAE&template_id=5000&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222338459588484485576%22,%22debug_reporting%22:true,%22destination%22:%22https://promotion-biz.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211104856947%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227905894636252139953%22}&andc=true

242 HTTP transactions
12 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/ 98 KB
22 KB 626ms
299ms Document
text/html 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

1457cc910b41a8b5ba411e458bbc70f31f27681f26e366f2836d36f20cce8580

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:18 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
link: <https://ifeg.info/wp-json/>; rel="https://api.w.org/" <https://ifeg.info/wp-json/wp/v2/posts/59931>; rel="alternate"; type="application/json" <https://wp.me/peXU10-fAD>; rel=shortlink
pragma: no-cache
server: nginx
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-pingback: https://ifeg.info/xmlrpc.php
x-xss-protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 166 KB
61 KB 91ms
38ms Script
application/javascript 142.250.185.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-75224506-1

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2722395eb4b66748c28bb0de09e2dff45c49b130ba8762c5caf7ef36b0895215

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62532
x-xss-protection: 0
last-modified: Tue, 29 Aug 2023 21:19:20 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 29 Aug 2023 21:42:18 GMT

GET
H2 200 amp-ad-0.1.js Show response
cdn.ampproject.org/v0/ 82 KB
24 KB 81ms
28ms Script
text/javascript 142.250.185.161
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/v0/amp-ad-0.1.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.161 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f1.1e100.net

Software

sffe /

Resource Hash

c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
date: Tue, 29 Aug 2023 21:42:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23145
x-xss-protection: 0
server: sffe
etag: "1e24d49ff16f97fa"
vary: Accept-Encoding
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=604800, stale-while-revalidate=604800
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Tue, 29 Aug 2023 21:42:18 GMT

GET
H2 200 style.min.css
ifeg.info/wp-includes/css/dist/block-library/ 102 KB
14 KB 130ms
126ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/css/dist/block-library/style.min.css?ver=6.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 09 Aug 2023 02:01:16 GMT
server: nginx
content-encoding: gzip
etag: W/"64d2f36c-19824"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 view.css
ifeg.info/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/ 602 B
599 B 132ms
128ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/view.css?minify=false&ver=34ae973733627b74a14e

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Tue, 11 Jul 2023 02:40:31 GMT
server: nginx
content-encoding: gzip
etag: W/"64acc11f-25a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
ifeg.info/wp-includes/js/mediaelement/ 11 KB
3 KB 135ms
131ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 16 Mar 2022 14:00:13 GMT
server: nginx
content-encoding: gzip
etag: W/"6231ed6d-2bf8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 wp-mediaelement.min.css
ifeg.info/wp-includes/js/mediaelement/ 4 KB
1 KB 139ms
135ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 16 Mar 2022 14:00:13 GMT
server: nginx
content-encoding: gzip
etag: W/"6231ed6d-105a"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 js_composer.min.css
ifeg.info/wp-content/plugins/js_composer/assets/css/ 474 KB
46 KB 167ms
164ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.8.0

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

521457922129a04fbc4524021ac47021659a1e1931c5dfe1a0e13be5dcaaefba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:56:29 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a35d-76891"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 frontend.min.css
ifeg.info/wp-content/themes/jnews/assets/dist/ 548 KB
90 KB 272ms
269ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

a75b4fcd9a2ca16dd0f928054400cbd522b0d70c642148aec5d27e94c48ef76a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a1a2-88eb9"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 js-composer-frontend.css
ifeg.info/wp-content/themes/jnews/assets/css/ 3 KB
615 B 292ms
289ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/css/js-composer-frontend.css?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

1c468f25c66a9aeaa637ca5244f64ec7f967734b2dc2aa92b667cf5316155e81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a1a2-bb7"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 style.css
ifeg.info/wp-content/themes/jnews/ 427 B
614 B 293ms
290ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/themes/jnews/style.css?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

0c25ce3cbc2dd4aab461a2dff79562efe1f987b7482ea83056790ec4914a1a7e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:10 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a1a6-1ab"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 darkmode.css
ifeg.info/wp-content/themes/jnews/assets/css/ 46 KB
7 KB 293ms
290ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/css/darkmode.css?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

3fadf99638094a841349a5bc82be83289b9b7c795838626f5ab8462763bad224

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a1a2-b6ae"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 scheme.css
ifeg.info/wp-content/themes/jnews/data/import/writy/ 4 KB
1 KB 293ms
290ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/themes/jnews/data/import/writy/scheme.css?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

8d5550f049ec5584b1c3bd3d4f4a2ae67cef34412b64b51c4b22a78e821357d7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:09 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a1a5-e6c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 jetpack.css
ifeg.info/wp-content/plugins/jetpack/css/ 97 KB
18 KB 293ms
291ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/jetpack/css/jetpack.css?ver=12.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

2d7b7d9d5f46003fd39e1c6dee0c2f617bc32ec707d819bd4eab2fc8081938de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Tue, 11 Jul 2023 02:40:31 GMT
server: nginx
content-encoding: gzip
etag: W/"64acc11f-184a3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 plugin.css
ifeg.info/wp-content/plugins/jnews-social-login/assets/css/ 2 KB
920 B 294ms
291ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/jnews-social-login/assets/css/plugin.css?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

4c62c820213f1ab28757a744fd3d15b65fc1ac9e148c8db2c50eb8a20959f930

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:56:37 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a365-94e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 plugin.css
ifeg.info/wp-content/plugins/jnews-social-share/assets/css/ 1 KB
814 B 294ms
292ms Stylesheet
text/css 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/jnews-social-share/assets/css/plugin.css

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

5847707988b0ee28c7b583abaabd6c203ad910326e5b9fe12149a0bc8ac43e5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:56:38 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a366-472"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 jquery.min.js Show response
ifeg.info/wp-includes/js/jquery/ 85 KB
30 KB 294ms
292ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/jquery/jquery.min.js?ver=3.7.0

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 09 Aug 2023 02:01:16 GMT
server: nginx
content-encoding: gzip
etag: W/"64d2f36c-155ba"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 jquery-migrate.min.js Show response
ifeg.info/wp-includes/js/jquery/ 13 KB
5 KB 294ms
292ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 09 Aug 2023 02:01:16 GMT
server: nginx
content-encoding: gzip
etag: W/"64d2f36c-3509"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 169ms
120ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

3178d561d0443be6280f35273c0a2413a2b763f468e430cbc29b1a1bc50ef89a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51046
x-xss-protection: 0
server: cafe
etag: 11394258106947866759
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:18 GMT

GET
H2 200 logo.png
ifeg.info/wp-content/themes/jnews/assets/img/ 4 KB
4 KB 277ms
277ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/img/logo.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

00b5a31a52a4e71fd10824e2e26039cf2a7b7d5ba0c7d833ccceb6b207660f45

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:07 GMT
server: nginx
etag: "6232a1a3-e15"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 3605
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 logo_mobile.png
ifeg.info/wp-content/themes/jnews/assets/img/ 2 KB
2 KB 278ms
277ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/img/logo_mobile.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

f51052bd6497dfa454b67975acb33a59b561443fbbe16a7aac155d4232c77e79

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:07 GMT
server: nginx
etag: "6232a1a3-7e1"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 2017
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 jeg-empty.png
ifeg.info/wp-content/themes/jnews/assets/img/ 70 B
382 B 295ms
293ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/img/jeg-empty.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:07 GMT
server: nginx
etag: "6232a1a3-46"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 70
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 image-3135.png
ifeg.info/wp-content/uploads/2023/08/ 382 KB
383 KB 345ms
343ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/uploads/2023/08/image-3135.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

7b30a44912b79ef248fd539414e666301b7338b1fa8a2baefa539a267638da0b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Mon, 14 Aug 2023 07:33:34 GMT
server: nginx
etag: "64d9d8ce-5f7dd"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 391133
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 image-3136.png
ifeg.info/wp-content/uploads/2023/08/ 402 KB
403 KB 347ms
345ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/uploads/2023/08/image-3136.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

36d04991b27d96ebcaabe87041ec6c9e4a32a2939cbfc8ff070a62f7a0f8c75b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Mon, 14 Aug 2023 07:33:52 GMT
server: nginx
etag: "64d9d8e0-64747"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 411463
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 comment-reply.min.js Show response
ifeg.info/wp-includes/js/ 3 KB
2 KB 345ms
343ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/comment-reply.min.js?ver=6.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 25 May 2022 02:01:19 GMT
server: nginx
content-encoding: gzip
etag: W/"628d8def-ba5"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 hoverIntent.min.js Show response
ifeg.info/wp-includes/js/ 1 KB
1 KB 345ms
343ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/hoverIntent.min.js?ver=1.10.2

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 25 May 2022 02:01:19 GMT
server: nginx
content-encoding: gzip
etag: W/"628d8def-5db"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 imagesloaded.min.js Show response
ifeg.info/wp-includes/js/ 5 KB
2 KB 345ms
344ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/imagesloaded.min.js?ver=4.1.4

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Wed, 16 Mar 2022 14:00:13 GMT
server: nginx
content-encoding: gzip
etag: W/"6231ed6d-15fd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 frontend.min.js Show response
ifeg.info/wp-content/themes/jnews/assets/dist/ 294 KB
85 KB 345ms
344ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.js?ver=10.1.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

7ac09376cadacabe79e795875aaffacb594e91cffd1e2f71c7b4ffe050dc3af7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a1a2-497ed"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 e-202335.js Show response
stats.wp.com/ 7 KB
3 KB 62ms
19ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202335.js
Requested by: Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Tue, 29 Aug 2023 21:42:18 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684460848292.3706
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 26 Aug 2024 04:20:12 GMT

GET
H2 200 plugin.js Show response
ifeg.info/wp-content/plugins/jnews-social-login/assets/js/ 990 B
826 B 345ms
344ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/jnews-social-login/assets/js/plugin.js?ver=10.0.2

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

c1242fa94be3c8b4f77e19e0098a00ce4714e76b48fcf9fb6c6fb95e978bc5df

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:56:37 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a365-3de"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 plugin.js Show response
ifeg.info/wp-content/plugins/jnews-social-share/assets/js/ 3 KB
2 KB 345ms
345ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-content/plugins/jnews-social-share/assets/js/plugin.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

ae63276d13de5376dd9d5d0dd2d330cb131ace6ab96008ddcad724acff553cea

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:56:38 GMT
server: nginx
content-encoding: gzip
etag: W/"6232a366-d98"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 76ms
24ms Script
text/javascript 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-75224506-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 29 Aug 2023 19:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6755
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 29 Aug 2023 21:49:43 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
202 B 29ms
28ms XHR
text/plain 142.250.184.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1240889588&t=pageview&_s=1&dl=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&ul=en-us&de=UTF-8&dt=A%20Discreet%20Exchange%3A%20Conversations%20Behind%20the%20Black-Hatted%20Man%20%E2%80%93%20News%2024%2F24&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1031426189&gjid=1947139072&cid=256524315.1693345339&tid=UA-75224506-1&_gid=1015227179.1693345339&_r=1&gtm=457e38n0&jsscut=1&z=1773059244

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://ifeg.info/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ifeg.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
341 B 85ms
28ms XHR
text/plain 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-75224506-1&cid=256524315.1693345339&jid=1031426189&gjid=1947139072&_gid=1015227179.1693345339&_u=YEBAAUAAAAAAACAAI~&z=1874303309

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://ifeg.info/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 29 Aug 2023 21:42:18 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://ifeg.info
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 146 KB
50 KB 84ms
84ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

61fd6ba4d87951389bb292a35743f9d67710b2ddc31cc4c0bbde35c811363a03

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51048
x-xss-protection: 0
server: cafe
etag: 17841119739787478500
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:18 GMT

GET
H2 200 preloader.gif
ifeg.info/wp-content/themes/jnews/assets/dist/image/ 4 KB
5 KB 239ms
239ms Image
image/gif 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/dist/image/preloader.gif

Requested by

Host: ifeg.info
URL: https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

e2e60e9eae839d6b2e857c708f6d02ae6069141594b941a1590cd5c5435d42f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
etag: "6232a1a2-112f"
x-frame-options: SAMEORIGIN
content-type: image/gif
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 4399
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 jegicon.woff
ifeg.info/wp-content/themes/jnews/assets/dist/font/ 7 KB
7 KB 236ms
235ms Font
font/woff 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://ifeg.info/wp-content/themes/jnews/assets/dist/font/jegicon.woff
Requested by: Host: ifeg.info
URL: https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 144.202.4.162.vultrusercontent.com
Software: nginx /
Resource Hash: e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede

Request headers

Referer: https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3
Origin: https://ifeg.info
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
etag: "6232a1a2-1be8"
content-type: font/woff
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 7144
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 fontawesome-webfont.woff2
ifeg.info/wp-content/themes/jnews/assets/dist/font/ 75 KB
76 KB 236ms
236ms Font
font/woff2 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL: https://ifeg.info/wp-content/themes/jnews/assets/dist/font/fontawesome-webfont.woff2
Requested by: Host: ifeg.info
URL: https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),
Reverse DNS: 144.202.4.162.vultrusercontent.com
Software: nginx /
Resource Hash: 2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Referer: https://ifeg.info/wp-content/themes/jnews/assets/dist/frontend.min.css?ver=10.1.3
Origin: https://ifeg.info
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
last-modified: Thu, 17 Mar 2022 02:49:06 GMT
server: nginx
etag: "6232a1a2-12d68"
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 77160
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 f58e10e16f98eeb0cd3f4c84599495c9
secure.gravatar.com/avatar/ 1 KB
2 KB 89ms
26ms Image
image/jpeg 192.0.73.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/f58e10e16f98eeb0cd3f4c84599495c9?s=80&d=mm&r=g
Requested by: Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.73.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 29 Aug 2023 21:42:18 GMT
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
server: nginx
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=300
content-disposition: inline; filename="f58e10e16f98eeb0cd3f4c84599495c9.png"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/f58e10e16f98eeb0cd3f4c84599495c9?s=80&d=mm&r=g>; rel="canonical"
content-length: 1323
expires: Tue, 29 Aug 2023 21:47:18 GMT

GET
H2 200 image-3138.png
ifeg.info/wp-content/uploads/2023/08/ 373 KB
374 KB 216ms
215ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/uploads/2023/08/image-3138.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

daebd7f90f4f822563fa689c2412bd15b53bff0dff8e4e6f4f334ef0a8c53c97

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Mon, 14 Aug 2023 07:34:15 GMT
server: nginx
etag: "64d9d8f7-5d392"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 381842
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 jeg-empty.png
ifeg.info/wp-content/themes/jnews/assets/img/ 70 B
382 B 245ms
244ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/themes/jnews/assets/img/jeg-empty.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 17 Mar 2022 02:49:07 GMT
server: nginx
etag: "6232a1a3-46"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 70
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308240101/ 387 KB
131 KB 88ms
87ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1755920978034369&plah=ifeg.info&bust=31077451

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

91d224e7fe92d4be644959ddc6acaf9c2f3c8fd32be3ced96ddfd3a39b1f8d58

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 134171
x-xss-protection: 0
server: cafe
etag: 4415332693893113662
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:18 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230828/r20190131/ Frame 633D 10 KB
5 KB 238ms
20ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230828/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15071
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 17:31:08 GMT
etag: 9878862242593084568
expires: Tue, 12 Sep 2023 17:31:08 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 / Show response
ifeg.info/ 124 B
537 B 181ms
179ms XHR
application/json 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/?ajax-request=jnews

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

a97f44f196e9ecd639750da2dacc90a6c3a7b9e5e3e692bb970ddbfaaffb615c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
content-encoding: gzip
server: nginx
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
cache-control: no-cache, must-revalidate, max-age=0
x-xss-protection: 1; mode=block
expires: Wed, 11 Jan 1984 05:00:00 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 24ms
21ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221145382&post=59931&tz=0&srv=ifeg.info&j=1%3A12.3&host=ifeg.info&ref=&fcp=1109&rand=0.7344847305718281
Requested by: Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 29 Aug 2023 21:42:18 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
ifeg.info/wp-includes/js/ 18 KB
5 KB 145ms
143ms Script
application/javascript 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to

Full URL

https://ifeg.info/wp-includes/js/wp-emoji-release.min.js?ver=6.3

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Thu, 30 Mar 2023 02:03:39 GMT
server: nginx
content-encoding: gzip
etag: W/"6424edfb-4904"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 image-3138-515x375.png
ifeg.info/wp-content/uploads/2023/08/ 251 KB
252 KB 147ms
147ms Image
image/png 144.202.4.162
AS-CHOOPA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ifeg.info/wp-content/uploads/2023/08/image-3138-515x375.png

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

144.202.4.162 Piscataway, United States, ASN20473 (AS-CHOOPA, US),

Reverse DNS

144.202.4.162.vultrusercontent.com

Software

nginx /

Resource Hash

cd8e77bb9997f70d4bc63ba8380377a8acb727d08c8c2872bdc1583faf953978

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:18 GMT
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
x-content-type-options: nosniff
last-modified: Mon, 14 Aug 2023 07:34:16 GMT
server: nginx
etag: "64d9d8f8-3ec90"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
accept-ranges: bytes
content-length: 257168
x-xss-protection: 1; mode=block
expires: Wed, 28 Aug 2024 21:42:18 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 385 B
328 B 30ms
29ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=ifeg.info&callback=_gfp_s_&client=ca-pub-1755920978034369

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308240101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-1755920978034369&plah=ifeg.info&bust=31077451

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

9598667818afc48e553985ab08773ac0027f445b097adac23e9116808206b9a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 249
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame E270 100 KB
35 KB 521ms
472ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

5dd41eadd5583b320b30fc18d6dc0b7167eee44540dfc809e8628ece122448b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 36089
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
expires: Tue, 29 Aug 2023 21:42:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3DBD 89 KB
27 KB 380ms
367ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=7627006716&adk=657587231&adf=984530530&pi=t.ma~as.7627006716&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338834&bpp=1&bdt=480&idt=203&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Hmt5Moh0ny&p=https%3A//ifeg.info&dtd=237

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

8674f707de405e62ecaf0ebcacaa49cba61e4b7a57f33ba685b9d1f2bb01f2ac

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 27428
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
expires: Tue, 29 Aug 2023 21:42:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame F8C0 90 KB
35 KB 818ms
817ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=250&slotname=1240673719&adk=2612090567&adf=258218646&pi=t.ma~as.1240673719&w=300&lmt=1693338139&rafmt=12&format=300x250&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338835&bpp=1&bdt=481&idt=251&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=SXksr8LQDA&p=https%3A//ifeg.info&dtd=254

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e469a9cd1e50424a7f2f8f7200f20c800b5c46f322ef759d73770745e5329e2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 35578
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
expires: Tue, 29 Aug 2023 21:42:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 13BA 94 KB
36 KB 422ms
421ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=781603041&adf=2589558187&pi=t.ma~as.1240673719&w=728&lmt=1693338139&rafmt=12&format=728x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338836&bpp=1&bdt=482&idt=278&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90%2C300x250&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=xlOfiC0gLx&p=https%3A//ifeg.info&dtd=283

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

67635d2c414b5dc350a6596eb89eb56b011902de29de6a1a78692d811a50341c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 36980
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
expires: Tue, 29 Aug 2023 21:42:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 893D 436 B
385 B 610ms
609ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=7627006716&adk=1808787621&adf=3320784342&pi=t.ma~as.7627006716&w=728&lmt=1693338139&rafmt=12&format=728x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338838&bpp=1&bdt=484&idt=288&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90%2C300x250%2C728x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=4264&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=5&uci=a!5&btvi=3&fsb=1&xpc=XYLHnwXMwM&p=https%3A//ifeg.info&dtd=297

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

76384e46c31a19642f77652a3304907e75921d22de8c1364cf61dfc18411a804

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 214
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
expires: Tue, 29 Aug 2023 21:42:19 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame C983 313 KB
72 KB 1170ms
1169ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&adk=1812271804&adf=3025194257&lmt=1693338139&plat=3%3A16%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x810_r&format=0x0&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&ea=0&pra=7&wgl=1&easpi=0&asro=0&asrtr=1&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338918&bpp=2&bdt=564&idt=249&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90&nras=1&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fsapi=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=7&uci=a!7&fsb=1&dtd=271

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

a290d8dd892311fe83badf0a62ea7bf477fa585627a646e838e80d7a6e921692

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 73457
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:20 GMT
expires: Tue, 29 Aug 2023 21:42:20 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 63e0a2a793d720ddab32c7ad1c79b976.js Show response
www.gstatic.com/mysidia/ Frame 3DBD 9 KB
4 KB 78ms
24ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/63e0a2a793d720ddab32c7ad1c79b976.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=7627006716&adk=657587231&adf=984530530&pi=t.ma~as.7627006716&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338834&bpp=1&bdt=480&idt=203&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=351&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=2&uci=a!2&fsb=1&xpc=Hmt5Moh0ny&p=https%3A//ifeg.info&dtd=237

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325613
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3931
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 24 Nov 2023 03:15:26 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 3DBD 2 KB
945 B 144ms
46ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 296e8486ae47669a34402216c17dea54.js Show response
www.gstatic.com/mysidia/ Frame 3DBD 22 KB
10 KB 53ms
22ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/296e8486ae47669a34402216c17dea54.js?tag=exit_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

4eb7a2ba33082e2e7e8f36a4a7e2a04d39393b368d926be480c93f8e44e82767

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 02:20:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415307
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9360
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 02:20:32 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame 3DBD 23 KB
9 KB 43ms
41ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 3DBD 3 KB
1 KB 74ms
72ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 3DBD 20 KB
8 KB 134ms
37ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3DBD 181 KB
57 KB 130ms
77ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:19 GMT

GET
H2 200 8487341825914645378
tpc.googlesyndication.com/simgad/ Frame 13BA 17 KB
17 KB 92ms
73ms Image
image/png 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8487341825914645378?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qnEM7itm-6mhDPum_Bfv4gsSc8vmA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=781603041&adf=2589558187&pi=t.ma~as.1240673719&w=728&lmt=1693338139&rafmt=12&format=728x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338836&bpp=1&bdt=482&idt=278&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90%2C300x250&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=xlOfiC0gLx&p=https%3A//ifeg.info&dtd=283

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

ddc9c01c9bea7249e9fdf4dbcb1e5d4a662db24f4c4d14ba75cf95050a7cdda9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 22 Aug 2023 22:21:08 GMT
x-content-type-options: nosniff
age: 602471
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17231
x-xss-protection: 0
last-modified: Wed, 02 Aug 2023 09:57:05 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 21 Aug 2024 22:21:08 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame 13BA 23 KB
9 KB 66ms
48ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 13BA 3 KB
1 KB 136ms
135ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 13BA 20 KB
8 KB 133ms
133ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 13BA 181 KB
57 KB 60ms
59ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:19 GMT

GET
H2 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 13BA 35 KB
14 KB 138ms
138ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

a1cda6441d6032222b35f93ae5f3bddff8eab851e5e8622049ef96f0b53bb01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14423
x-xss-protection: 0
server: cafe
etag: 4855010618112703997
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 14:46:30 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/7548971081506875819/ Frame 3DBD 63 KB
63 KB 84ms
84ms Image
image/jpeg 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7548971081506875819/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

25801c59f15295613ed5a0cfe70eb1cd1b9853fdd561d1db0c592fd0540c6869

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 11:08:19 GMT
x-content-type-options: nosniff
age: 297240
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 64811
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 17:07:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 25 Aug 2024 11:08:19 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/17723761722450059922/ Frame 3DBD 65 KB
65 KB 107ms
106ms Image
image/jpeg 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17723761722450059922/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

f51c2ea8be90351c31c2eaf325eb98d4495c2fa17dbf45ece1405e3f4d62a747

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Wed, 23 Aug 2023 05:20:55 GMT
x-content-type-options: nosniff
age: 577284
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66765
x-xss-protection: 0
last-modified: Tue, 25 Apr 2023 10:26:35 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 22 Aug 2024 05:20:55 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 3DBD
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CorZoO2buZK7sBs6OmLAPlZinyA_Xh57Ncu_52bLeEdzZHhABILilkDEoAmCV0vaBlAegAcueovopyAEGqQJDMNQMKTqyPqgDAcgDAqoEnAJP0Aj28T7gALRUM6s5e2cpukzmZqaZ2gPzAyE...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215721417973075440654%22,%22debug_reporting%22:true,%22destination%22:%22https://epic-assoc.com%22,%22event_report_window%2...

0
0

98ms
55ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215721417973075440654%22,%22debug_reporting%22:true,%22destination%22:%22https://epic-assoc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211262267211%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222797655999315367585%22}&andc=true

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15721417973075440654","debug_reporting":true,"destination":"https://epic-assoc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11262267211"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"2797655999315367585"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:19 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15721417973075440654","debug_reporting":true,"destination":"https://epic-assoc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11262267211"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"2797655999315367585"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 3DBD
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C3Q7UO2buZK7sBs6OmLAPlZinyA-C7Kmrcvm7yPjTEbms5JyTDhACILilkDEoAmCV0vaBlAegAeSsjr4pyAEGqQLiCoCY4iy1PqgDAcgDAqoEngJP0CF35iTZOQfnO8s2eGVg_Uvub3Mi3Tz...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226086197599096802033%22,%22debug_reporting%22:true,%22destination%22:%22https://plusclub.net%22,%22event_report_window%22:%...

0
0

100ms
56ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226086197599096802033%22,%22debug_reporting%22:true,%22destination%22:%22https://plusclub.net%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211136112228%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228551250908608159153%22}&andc=true

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"6086197599096802033","debug_reporting":true,"destination":"https://plusclub.net","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11136112228"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"8551250908608159153"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:19 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"6086197599096802033","debug_reporting":true,"destination":"https://plusclub.net","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11136112228"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"8551250908608159153"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame E270 4 KB
1 KB 79ms
29ms Stylesheet
text/css 172.217.18.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f10.1e100.net

Software

ESF /

Resource Hash

3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 29 Aug 2023 21:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 29 Aug 2023 20:14:57 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 29 Aug 2023 21:42:19 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame E270 2 KB
926 B 144ms
144ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame E270 23 KB
9 KB 125ms
124ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame E270 3 KB
1 KB 126ms
125ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame E270 20 KB
8 KB 140ms
140ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E270 181 KB
57 KB 58ms
57ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:19 GMT

GET
H2 200 3c1ec1505caf618a1f8c049839112e9c.js Show response
www.gstatic.com/mysidia/ Frame E270 36 KB
15 KB 23ms
22ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 02:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415990
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15058
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 02:09:09 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8DAF 143 B
166 B 20ms
20ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=781603041&adf=2589558187&pi=t.ma~as.1240673719&w=728&lmt=1693338139&rafmt=12&format=728x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338836&bpp=1&bdt=482&idt=278&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90%2C300x250&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=436&ady=3408&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=4&uci=a!4&btvi=2&fsb=1&xpc=xlOfiC0gLx&p=https%3A//ifeg.info&dtd=283
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:08:14 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame E270
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CG7hzO2buZI-gB675mLAP8tuG4AnXh57Ncu_52bLeEdzZHhABILilkDFgldL2gZQHoAHLnqL6KcgBCakCQzDUDCk6sj6oAwHIA8sEqgSZAk_Q516OnP9nQOn4nSjUvuIYHtBs7EQks_BZcM8...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212693455477687727210%22,%22debug_reporting%22:true,%22destination%22:%22https://epic-assoc.com%22,%22event_report_window%2...

0
0

99ms
56ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212693455477687727210%22,%22debug_reporting%22:true,%22destination%22:%22https://epic-assoc.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211262267211%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216227583109249118673%22}&andc=true

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12693455477687727210","debug_reporting":true,"destination":"https://epic-assoc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11262267211"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"16227583109249118673"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:19 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12693455477687727210","debug_reporting":true,"destination":"https://epic-assoc.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11262267211"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"16227583109249118673"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 6592766407814317453
tpc.googlesyndication.com/simgad/7548971081506875819/ Frame E270 36 KB
37 KB 106ms
105ms Image
image/jpeg 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7548971081506875819/6592766407814317453

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

a93798e0c7065b4e6f3131e493d070eb2ba3e18e88795df58811fc849b235e10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 13:17:18 GMT
x-content-type-options: nosniff
age: 289501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37269
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 17:07:56 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 25 Aug 2024 13:17:18 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/2015723046058677162/ Frame E270 3 KB
3 KB 105ms
104ms Image
image/png 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/2015723046058677162/14763004658117789537?w=100&h=100

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

5b4636a32cddf9e7607a1b7a857c417cf8c0a4137fc7647ee94bd4396b4b5301

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 20:05:31 GMT
x-content-type-options: nosniff
age: 351408
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2878
x-xss-protection: 0
last-modified: Sat, 12 Aug 2023 17:07:52 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 24 Aug 2024 20:05:31 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8DAF
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

29ms
28ms

Document
text/html

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
expires: Tue, 29 Aug 2023 21:42:19 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3DBD 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bad41ea7fd61735e3e216f7efd11586d24a7e7bea305c15a315f71e91c2b6b0c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 228ms
53ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 228ms
54ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 163ms
55ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 13BA 218 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c50a34e60a1f092c888acd50523b8f8f67b3879d90a21f0b012e8153ce93c2c5

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E270 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1369b30a0d9b9b9aa771f961decf6a74802e2e6ed375268e2fe750fb4c7250aa

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 13BA
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CJHr_O2buZIuNCfrzmLAPgra1kAXy4tSgbMOWk6P5EWQQASC4pZAxYJXS9oGUB6AB05yJ0APIAQKpAmXelzOXNLI-qAMByAPJBKoEkQJP0EVVJVpzRU-hxRG112uUSU013BcaBQFk3nDc5MI...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2218216676311047388923%22,%22debug_reporting%22:true,%22destination%22:%22https://boxspring-welt.de%22,%22event_report_windo...

0
0

55ms
55ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2218216676311047388923%22,%22debug_reporting%22:true,%22destination%22:%22https://boxspring-welt.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22973229651%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226977408908055179809%22}&andc=true

Requested by

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"18216676311047388923","debug_reporting":true,"destination":"https://boxspring-welt.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["973229651"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"6977408908055179809"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:19 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 29 Aug 2023 21:42:19 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"18216676311047388923","debug_reporting":true,"destination":"https://boxspring-welt.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["973229651"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"6977408908055179809"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E270 15 KB
16 KB 78ms
26ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Wed, 23 Aug 2023 19:52:03 GMT
x-content-type-options: nosniff
age: 525016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Aug 2024 19:52:03 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame E270 15 KB
16 KB 72ms
21ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A400%2C700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Wed, 23 Aug 2023 22:08:16 GMT
x-content-type-options: nosniff
age: 516843
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Aug 2024 22:08:16 GMT

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame 4E01 37 KB
14 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=90&slotname=1240673719&adk=1026063108&adf=2369281301&pi=t.ma~as.1240673719&w=970&lmt=1693338139&rafmt=12&format=970x90&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338830&bpp=4&bdt=476&idt=186&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&correlator=4130418885789&frm=20&pv=2&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=315&ady=0&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=1&uci=a!1&fsb=1&xpc=1ziaS0loGs&p=https%3A//ifeg.info&dtd=203

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 55ms
54ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:19 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 8617127727135477287
tpc.googlesyndication.com/simgad/ Frame F8C0 34 KB
34 KB 37ms
37ms Image
image/png 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/8617127727135477287?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qlMYIQ1Q9xvc1Irhcori0bVpj3wMQ

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=250&slotname=1240673719&adk=2612090567&adf=258218646&pi=t.ma~as.1240673719&w=300&lmt=1693338139&rafmt=12&format=300x250&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338835&bpp=1&bdt=481&idt=251&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=SXksr8LQDA&p=https%3A//ifeg.info&dtd=254

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

5526e738d75a0038ff5247dd07362c0e747b61acd6bafaa96d94392a4da96e2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 07:57:05 GMT
x-content-type-options: nosniff
age: 308714
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34890
x-xss-protection: 0
last-modified: Tue, 23 May 2023 22:00:03 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 25 Aug 2024 07:57:05 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame F8C0 23 KB
9 KB 36ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame F8C0 3 KB
1 KB 47ms
45ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18627
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame F8C0 20 KB
8 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F8C0 181 KB
57 KB 43ms
41ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:19 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame F8C0 35 KB
14 KB 47ms
46ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

a1cda6441d6032222b35f93ae5f3bddff8eab851e5e8622049ef96f0b53bb01b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 14:46:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 24949
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14423
x-xss-protection: 0
server: cafe
etag: 4855010618112703997
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 14:46:30 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4A52 143 B
166 B 19ms
18ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=250&slotname=1240673719&adk=2612090567&adf=258218646&pi=t.ma~as.1240673719&w=300&lmt=1693338139&rafmt=12&format=300x250&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345338835&bpp=1&bdt=481&idt=251&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&prev_fmts=970x90%2C970x90&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=650&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeEbr%7C&abl=CS&pfx=0&fu=256&bc=31&ifi=3&uci=a!3&btvi=1&fsb=1&xpc=SXksr8LQDA&p=https%3A//ifeg.info&dtd=254
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 2045
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:08:14 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame B4E7 37 KB
14 KB 21ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29820
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 4A52
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

33ms
32ms

Document
text/html

142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:20 GMT
expires: Tue, 29 Aug 2023 21:42:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:19 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame F8C0 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8f90c57666c653afe0787d9595df1208fd410663226d00e9a6ce5a17cdaf2d8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame F8C0
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CsiuwO2buZPaPB9P8mLAP-uK9iAvEnJa7crKT-fbsEf6g4p2MDhABILilkDFgldL2gZQHoAHss_LAAcgBAqgDAcgDyQSqBJACT9DlmGgJwEQ7tNRRvEzN50swULIRbpGRLufsTkRL03tM6jc...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217111378867502606112%22,%22debug_reporting%22:true,%22destination%22:%22https://madmuscles.com%22,%22event_report_window%2...

0
0

55ms
54ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217111378867502606112%22,%22debug_reporting%22:true,%22destination%22:%22https://madmuscles.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22404527596%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%22161440383031997905%22}&andc=true

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17111378867502606112","debug_reporting":true,"destination":"https://madmuscles.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["404527596"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"161440383031997905"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:20 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17111378867502606112","debug_reporting":true,"destination":"https://madmuscles.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["404527596"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"161440383031997905"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame 0DAD 37 KB
14 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 54ms
54ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:20 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
12 KB 110ms
69ms XHR
application/json 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230828&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

1a20326f4e41f89c8aa3c95542834da293f334338d546f9aa0c577d76fa5b73b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11819
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308240101/ 154 KB
52 KB 71ms
71ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202308240101/reactive_library_fy2021.js?bust=31077451

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

093ed144c5fa96a4f8fcab183ebc78f4257acd922b1d8bf6c74a4baecbd88683

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53640
x-xss-protection: 0
server: cafe
etag: 11576750414522864463
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame D98F 122 KB
42 KB 536ms
535ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=280&adk=4008274141&adf=2489288063&pi=t.aa~a.2176458453~rp.4&daaos=1693292574399~1693292574399&w=1140&fwrn=4&fwrnh=100&lmt=1693338140&rafmt=1&to=qs&pwprc=7853647499&format=1140x280&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345340466&bpp=3&bdt=2113&idt=3&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90%2C0x0&nras=2&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&psts=AOrYGsmqZIEu38c6_m-IydOxfvxbdPiLnYM0tigtgiQFvj3jdeVhk2YJdgq41IbthX4gHXLoP7p1xJXF82FelvGegVxe0BYjOo_oOiQ5KQXZrBPhwWhQ8sTN72maFrVH-Q%2CAOrYGsmgaH7XT2cMuAI_BtB2vvh4pMfXuNDeHvFSMYoa_RLTNV-WwcKNKMUlCItotWzNAol8imVxAH8ZQt4lRVesuRl3xGs%2CAOrYGsnUZxQKVPprHTJKvSqGwTMZIRPtCsHEqODLRfEXOddCG-7nYf1aecrBrQSkn1z-cAGFtGRU2Vgt_N3B9YiEz4gDHw%2CAOrYGsl4brJ2F_VHw7QDNj1y4-6cTFDBkOE6d6HaO3eJXbSGNAOkpWE3dm-31A04uCQRECYOATIIBHsstad9SeRPRgy5BqCv&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=l6pvXfickw&p=https%3A//ifeg.info&dtd=16

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

82152a6c4911a9c699f2b0185cd78a79b2214a9dbddd0a1bd6d83363bb82365d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 42527
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:21 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/ Frame FDA3 10 KB
4 KB 19ms
18ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13262
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 18:01:18 GMT
etag: 9878862242593084568
expires: Tue, 12 Sep 2023 18:01:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/ Frame 214B 10 KB
4 KB 18ms
18ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13262
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 18:01:18 GMT
etag: 9878862242593084568
expires: Tue, 12 Sep 2023 18:01:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/ Frame 070F 10 KB
4 KB 18ms
18ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 13262
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4437
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 18:01:18 GMT
etag: 9878862242593084568
expires: Tue, 12 Sep 2023 18:01:18 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 47ms
47ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H2 200 css2
fonts.googleapis.com/ Frame FDA3 4 KB
767 B 30ms
29ms Stylesheet
text/css 172.217.18.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f10.1e100.net

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 29 Aug 2023 20:53:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H3 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame FDA3 205 B
229 B 21ms
20ms Image
image/png 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sun, 27 Aug 2023 06:59:13 GMT
x-content-type-options: nosniff
age: 225787
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 26 Aug 2024 06:59:13 GMT

GET
H3 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame FDA3 604 B
628 B 22ms
21ms Image
image/png 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 13:52:52 GMT
x-content-type-options: nosniff
age: 373768
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sat, 24 Aug 2024 13:52:52 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/ Frame FDA3 15 KB
6 KB 37ms
35ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

328cb29271341963f1503c02d0d00d7d67f60396961e4fdac73b74ebbe16d803

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6521
x-xss-protection: 0
server: cafe
etag: 18225085782652855565
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:08 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/ Frame FDA3 20 KB
8 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

4539a37b37acaf787b3ccd0bb1e9a3372c9150aff547eeddd0296ad2a6d664f8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27972
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8570
x-xss-protection: 0
server: cafe
etag: 11167480076894372452
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:08 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7E76 624 B
245 B 60ms
59ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjuv9zgATAB&v=APEucNXmi02rNyKjT84LPuhRIWgHuq_Ir7snZY8VVSIkS6w3toLwy57ibNDFd3ffEXJBU7FhLMwFD2kPutzPvgM5VAFbK_IpFaIsMExznc5uq0oKRrZecM493Lpt9x4h9HAKdoHXizJ-N66kA5CzDphRXodOgHlgMjUXTo3ELmFnLGVMjbgnyJo

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:20 GMT
expires: Tue, 29 Aug 2023 21:42:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4FF9 86 KB
29 KB 96ms
96ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1135760/69474492/xbbe/creative/ Frame 4FF9 257 KB
78 KB 189ms
85ms Script
application/javascript 54.171.7.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1135760/69474492/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj8_jiWHMnCa-znWhr9rcIcOgYzDlEUSobs-CtjDMJmKswkGgInb0BJiIG3r3gKcA3Pj-vlr3f8SXcUMxr1w3-DAWEBLm5aZGqsQSqRUAoCZ_4O3tPfyXpxdBjXSvx4sjZIKFjuwyiJWdyxo7_HHEklXBW8jsimoL6he5v60DDzSHP1oNnAvuW19fIGiKA9RZxe6-ZGDJFgxaxpjwZFPjMSGVeynKCaiH6wQ_W2lCJlSs-sebv3ZXJl-WlM8uaqSDD_N62JAfO0SGetg0LBim9MlPAOuH1PziznzGsEFSNPo-dXIfY33wEWzX0qX2x5s29071rnX3miPutmGIUDjgJwtnD-hZc14S6o5bpJWP_XFXHMzfBqAKk0mbjZPCru4ASoq4DZe2SFt1JZVWtqSpPN5STq97QBfT1Rrd591Y0Yx6uVM4V5iGaZ-7wnBb9WjUtVtDx6gBnUuI-tXLe3EWCfza_29yrr8X5SvsrH9NR3NuA2wmW9qXeOJXeg2cepQTM8WKewbw87QKemWk2GJUFwY6fb3CblABdC7tiEFu_WzuI7DVKI_k86lh2n-qKtf1yVkKGoBuMOLdVwJ7MbaGtf_aqz0qAYIER022PDoFr9VFtDPf9Bqy7TVJ1OL2Kj9doSSUA014pjecuH-21iTB6G32vHHRBITuN-QeZrkhF9joZTc4tuVl2LGs_zDJm-1pgmTgc-s9YpeRxgIfDQyuYAaEicZYZTAvlXzQHbpKBUqs9Z-CKhcp25XkUQR35CTxxpct2-TMH8f-UOsFAfX8Sy63BI9KxqY6HEPJ_6oJGRGoYGPQOemZkYrwFsAxJxM5iSHXyvzvT9HFX9mBfL9-Pv6GYHE0rz7Hrg47C7BL5GJ1hL5EZr9WPpkHZuinXkWAKkM9sOkvm1NGM41Za5Q3uovWxdUXjz4eIJuD4RGwavES9YRNwTExQvI545sP6qdOkXRXyeezwwQPmexVZSmj9s0WOXmBNB5UcVqspTJh9e3WcTkrAuC3piAHftsqLrJZPHatrBBozQBHtyt306791A9mzlYImeZycOkTJIQVfbHmo6EyeOsiT5TGMo19JQNC5PW1ajoYj_X2BdSn6vOkpqOqCmEYPm5etHPkj1_JyNENNTv2zXzDDVwSN0VIJeUiwdMChTT34dnRYRlzBlX3A_Hh8uTFzgpxb5bu8Tx_zCNuPJ0z5jxizCOSD1XZADNhk7izLoLSXAaLmz2s6zToWEK34svG056oTmxX2KZh5ByiqMF0mUryDXuWCvUqtZAk8ojhCVcYmuFKwbKhCd9zkuDlOrrv45f51EeCWsLXkrS2Z9HthlGVZQ6rNYIOXNCeffG2REgAhdsr1Zm2LmFeD4jFAO1wFHcnXY69boW0jJLyfs9Tkw9Y0pHPiXF7kCvlSVRHjN-9S7pV55xfTjY6AzppDqZqr6iWAnPZkuxd--be-C-q2mviQ8Fm9x4bSeklDYWrsgAnwc0xRtOkHWjPyrsohxO-TW-8tEKTXXA2ga1yFwM7oV2azgTB8mafux-DWiVrAl9nkcfv9g2uKDuoYGlQhCPRJ1R0WPSuP5CrhcFWDcjTQctVxkW8Y1vMikR9U6IfLYtr19Cr_xeEsLKMlaGX2H5y2K_nVMsSoVM1JqetUv6SqdSmcp7cA1B7zBDI-TFRDnMQsaD3uO2LUVcj5vzJaPKMVvJ0AsatcNBtYxbj4YAjasAezD26ipwz5YP5Gf8nMJL0A4Jgk5aSfXwvC71tZuAuX4tQCzcB2rX66_5DGfl7aOFAAJs3Q4uRyTND-NWxqKJqxTJfkXC9k6VGtPa2ONLihKpGTZrcSxuRfgWeVJYfdBj-mxfQn31ho_ouA2QElWJ_vYROciG9HKavnZQ-Dr7-w5t_JgcIz8R0LgMZOiY-pW5NBAjbJjxQt4yZga6LChPm0Jmz87kOlOlmKXWJDolQGeYqkPuxIH8koqprpQ0AJJp5zqa0iTw6VD_zq3XKNn34IuN_f2_uut_TnXKSrPGqS0tueBx4oo096D0gzwxh7wfQLnCd71RDxYecSywdmZ-v_iFUgU0WBXrI46MzyaXqgDD8XgQRz0Qel95ZCX9Uiy7LjehuztjZGPWI9tYmJ6Erwbgv8bN1Kqz-6j8NUkrafqjzt1mdmB9qjP6RR9CI1LetkoaLaysksws-1Xknpi6aaTaCdYE-LePFRyBf8zJFbxvk8kvuReqf5rkEU08VE0o9OWuV09SJFtc7LupFtTiiFv2-1syTMs2MrHa1Qw-nLVOHG9ayFCBNdD5FmADurXmstXEXqCCyyoVsUGbR4Khdd1RXE4MOxNXEiuenJAt_DT9DWB201rfDcy9V-lSmoCxsY5kdrYTSBDsEmPlQo1kSpe-pq4PyazEAlzQ5UF_teIrCS-0zlVxRC0Nq4Ai-6CiKxwxC2U3N5HASXNNIrWEtbo1HK0lRHJB1H5aCD8MgMbFdiCfC7u7V3h6SWV-Y-LAZuNWUUDMXMNJds4qFHF0q5lX8c2oSzT_lmIiItwQUn5RfBIxLJBIuTNJIAwD_r4zW4ki9575f4APQFEEjCSg8DtP1tkzf6WWymP53Epa9DTMutm2bH9LfGYXz-uLMpiHJZMCLsSY5JiBPay7QbsQSyJCTpNZAFHDrOIBWVPF7OGm4kmsCEbhWs5_VOy5ILX2s-i2NwmkyuDAmVaHuQueTwiD4LiJcu3AzI0oZHxFVdWcJoKYXHUAsulklh-GgXSLAVfOohitgwXOwFv8h-M022NglP5HoqLSJmdSYfzz711Vf1s03TyRczRby7uokCKxXWi6p-a5R6Cmu0D14b18VLBQ9gEac62ArSPwmSMsl3wfa5qYrlP039KmyOLWjJ0dtC5P66Mr7FzvyZOGRF6B0STJ2QJC34c9LfCgTYkzoMnbPLZ_0LAS4UNpVNGqc3oiP-C9kbup33WJuKJ8Psqw7u8qFUv6TM38CenSqmCn8sI8wUEQanDb10a321AyV01g_RUWXGfagmHW37laV7xdRBpC7hF001Mwlj7oO7K9l7l64Ye6Ck4AcQpl2Zs1CphDtuUNrWA8ZUwhYuZd5KwYnKZCCck9r9x3Yzb4K3vC_GMA1IegC2g6XDnuSb9pBBCkoDfw21vxcYZnKoLKsUXAdshGuZraRiaWz1kK7EKLPii1r7HEevERgSWoFgaF95-RvWP4H5WzMKjYnrDsKP4LYcMgaxJzvl111_DuqEdePBBAmtxn_ZfmPZkmRJuN2tHTtUl7ZyNBtv8P6xNtyXnJFytbfEx2Qt7HHUlyaHm_3RedVkEHyPlZ8DAtwZ47dVQB7zk2CRaCf98CQfO_rkPCEl5WcYxmLGkCxe7zgYcsE25f9c-syrTneAjL0lB3HHBiX2zpnok3DXb1wDFD3Y3FbBPMXBWGOE7yLCEr5sxTxHM62c7ItfuMFPk-qfytkCB1mQfZrtV3a-h1wsrUlD60ZMlDYdwvBu49ukzwv7CF-Frw-pZpS_HkAvAIXPteeWOtBZ7Of588q4zivhaf_GV_cl0ZRXteBBjgPQILlMMt-0WHu6RnunxQaH808hKtZc6pbljJFcvHs6eGQltGuxgLosFGH5Ugoix1Ty9Ltx1nICVvLFqVC7KfwNTfU19e-jvYNzmv52VoHd6A_fjRtdpIwba753xrxPmkynI6_vzjDKkFkrYlt4l9_7WaJoPa8er-WwamXreB-b-EM_cLH0TFa_HxbXcT-TGISTt_LYCaZHRpRCAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgBYAE&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-1755920978034369&ias_chanId=1&ias_placementId=20171342326&bidurl=https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g6Rmyg8p6OXoPQyB6kUQu7
Requested by: Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.7.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-7-45.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 53338edc3d34036181d4d3504f731aaad9d38a4fc6486fb2b417e34eb1ed17f2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 4FF9 3 KB
1 KB 38ms
38ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18628
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 4FF9 20 KB
8 KB 39ms
38ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4FF9 181 KB
56 KB 37ms
35ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4FF9 42 B
63 B 56ms
55ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DJaPg3ox9J15SNEQfTGzf1lHB1DXdhbl4mUFqTU4eIi9xtM4gYTOdQEHA4mS-DVNsZn65q49urC15YBslRvXZJKaoOSxu5khZ0Krdnv8tGdBBOTVA

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4FF9 0
20 B 57ms
56ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14800076822442145929&x=1&ct=76

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 956C 640 B
265 B 62ms
61ms Document
text/html 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjAydzgATAB&v=APEucNWCObujPuf7QPmDMCBUEor4d7J2Gt_uiW6h6suZpDwtcGIznV10H3dZ2-zUyARDMYDPATb2w2zIDmcx5ZGLa4LTEV329nV11jXbm4DMu1bSEFoXFiDelusaIQMTOXUiaBAcniygPHQH08dzhXiFdXcpRlm24VXquXQH4z6pVeAHJs_KT6E

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:20 GMT
expires: Tue, 29 Aug 2023 21:42:20 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A01F 86 KB
29 KB 127ms
126ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30167
x-xss-protection: 0
server: cafe
etag: 12949109546734229676
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H2 200 adj Show response
fw.adsafeprotected.com/rjss/bgd/1135760/69474524/xbbe/creative/ Frame A01F 257 KB
79 KB 131ms
46ms Script
application/javascript 54.171.7.45
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/bgd/1135760/69474524/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKUrkyJxRInOc9WbWOrap7w264TV03WWmDNhj49SM17PYhg42In21qHV5NjUTIN2VCGvwg5jKneIJB2FwpvA5KYWxlNNbHFKmKDbMSuRUAoCZ_4LP6MRihQrl31jXrBhQkTE-KIEbpdl1Qk8uWLuVQWwzDQcyUcbsMmYjbmJkQX1O7Q53sVtzOdbTXnsDjHmS84KQlF38P4nDiIWbBeh4POJOvUvpVhOUxY4Wkb9P-4JDtmA9PCm1hdqSo4WJjSW3gwzf9pDnIFu84aA26I9i5XsDwvpTY3WbgEHXjv0MPOPYcgm-nsCwUkSk7gUZ1T8MR2ZNJQR_S9lwUcBo0QUEOADgKqdmxwocApWfanChDMUJdyCaIPWEVg6tuHgCkgoQ8yvOqziCG__FLrjz9c823MMNKB0V-xpSGq3m3Emp3-O86wSCYh34kFeiTixbQq6oKt7lEzvyZs2RYLAT8ko6eO6EuXPVdNpBGVNEqBvbt2D5zH_Gsbv5KMC5nOC2CaBJKmCuUcpB8yuo1Ut9kVCEBI_9kTs09H0cLh2FdgRDxgtusyFGEKuzkDLQw-3uHzQCecJhsEfGvZyOPyDwUbD4jCUf2XPArL1EjxgWIYd6uV6Rw9MUdWGj7Hswb1ocUqWae5fQ-_1ZF2cEhVOO_MdnQFewSeEdpxr1FVkZ2gwZxWUpICYROT5NK3WN7j54u19S2D9JdZNcSOy-v-mLjeKSlIPwThWo9uz9j2V1nWWjt4FnqE5_zaRn_qL46-i0ESYWoXrRubLo_Qpt3VCDH8F1v2S4HfXoLMGXuXzN8wh7v_ZnNQZhElVRfyvZMF84x31NSjtLGVCMazTyuVVXnta4F2CyOCQXsx0mAlJZ0Xxxd9qucPrYmpFyPxQUl5zzB5srk_pO-PQVEGKBg12ZeafIqiHsGXEIgbiY_9ZXFDjF-kqLh13Sq1RIGav32QS7Ut0heuhw3VJ6q9-ox_BnB8PE1TdTXPt2PH5Y1Uf_O307OgWvCCUZUkk2rPK7qj0PvnJclGXO7mxe_scL0qgQdz3rh7NSkjdqMiVpApep9Y6hLJSeMQPZul5NIkR_j59yQ-edyvugKoEiuDWFUTHvGSDigwzGT30BOLPH9RRU1CGa_W_MaUUCparalUAoQYneMNuMUju3QxL03ODNWD-7LwP1DU7AYzhVPAzYJc8xOKmngKiixzlsE-mY-xk7rF86AxBYasY-bxkL8oa4GzGKRLM--Kenys66o-zZfDGnse5TtT0kCbaiUZRSZ0rrHzolyzXvVDC0oOoXslLREXvo9vS3Rm8FaqMxOWGQQAk9JBbTd2MA5xf9DxyxJAh5jO8Dk6JfmvbfzHui1CXAa2pqJFF5xwX3rgqV0-muEHYc_8fUiqldX-_zAvJ-QoViLx3ATxFzqLDaErCllSJxpsEilXp5COspMAv3I8U5YyJ8Ewvo98dL0CaaMDq_dH_zdVixyrT8Gq8-f9Kj5VqhYODwlTXhesPl08Qk-QcHoFYjU_Gl7J-doZAZH_IffpInCX-MsMhnn5RVi9V8-y8f08CZrYliyH0q39okAkYkFMlRjeYCDHVQnVTd5CoLy3IR7K7HRAf9ShMjQGc5gqanM_UFYbTqEzI-UoFOhM9gqajvQbl3Cs-sWwticMmd-C9TrEnPrim8iOWsPuBXCV7JgY5wCS_C7cJYlOHZxZ2ITFnCVkoHp6gGarQcaIsmJVAlrSvz3My5RSFpdcxkWE2muHDAHD5L00QyDy90zHtWrgYWYMmlZ4rBNWaLx2Ivu2mZeDG6FtvDoPAyX53FjJvq4vUsIPGlAcu3PQGfgWcMwrd8zATI6WXlkUPoJ-6srDx5BgzmewruGtvF0z5Rzgqc16ylZFw0FYvn-h3WikYVjMlkINqFRCAuohODXBwYmnLID3sikZrY_U0GqcPBv8-BHw8S1-gx9UnJ48erg6-RYRFVjAy0VBydLj1xqGYprDrLfUP-brhCHU4qpFi-C3gxFR_bxtctSBQbmPGwhhV1FKw8DNRmTzfiY1tCUn4MmovDPCGusLcoU0_C4c6E9Zgrg9oBbMRd4XmBFbKgdZqD0TJ7MEw4BINfALR8Z8XGE-0py3sw0fpDoPDZ_ADkx1_7gqL4QXF2TGj_iH7QM9p9HH09gLrMlpnW5PduVGX0t992dEM8rc_uaTsDapbh4KxbZEMAzVH2-nbxvz1ovEo6vVPf31xJVENs1P3gPu349M6UgQWjXjUGq9DXH_q6f4VOk3bDHO58wumGOW2Licw-MPNgyhmYrgWAgzcs0rng8c0o84mr1L1_Z3i-VeQrALLBl-rJamRfvErZ4id4GavVpKVWcBCVPQ0UkmZLYA0QuZYxTplHD9M1L3MbKG6BWgW5S249HteTLNzVu18MK9T4jQbSpF2g2KAyBBwx-8SBL1gXua1ZFrVhvKijZm4by4i4tNwBYY7hBlZLX0x_kW9V2BoHcKmOAjrmYU-hUstKkoU1UfQ9lNq_tYSWH6UWviZApwhGmZphaNTKjbqbOCmA5RH2MgPKhao87B3jFlpZH3k_IzUJWKl4rzuqP_w-DnHdIO0Cc_yFYB6MbSxjOkGvzE8AW8z1ze1YovIZ7nhcXRTXfgXKLsVpAe-PeAWW8xnKlZDYrVparqQ1W0nNiSGD_D_l-8fz77awSP2T6bS756qzzxLto6tSlXGWsSHNKDRfn1vYFx3hK5O0w_KoJH1XierresQifoVXqLvvfCrPUoNqVSuyty4Wk7C29Bmt6kVJLeNZxMia0g9a4MHV9BqyNedervZsZim0z7iv6lYaWqKEtf3oD4UVypVmH0orF7Bf8HXKA4_HvuEQ7jtNh75NOZ28w2c0B1GZd2R8pqIs614SUVO4d2-ig0b_toxbAOzqmTKEwPqw7p4FuATvqcPiMs5gtCxpsM0MhTaXzyzoHPfRkfndB_lbXW9HOzvBn2XXi3UjjzP5oTjt0f0zWa_FQhUKBBGiJqmSlLrDHTkpl4DEOuDLVxLpQL7rJ62A7ZWJbmm50s-jN96FcullwRm7T0SvjSpuu60HK5siJkTY8Z1Z-VZgN2UAdCbzXk3lrl7oFYhbjgR0WazRMOl6RKx-ILy2lnjxrGDRaZPnrAQW9ujxKOk-dAfAwjfLtROIt4OoPm8bFq1jwDNaS3-Ee6Ip0RIrGN3wL2pLFA59bNF1bDbwbDDPLaSs5aez5qRdreO8e2xIMmMFmyk_S_d24L8E3EI2MzxOY-OugOrpwc36KSGMM6E29xogZ1WYA-g0zFF9DrSLDldibnHM1DLH78NclDTzKZIlZ6-IThF1JjPOXwO5QNZ6SKBasMDhSDrV5_TLT4tVJ2foBY8ktcm2GPaors6IP9-qj-OSbljSsmua8r2uZKVb1wDEMaYbiwA6mvNj5AECNcWoahQCkAJZJQudH1k7Z8PEbpHpOcR1wlSVUNx6HMjhYj9XhCVxY3s_A7qd0ca5VKlVTxyRsqM6KBYQ8wwOnVWHSo66_Gixz1yzchnFJFZBU7NTKUv8VEqTx43hcQhZInNu_t89qCP4hHpCW6AOS2l6qhl21pB_ecLXQLxXwVSRsmkWOYX5re-fIW9V4Kdri0jXYa_wbTEZFXA38ztP6BkbHF0cIvsbjXwOIXFpabUsLccJz2ePRu6xI8POtvwCU_rVCuoRhY_vVEK_u5tpLZla0HBY0QF2SvrLmA4jtcgeBy768D3Urf_VIWIhlWZeqH5UWArPRxnh2j8hB7W3R7V1zBhzdBGDjYpcaUQgEEksAaQJSVgZYkic_1wOzO7c2Ip6zkRAbIyNt2F7rCszTTKgPkNTXPQLLjrdwH9YwefH3FUpiESb4RVYXw84bGXl87d4vx8fBjiDJ36oYAWAB&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-1755920978034369&ias_chanId=1&ias_placementId=20171342326&bidurl=https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hsGRw_iT9WYQ5CV-3iOnnH
Requested by: Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.7.45 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-7-45.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ba0fa0cc474428475587109e6af8d43c0250fa3df5145c36a50a6a8235901875

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame A01F 3 KB
1 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18628
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame A01F 20 KB
8 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A01F 181 KB
56 KB 43ms
42ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A01F 42 B
63 B 56ms
55ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AE2oDpFRnVfxjOyCTdAS6KiQgu-_qfJ_rAVDZdAHtoY9KA-Ih_HY5e6znY4d4C0va6A3sGG_nzV77KD1wm1rPbR3_sDnTtImdOlJkx0XtXQ4dDwo0

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A01F 0
20 B 55ms
54ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1758702543007266560&x=1&ct=76

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame EDAA 13 KB
5 KB 40ms
38ms Document
text/html 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 17270
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 16:54:30 GMT
expires: Wed, 28 Aug 2024 16:54:30 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 0360 829 B
559 B 34ms
31ms Document
text/html 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f4.1e100.net

Software

GSE /

Resource Hash

2e4e396f54df8c221694cc036c817087771e03f276547097539ab206dfb126ae

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-vB7A0b0nVzrEQ8omhljF7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ifeg.info/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 537
content-security-policy: script-src 'report-sample' 'nonce-vB7A0b0nVzrEQ8omhljF7A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 21:42:20 GMT
expires: Tue, 29 Aug 2023 21:42:20 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 63e0a2a793d720ddab32c7ad1c79b976.js Show response
www.gstatic.com/mysidia/ Frame 4C0B 9 KB
4 KB 20ms
19ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/63e0a2a793d720ddab32c7ad1c79b976.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325614
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3931
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 24 Nov 2023 03:15:26 GMT

GET
H3 200 188ef0ef38d8ff16fdc6a661ce0bb9c4.js Show response
www.gstatic.com/mysidia/ Frame 4C0B 142 KB
52 KB 22ms
21ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/188ef0ef38d8ff16fdc6a661ce0bb9c4.js?tag=video_mra/web_interstitial_raspberry_ms_cta_adjustment

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

69cb605f0a4a781056612fe26df57089a48b6f8e96a19a5ab954dd9b900d77c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 02:24:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415065
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 53329
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 02:24:35 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 4C0B 21 KB
1 KB 29ms
29ms Stylesheet
text/css 172.217.18.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500%2C600

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f10.1e100.net

Software

ESF /

Resource Hash

76740b2a7b0a35eed6ceb509cefd8ddd6955bd5c656b0581f2dcdb48040ced8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 29 Aug 2023 20:29:44 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 4C0B 2 KB
892 B 36ms
35ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame 4C0B 23 KB
9 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 4C0B 3 KB
1 KB 41ms
40ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18628
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame 4C0B 20 KB
8 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27973
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4C0B 181 KB
56 KB 38ms
37ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H3 200 3c1ec1505caf618a1f8c049839112e9c.js Show response
www.gstatic.com/mysidia/ Frame 4C0B 36 KB
15 KB 40ms
38ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 02:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415991
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15058
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 02:09:09 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7E76
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1

43 B
766 B

20ms
20ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjuv9zgATAB&v=APEucNXmi02rNyKjT84LPuhRIWgHuq_Ir7snZY8VVSIkS6w3toLwy57ibNDFd3ffEXJBU7FhLMwFD2kPutzPvgM5VAFbK_IpFaIsMExznc5uq0oKRrZecM493Lpt9x4h9HAKdoHXizJ-N66kA5CzDphRXodOgHlgMjUXTo3ELmFnLGVMjbgnyJo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Aug 2023 21:42:20 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7E76
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZO5mPJ8eB9OQbJGx32XKvQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1

43 B
766 B

21ms
21ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjuv9zgATAB&v=APEucNXmi02rNyKjT84LPuhRIWgHuq_Ir7snZY8VVSIkS6w3toLwy57ibNDFd3ffEXJBU7FhLMwFD2kPutzPvgM5VAFbK_IpFaIsMExznc5uq0oKRrZecM493Lpt9x4h9HAKdoHXizJ-N66kA5CzDphRXodOgHlgMjUXTo3ELmFnLGVMjbgnyJo
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 29 Aug 2023 21:42:21 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGhzWbHlDhGklsNvsa578Uw&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 7E76
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEEwiVVay7IAoO7KFLfXicIs&google_cver=1

43 B
841 B

31ms
31ms

Image
image/gif

37.252.172.123
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEEwiVVay7IAoO7KFLfXicIs&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjuv9zgATAB&v=APEucNXmi02rNyKjT84LPuhRIWgHuq_Ir7snZY8VVSIkS6w3toLwy57ibNDFd3ffEXJBU7FhLMwFD2kPutzPvgM5VAFbK_IpFaIsMExznc5uq0oKRrZecM493Lpt9x4h9HAKdoHXizJ-N66kA5CzDphRXodOgHlgMjUXTo3ELmFnLGVMjbgnyJo

Protocol

Server

37.252.172.123 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
an-x-request-uuid: a09b09bd-e4d6-40a1-8bb4-bb40a5968179
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.215.133; 217.114.215.133; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEEwiVVay7IAoO7KFLfXicIs&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7E76
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODE4NjI3NzE2MjI4MTI5ODY5Ng%3D%3D

170 B
243 B

29ms
29ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODE4NjI3NzE2MjI4MTI5ODY5Ng%3D%3D

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
an-x-request-uuid: 86126f18-779d-4bbf-bf3f-df57363bb8a1
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=ODE4NjI3NzE2MjI4MTI5ODY5Ng%3D%3D
x-proxy-origin: 217.114.215.133; 217.114.215.133; 868.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 956C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEERjazXd4VLlquzdJDjJJ4c&google_cver=1

43 B
114 B

29ms
28ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEERjazXd4VLlquzdJDjJJ4c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjAydzgATAB&v=APEucNWCObujPuf7QPmDMCBUEor4d7J2Gt_uiW6h6suZpDwtcGIznV10H3dZ2-zUyARDMYDPATb2w2zIDmcx5ZGLa4LTEV329nV11jXbm4DMu1bSEFoXFiDelusaIQMTOXUiaBAcniygPHQH08dzhXiFdXcpRlm24VXquXQH4z6pVeAHJs_KT6E
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEERjazXd4VLlquzdJDjJJ4c&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 956C 43 B
304 B 76ms
29ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjAydzgATAB&v=APEucNWCObujPuf7QPmDMCBUEor4d7J2Gt_uiW6h6suZpDwtcGIznV10H3dZ2-zUyARDMYDPATb2w2zIDmcx5ZGLa4LTEV329nV11jXbm4DMu1bSEFoXFiDelusaIQMTOXUiaBAcniygPHQH08dzhXiFdXcpRlm24VXquXQH4z6pVeAHJs_KT6E
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 956C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEFAZbBvxvKpOqMDhKeWUjO8&google_cver=1

23 B
163 B

43ms
43ms

Image
image/gif

2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEFAZbBvxvKpOqMDhKeWUjO8&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjAydzgATAB&v=APEucNWCObujPuf7QPmDMCBUEor4d7J2Gt_uiW6h6suZpDwtcGIznV10H3dZ2-zUyARDMYDPATb2w2zIDmcx5ZGLa4LTEV329nV11jXbm4DMu1bSEFoXFiDelusaIQMTOXUiaBAcniygPHQH08dzhXiFdXcpRlm24VXquXQH4z6pVeAHJs_KT6E
Protocol: H2
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

expires: Tue, 29 Aug 2023 21:42:20 GMT
pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEFAZbBvxvKpOqMDhKeWUjO8&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 956C 23 B
163 B 116ms
46ms Image
image/gif 2.16.97.41
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOrkQEQupmXARjAydzgATAB&v=APEucNWCObujPuf7QPmDMCBUEor4d7J2Gt_uiW6h6suZpDwtcGIznV10H3dZ2-zUyARDMYDPATb2w2zIDmcx5ZGLa4LTEV329nV11jXbm4DMu1bSEFoXFiDelusaIQMTOXUiaBAcniygPHQH08dzhXiFdXcpRlm24VXquXQH4z6pVeAHJs_KT6E
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.16.97.41 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-16-97-41.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

expires: Tue, 29 Aug 2023 21:42:20 GMT
pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 0360 0
0 54ms
53ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230828&jk=1231807028608599&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s08-in-f194.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4FF9 0
20 B 54ms
54ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8344681121071&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4FF9 0
20 B 55ms
55ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8344681121071&version=m202307240101&ct=76&x=1&cor=14800076822442146000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4FF9 16 KB
12 KB 56ms
55ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADIJ0CIDoRx0--9ju7AsFvRFm5LO4S_-Y1GZNP2Ycms49qA8kP3pb7Lh8T_WbcyRUVfYpIgX4OemAs6RFekrZNgwnflzccTS4imYCjP6p6Ll8Q8yyJ_R2vTZ2EadYWA85HPmR0WCmKshdrj9mrTLRyKclgjg4euiTmn6lGnv17LcY3HqM&cry=1&dbm_d=AKAmf-Dit1kmwd9o2JxPaLL3MIPeVApi4ECNyw0YooT5wbti5dUqMulhyAoZ4iGb3VpHgw3PEIftM11zmpcyZYbwwK4ic6XazqjCgLj8GbazG91aB6QB1I2FBi5YxBIxxO1KNB_IK-o5uz84ViaGWEQAqstWuHnNCP3Td2eV5GVPEqtm5GhOJPRAvdxH1Ob7faqVaRVFH1T5EmorokKqcqssetrX2k86kB7ifx5ggVnZHZa9td95SvbUg_JGeOanUdJCHJjAktTnp5nULC4zYbLLsLQCTfsSBjpY-hZjTNgRh9PXoL77lssJ8ncCmLc51amgd8Z7NN8k8uDXIUYywQJzBfcxw0EsSfAIxS5CTmwpQieaToEjRgsIzlBY3iyG5mZQNkx6ZovWmPWXBLz7zq0LJvZ9Ly3GpdIvdC5zGzOXDrFv4dgRenxgNui7keEgTaRKsNJXEne_gFnDp7iWsusLExxo9RAHReqfSJBmDGWNlVG5zlhUbtjVpwdOdPv7u1JQTTz_IJbOTaTZDiUVigBy2jRIHC_OWzOYuNEpuRr1WDx_dIdGAgQxQK9ySjJzrCd_4qTXxka_-Ow5dXwEtnldykxGdfCo7ESGWhQ_1zf4uAVN07zI-IgX-mgdi9g-QsCI9qxAfL60yU4pyEQQR3fVjeIv5GRBxdZUt7ax9AGvxdtoHUI7qojcsTndD-h4fVTacW7ZQm-Zvm9Iae7uTn7hgKF9h5Tsb7UKfHenyjQeLZu8NzZfcr-ioPFNdL0F8dHOqkowlH_A_l1U9vyEDoC67VkUmjAEOSWgBSPhCkySShSHRW22X6c9V0_TWTvHUmrwxyK7zEyvwb9hKIsLEcrEUI32lVXmuWYcEPY8omMEFwPErPVicbkpjxpJq-Ks33eF1_5aI7mA-Afu0ZuLNKbpSH31hNs-Vjcr276bcLzlEmwcmLyCynW4J9Ek4ZkIv4ZDlPgQOYYJRnvyd0FztWcY3mLxHA5Z8J9RPlAVDuNpTpMfb10CvdEuGvZniivTycvJtiA68DOE5gDAZrkW-UCZ5pq1aKluZVAjYyFVE3rU3stYvCDmjSFmvuyK2kzEO-hC4j8zACYG6nQVHJLCDovpIgZci9z1KNvKwptjJ4zsVQK79VztO1bwfFY0tvc4qzHkjmy-GbbDk-iASNCg6PIwUeM7MTpc2RCjZCxfW0KDJvHNAuasF6EPZQ497x-QaWxQFMC4sGhD7Mfm6-K908BVpt4qOYqvisXXXyABmEDxeRn7RN1abAv4CHnvUnYpHc6CEO3VeOGmkPxGr9YMhjDIrec8WRWQIZuc8ygyLg-89bNj3OLEhbPbd7T3dr4oReVne9Aupq1UgGZuKKWWMnOiGfmx9K1nRfMgncZ7hBYXbtmsmS-gj0BknChxkj2doHUqy1su7j7F-3pdCVexmlSzDYL2FTC2tduETDbZVDm1t03UZE9pGBTs3fNXseliIXSdy3Bi7V8CJmScCLpXWYVJs-giEtSnsYn0FRatjPmlP5hITjeA757965Xtp0eCk8Kto1G8a5FwzSyXu3hKw6dh8qTHKf8DstPMHol7RbokpOsZaMuMCfh7Wj99sSFW4abLqPqaLbCd9aaIXFM2K5xwvGzmEpcJN5a_yC1FdHm4OtumzlKix8MPlqxQdo3xltNVGx7eRaRdSBXYvHCzKf3ncw5kZpLaBFxqvG69G-ufoGX2FFyv20BmoFlzKS8WxYHUEvN3fMLClplfuXyhiF83upkt6jZ6yU8QerLfUeCGcPtZg8JBu7rCoZvF6QQZNcSrr2ZHICSINdC9RZi1oQwr6xx83z64ZaQ6Pny-sKYFmLP7RCxgoSEeNkm-Vxgsak0ycVB7qibjuJ9JOx1SMHAYcsRaTnOiYWcvKB3fW3urz8TOC-gv6pSPSHtij6TrUPySNJ4vk_57fM5Wprz6HWqg0ikslczL1gTVaYum3pEYFgxnh9iDR5XptdETtlhK9YnKAx6F66TV0dvNjK-5Tw9c_vbhgDZVkoLptCHeHsrAMhHh2DDm9DH84lTLfl-EqisWesIgaButg4atCmoCedZVeCIRv2RYtEe_nlDUMZThuay0K8_OCekQrtPIVLpWRFFVIk8LxM_g1p6Q0tquvvSYaRAE5Xvdnae9xUEtyRcU9LD8_XTkUFuHS6a-K2ktg_M0jqQTM1eIzCu2LMtbChp2DfikvtNO_x8SubBG6BNn0YQlL7c8q4mJfWTaNgyrPtyBEfAnw7xq1lMOWFohw8q5313VyigvRhlIH33yC1VHqB9_7ob7a-4yHLVB0PcyRimKkQcn2garbKAjm9E6TLGXIAZzyF9EozLV54Uqwej6nNUt2D7nz2LHX7BgzMFbvZb3wy2cAvT99NV-IyX-uwR4zM0Ib9kyz5ys0wtxuVSRBXReqHTjpEgFVSjEvDKcSkfpWLnNr_rk5_xKuG7JNsr-MaGgzictyUL7_aEVi5hPWWqqPbIw1zruynpFQGkmeWwiTtnGiE--onxGcllqtyA9PbOnM7ifzMikVvn7FN3dy7UHm-aL9bROVm46bdCg0Mc__Wxvrn6-d6-5XLf0qyjnVkxsNkN2u2SzXNSDP9W6RYR5BaynEdS4Eny1MY-4HudY-pg1vwLVrB7eELEb10QJ_rPPlxv6QhCdBw262eCtlwxWU1A-0PyYWqDPDjVprW4njeZHaNeH-fsLVKMzq88YIwUZBtKviv-yasLeXst5A00aSirYE3vK4bYSYJtl1_txWbKG4ff_Lok134x3zpbL5hyXXYPxrnIQ8IMJ-XOWY3UJmFourojukDt7IcMDf83EPvdqDFsPbUREmT_brgvOa5V67RZ8ffgOLzJwFL5olFSmikQDm_h3xOFyiycb3P-16P2eAtDkBC2SS1noiF9t7UhEmwXM2pPURiDX3M1YYUwbz4zEWg4z-EYTsN6u8_ChWZYDNb4FuqRMtyErdS7f2GMiygszEZ_aCpvSnQdKP-shOg6vvE_UKdSw2BfUEavildpKPNzqgl_EXor5SvO8dAeSaysYeGcMBDtlWvYU4w7R8ZoUkP7DTh9kH1ITOIGZjcqWSb85&cid=CAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgB&dv3_ver=m202307240101&rfl=https%3A%2F%2Fifeg.info%2F&ds=l&xdt=1&iif=1&cor=14800076822442146000&adk=2988274607&idt=103&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

fff2521683fbf32be173e39b9c07cef94f74b1534a4265ea6d53ea8742f8db93

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11884
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3DBD 42 B
64 B 58ms
57ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvMlOLoNinN-yZPTorEa_M9lJs7HS8xc9QQ4eFZHJ1O0wk2j4KDlBegbKo19i5PZKhgf44BAmGIAlC3RLSf-SNoOsUB664QX3yKM9zWm1UgQ3fYR4BZ8nBopJNZhjOtpPpy6iIITMgz5bLY&sai=AMfl-YQsr8CfXUDBpFYAoYxuMON_mfbiwGFtiVzJiFwks2tqnrbPH0xtKKER7RUbThvV6BRzaPG8KjSuUUL4&sig=Cg0ArKJSzOoR0TE5hi_uEAE&cid=CAQSGwBpAlJWh0e0_cO6_d7p3MNe9ntprmUQWUH7VBgB&id=lidar2&mcvt=1036&p=17,485,90,969.984375&mtos=1036,1036,1036,1036,1036&tos=1036,0,0,0,0&v=20230828&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=657587231&rs=2&la=0&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693345339072&rpt=671&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3DBD 42 B
64 B 57ms
57ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvLTW3EE8d7pkh2E3VjUOonS1527BxU1npVKtg8f7KDt-6DLNS8SiA4eDx05uHEpm98EdejMKRKSEzlJK967dSFzMLQUYNGEKXtPsKhETsRjPNyTA7MGvRrPctSG-xx9C7CC9npHZQL7AHI&sai=AMfl-YQoNG9y6YPplsmGaeoRJ2FeA1_I3c6-Rl2HqH1ud-nsAQ6PBbEzs64-u08a3EszIhRhzajuZXH-ONLZ&sig=Cg0ArKJSzIXCL1UVN1Q-EAE&cid=CAQSGwBpAlJWh0e0_cO6_d7p3MNe9ntprmUQWUH7VBgB&id=lidar2&mcvt=1039&p=17,0,90,484.984375&mtos=1039,1039,1039,1039,1039&tos=1039,0,0,0,0&v=20230828&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=657587231&rs=2&la=0&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693345339072&rpt=668&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame EB32 37 KB
14 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame EDAA 37 KB
14 KB 20ms
19ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29821
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A01F 0
20 B 53ms
53ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3843730824815&version=m202307240101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A01F 0
20 B 54ms
54ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3843730824815&version=m202307240101&ct=76&x=1&cor=1758702543007266600

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A01F 16 KB
12 KB 60ms
59ms Script
text/javascript 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DtQsgfqTqk8c7IztoRrfiiUTbjVNXsm4wN6GDnzhvokaa8sMiw67Lv2b5Drois6hRV9LrWqt5d7Eh3EsPprs3S8fJjIw1dx0T-GVSlCBBaREchxV4Ex5aA_PUyDscoNvUufvQvOEK8cuFITs8hW41eK5PYfwVoKpzoQFOatFe6WsoF_Bc&cry=1&dbm_d=AKAmf-CSYuognNzGFTqhktgaM2KkdERax2tZC5sjMzmVEe3c9KuiMS4t0X5_KCgZd9eqP0g7rza3pHdglGm61Rn827yC0jS4CDm3Vr6SxaVhbpqrap_MtojEUfVxe6bv4vvnQeonbYo26_ryb4cVqKS1IGbxOwcK_D311Szq-850lG-Q8WKX9_SQNFXiI8TSaCgfONrdQyyHFZ2I_i51Cq0BUzA2SnJ15_tZPnpnVeCKmgrALuV1c7fs9FtjG_Pc1HpJR5VzX1ZLZrYga0iRYlKQLxV4LdeEy1NEPZ8L-G9W6cokLoWFNC-RR-YrN-fLS4Y5WZFJ9zM8bLwCW9A2KxJvBcbMve1heA_QeOoxUJDvC64o3wdos8XYqsm7ZJecCiO7rhFbB4a1iYdcqBOhISdy2mVVGYZjlskFJ76Yiyk43rYGejBES1adOLkcg1MfzHys-zr1LYsLi0seY51qUAh9IcM8V7TWhnv7bai34ry81YvggISiW1T52kFWls6iTK4l_I0iX8TeQLJ1Lx3uaaXfl4iZRhCrCOisuYkAuCIvB_xuGs_kKcsQo11M8bb11VkPsO2DhQ6qfSzRHdX1owIe9S5eAt0r4sCS8Cv0W7u-OKZuMZAVcLrKh8YTe9aYRBgasIYyMwJUnAG-favwAoRJu-AvHOz3CAfUnDrUh4G9MGnAIlZVkDbeeKHr_W8nmx1dI6dWzS3s_OvlSAl9NdIow0rcJrQb1ffWMoEu6FZ1SsZ4L5Uk5dZXyhUxKKEIlSc1R_kgL6jUQJ-N0r6dZesYxPtLTbwSPTSbZvi2YbhBDNmKNY1TsGIHVOY2UOUlGp2nCFrIjUsjj9ai7dPb1JD99LAcVjc1hNChanN2WmxCMkQhgL49tMSqE8eWHKca4emRR6HziE8xCa1UNc9ix9dfzExyZjkCeU2EpYOopTDftupfb44UfIaePAy2mln67TN6ipT51g8mJk__tr17LuVXhpOhhWVhbML2c_w1yqBVM6hYdqOf-niPqP23LZMFgEAnymeb8ZYf8DiB2RDD7_0eSYLWtsAXnDBhCDrlVf6oX9Y6p29xrymBBO4MHyiPUuNLo1tGcoCjmpfpNEdZ6eNq3h7IN1LL_MExEnFF-zhu76xeDUXhzCpNvwKeuVEOaW6GIUgJaI09apgTwSeLl5oviUb-zNuLmPJDZqFrylBlYNOFktfmEYBxSTz_G6DdtvAgu86O_feNP6sMi8f5pHSv2DW1kQPyXjEsPVKn2kOWfjq3rPKAYgHoLls_yPoyCHZ-EKCRNmwyQgrwJ_IEPtb7DoQpluNA79ASLyQRR8UiyYTO_KTGBMFyGe_hn5dqUsLHgKQmtNbOTVE-YemikBRCH3H042hOrBQ5Vr_BTOXVo1mMgqQx1tJezvj_ZNKASaVzI2YQr0WFtx92HYN758dWbkEe5pQQB0aB58BiJLvgIdyCxN2W-plfwYrty7qiAcjVpc97olU51cziK_YWgSFPRuuMqrdCoBXaZMPVUScNZjpZXjMSoYbWnhwCgVn5CUdR8pIcjsJkDnO-_sDQurYRUm3vj-XFYMYVP9yzGI3wFvx0YWdtrtfKCjJ7OUOMRIQjT1vyX4B9Cj_7UYy6ldn5xxExTgzEp2cl_NCuAaDYkCZEReQ8QRMwURT6b0AAAUAVV5EfIxjX4smZklx74aFSXD6txbV8CRUmDAEDNCpHbhTDGUo5eL2I2i1kFfASCBFcLMhqZZLlbFecDzcawqy1KJ0066fltRZnSUf8q4uvylvNPuao3fMTylJRqdQv4E5cXCO_qDiVAosUSbwS98jEWFMw5D3tU2VqB1w_vcoOidq-vvXM23kRENehxIwMoDvatjCXylEw6cI4jQQfh5GOsZ4kJjf8NJGZI0L5xetjOxRsThweKKyNgrUsPZEGkHXqZ2XvjA4e3YsrsqTXpBgTkIhxR-AVsuwLca5I964BKu4MCImNWVPv1nSy77c0nlokQRL8sb2x3UN4Znqew4HQca1C-H1QOkvddH_F-KDwQ7ROejkojSmn2ztNg9zvLt_V6wQ5P0rBda_ioE96NF9zdSebCPj3o1eMfpdhqNT76RRIJ0EKEVS2eqPZmvlVw3NOfagepg-GET6yCEw1J5sxNBazccKkHmd3HtOYy-_nPTpIrbiNcJURBKo4d_0QjSL6oFRNmZSGzjH6qCBv8a_yZ79EA9R21ydG6wExsbexgmXK_MSadLBVo7ZnYqHJ_feoQy--p9nnQOT16FDju2E5lPZMcWGCu9UM3WsWBut_uV1KXa8u_FR3dMC3duqNj7EmfolZCx1gVT5-Wqfjb0yJ_LpZroztP6h53BOUTwDHP8ms0LinKhxKK6QkJW2TXu5wAu-CReZc7Wf6ZFJZudpO1JjKgYlZBkemnr6vohz1h3idR50m4dg9QI7JfhzKuqFSN1JA5T8MVm3q2e0BXX_Nn3-1HM2Q0gBUeevJ5uqedgmeeNiMEsB559kXSAUTFw7EkzvazMTaREdl0ZidoGtFBRKx3langW-qX-sVLi4iGqtjIeCFFB6g3_OuCf5E9QQ2fafyQigIMmjVR1XqajmlXxa4pgDYy4vyS6GAYL0yC4lfSV_yzzGPV5-0HKt6Fqc017GZedyTpBySLXF3zcRaf-SMrz2u1boTKNe_3eJbolcjn0ojT4mP-Q8IXUH0C6Q1JSaWHd6wqmYEeI2S2LFHPns96Q4m1myI4YOeaZ6n6zxKQh425Jwqe4V54rQE6pKyscOTTBCJEdlTOwa0WR6JR59TlwVK_fFS_oUA2asXzC5EPM9TbtlC4nKSbqEzzinl7CAnOJGVS-xF_Y1a265Z7ytPGvg5RkSG-ky363CdGkV2_9AXEChIDvmsGdYUfn5CsqOVhcF_jXtT3t23on0jxz-62k0UzikvhFx3qNS2vBeMFKOyqK1FvYJpc9Pszf16L3-xS3FOl9DYmzM5egzfXn2sS97qL1ryEkpHSeocfC6pCQwbTcD5i3IOvkhE4qisVH2S-5_4L937FTK64siRBwgznx2YZFmL272NgGdIV082iI1-D-S0fyGpXVIuw__r8SQhqT0YVKpzq8bK_ucTS4T-DcOzAA&cid=CAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgB&dv3_ver=m202307240101&rfl=https%3A%2F%2Fifeg.info%2F&ds=l&xdt=1&iif=1&cor=1758702543007266600&adk=2935317967&idt=135&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

189d37b2b4ff6cc9cc20e2a84f203912ef8517643cceb4fa4188c475556108c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11894
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E270 42 B
64 B 57ms
57ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuhYWbFx2fQ6LDVL-QeSXKB2JLF9hdMwM-ox8FfZ5zMbkqHBc7C0DJ0q5H21lSSfqG-T3EGLSQEv5gJaRYU_yWyyg5Ke5Rxk0Zl-aXXWHE64oKGS5gaalMqEWJf5KAutPEBRALUBdEszZQ_&sai=AMfl-YT5rMKhHsaRYxsYSkB7Bpce4sEl1shvxNlGAWmeKCG-NT8Hirqq_XgNcMtyTPW_guazaWFir5ZQNoVz&sig=Cg0ArKJSzFnEGLjFBA6SEAE&cid=CAQSGwBpAlJWW0Ks7pRFYhXU1u-1UGYXQJOOHJ8GyhgB&id=lidar2&mcvt=1020&p=0,0,90,970&mtos=1020,1020,1020,1020,1020&tos=1020,0,0,0,0&v=20230828&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1026063108&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693345339035&rpt=783&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 4FF9 41 KB
13 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ADIJ0CIDoRx0--9ju7AsFvRFm5LO4S_-Y1GZNP2Ycms49qA8kP3pb7Lh8T_WbcyRUVfYpIgX4OemAs6RFekrZNgwnflzccTS4imYCjP6p6Ll8Q8yyJ_R2vTZ2EadYWA85HPmR0WCmKshdrj9mrTLRyKclgjg4euiTmn6lGnv17LcY3HqM&cry=1&dbm_d=AKAmf-Dit1kmwd9o2JxPaLL3MIPeVApi4ECNyw0YooT5wbti5dUqMulhyAoZ4iGb3VpHgw3PEIftM11zmpcyZYbwwK4ic6XazqjCgLj8GbazG91aB6QB1I2FBi5YxBIxxO1KNB_IK-o5uz84ViaGWEQAqstWuHnNCP3Td2eV5GVPEqtm5GhOJPRAvdxH1Ob7faqVaRVFH1T5EmorokKqcqssetrX2k86kB7ifx5ggVnZHZa9td95SvbUg_JGeOanUdJCHJjAktTnp5nULC4zYbLLsLQCTfsSBjpY-hZjTNgRh9PXoL77lssJ8ncCmLc51amgd8Z7NN8k8uDXIUYywQJzBfcxw0EsSfAIxS5CTmwpQieaToEjRgsIzlBY3iyG5mZQNkx6ZovWmPWXBLz7zq0LJvZ9Ly3GpdIvdC5zGzOXDrFv4dgRenxgNui7keEgTaRKsNJXEne_gFnDp7iWsusLExxo9RAHReqfSJBmDGWNlVG5zlhUbtjVpwdOdPv7u1JQTTz_IJbOTaTZDiUVigBy2jRIHC_OWzOYuNEpuRr1WDx_dIdGAgQxQK9ySjJzrCd_4qTXxka_-Ow5dXwEtnldykxGdfCo7ESGWhQ_1zf4uAVN07zI-IgX-mgdi9g-QsCI9qxAfL60yU4pyEQQR3fVjeIv5GRBxdZUt7ax9AGvxdtoHUI7qojcsTndD-h4fVTacW7ZQm-Zvm9Iae7uTn7hgKF9h5Tsb7UKfHenyjQeLZu8NzZfcr-ioPFNdL0F8dHOqkowlH_A_l1U9vyEDoC67VkUmjAEOSWgBSPhCkySShSHRW22X6c9V0_TWTvHUmrwxyK7zEyvwb9hKIsLEcrEUI32lVXmuWYcEPY8omMEFwPErPVicbkpjxpJq-Ks33eF1_5aI7mA-Afu0ZuLNKbpSH31hNs-Vjcr276bcLzlEmwcmLyCynW4J9Ek4ZkIv4ZDlPgQOYYJRnvyd0FztWcY3mLxHA5Z8J9RPlAVDuNpTpMfb10CvdEuGvZniivTycvJtiA68DOE5gDAZrkW-UCZ5pq1aKluZVAjYyFVE3rU3stYvCDmjSFmvuyK2kzEO-hC4j8zACYG6nQVHJLCDovpIgZci9z1KNvKwptjJ4zsVQK79VztO1bwfFY0tvc4qzHkjmy-GbbDk-iASNCg6PIwUeM7MTpc2RCjZCxfW0KDJvHNAuasF6EPZQ497x-QaWxQFMC4sGhD7Mfm6-K908BVpt4qOYqvisXXXyABmEDxeRn7RN1abAv4CHnvUnYpHc6CEO3VeOGmkPxGr9YMhjDIrec8WRWQIZuc8ygyLg-89bNj3OLEhbPbd7T3dr4oReVne9Aupq1UgGZuKKWWMnOiGfmx9K1nRfMgncZ7hBYXbtmsmS-gj0BknChxkj2doHUqy1su7j7F-3pdCVexmlSzDYL2FTC2tduETDbZVDm1t03UZE9pGBTs3fNXseliIXSdy3Bi7V8CJmScCLpXWYVJs-giEtSnsYn0FRatjPmlP5hITjeA757965Xtp0eCk8Kto1G8a5FwzSyXu3hKw6dh8qTHKf8DstPMHol7RbokpOsZaMuMCfh7Wj99sSFW4abLqPqaLbCd9aaIXFM2K5xwvGzmEpcJN5a_yC1FdHm4OtumzlKix8MPlqxQdo3xltNVGx7eRaRdSBXYvHCzKf3ncw5kZpLaBFxqvG69G-ufoGX2FFyv20BmoFlzKS8WxYHUEvN3fMLClplfuXyhiF83upkt6jZ6yU8QerLfUeCGcPtZg8JBu7rCoZvF6QQZNcSrr2ZHICSINdC9RZi1oQwr6xx83z64ZaQ6Pny-sKYFmLP7RCxgoSEeNkm-Vxgsak0ycVB7qibjuJ9JOx1SMHAYcsRaTnOiYWcvKB3fW3urz8TOC-gv6pSPSHtij6TrUPySNJ4vk_57fM5Wprz6HWqg0ikslczL1gTVaYum3pEYFgxnh9iDR5XptdETtlhK9YnKAx6F66TV0dvNjK-5Tw9c_vbhgDZVkoLptCHeHsrAMhHh2DDm9DH84lTLfl-EqisWesIgaButg4atCmoCedZVeCIRv2RYtEe_nlDUMZThuay0K8_OCekQrtPIVLpWRFFVIk8LxM_g1p6Q0tquvvSYaRAE5Xvdnae9xUEtyRcU9LD8_XTkUFuHS6a-K2ktg_M0jqQTM1eIzCu2LMtbChp2DfikvtNO_x8SubBG6BNn0YQlL7c8q4mJfWTaNgyrPtyBEfAnw7xq1lMOWFohw8q5313VyigvRhlIH33yC1VHqB9_7ob7a-4yHLVB0PcyRimKkQcn2garbKAjm9E6TLGXIAZzyF9EozLV54Uqwej6nNUt2D7nz2LHX7BgzMFbvZb3wy2cAvT99NV-IyX-uwR4zM0Ib9kyz5ys0wtxuVSRBXReqHTjpEgFVSjEvDKcSkfpWLnNr_rk5_xKuG7JNsr-MaGgzictyUL7_aEVi5hPWWqqPbIw1zruynpFQGkmeWwiTtnGiE--onxGcllqtyA9PbOnM7ifzMikVvn7FN3dy7UHm-aL9bROVm46bdCg0Mc__Wxvrn6-d6-5XLf0qyjnVkxsNkN2u2SzXNSDP9W6RYR5BaynEdS4Eny1MY-4HudY-pg1vwLVrB7eELEb10QJ_rPPlxv6QhCdBw262eCtlwxWU1A-0PyYWqDPDjVprW4njeZHaNeH-fsLVKMzq88YIwUZBtKviv-yasLeXst5A00aSirYE3vK4bYSYJtl1_txWbKG4ff_Lok134x3zpbL5hyXXYPxrnIQ8IMJ-XOWY3UJmFourojukDt7IcMDf83EPvdqDFsPbUREmT_brgvOa5V67RZ8ffgOLzJwFL5olFSmikQDm_h3xOFyiycb3P-16P2eAtDkBC2SS1noiF9t7UhEmwXM2pPURiDX3M1YYUwbz4zEWg4z-EYTsN6u8_ChWZYDNb4FuqRMtyErdS7f2GMiygszEZ_aCpvSnQdKP-shOg6vvE_UKdSw2BfUEavildpKPNzqgl_EXor5SvO8dAeSaysYeGcMBDtlWvYU4w7R8ZoUkP7DTh9kH1ITOIGZjcqWSb85&cid=CAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgB&dv3_ver=m202307240101&rfl=https%3A%2F%2Fifeg.info%2F&ds=l&xdt=1&iif=1&cor=14800076822442146000&adk=2988274607&idt=103&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324065
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A01F 41 KB
13 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DtQsgfqTqk8c7IztoRrfiiUTbjVNXsm4wN6GDnzhvokaa8sMiw67Lv2b5Drois6hRV9LrWqt5d7Eh3EsPprs3S8fJjIw1dx0T-GVSlCBBaREchxV4Ex5aA_PUyDscoNvUufvQvOEK8cuFITs8hW41eK5PYfwVoKpzoQFOatFe6WsoF_Bc&cry=1&dbm_d=AKAmf-CSYuognNzGFTqhktgaM2KkdERax2tZC5sjMzmVEe3c9KuiMS4t0X5_KCgZd9eqP0g7rza3pHdglGm61Rn827yC0jS4CDm3Vr6SxaVhbpqrap_MtojEUfVxe6bv4vvnQeonbYo26_ryb4cVqKS1IGbxOwcK_D311Szq-850lG-Q8WKX9_SQNFXiI8TSaCgfONrdQyyHFZ2I_i51Cq0BUzA2SnJ15_tZPnpnVeCKmgrALuV1c7fs9FtjG_Pc1HpJR5VzX1ZLZrYga0iRYlKQLxV4LdeEy1NEPZ8L-G9W6cokLoWFNC-RR-YrN-fLS4Y5WZFJ9zM8bLwCW9A2KxJvBcbMve1heA_QeOoxUJDvC64o3wdos8XYqsm7ZJecCiO7rhFbB4a1iYdcqBOhISdy2mVVGYZjlskFJ76Yiyk43rYGejBES1adOLkcg1MfzHys-zr1LYsLi0seY51qUAh9IcM8V7TWhnv7bai34ry81YvggISiW1T52kFWls6iTK4l_I0iX8TeQLJ1Lx3uaaXfl4iZRhCrCOisuYkAuCIvB_xuGs_kKcsQo11M8bb11VkPsO2DhQ6qfSzRHdX1owIe9S5eAt0r4sCS8Cv0W7u-OKZuMZAVcLrKh8YTe9aYRBgasIYyMwJUnAG-favwAoRJu-AvHOz3CAfUnDrUh4G9MGnAIlZVkDbeeKHr_W8nmx1dI6dWzS3s_OvlSAl9NdIow0rcJrQb1ffWMoEu6FZ1SsZ4L5Uk5dZXyhUxKKEIlSc1R_kgL6jUQJ-N0r6dZesYxPtLTbwSPTSbZvi2YbhBDNmKNY1TsGIHVOY2UOUlGp2nCFrIjUsjj9ai7dPb1JD99LAcVjc1hNChanN2WmxCMkQhgL49tMSqE8eWHKca4emRR6HziE8xCa1UNc9ix9dfzExyZjkCeU2EpYOopTDftupfb44UfIaePAy2mln67TN6ipT51g8mJk__tr17LuVXhpOhhWVhbML2c_w1yqBVM6hYdqOf-niPqP23LZMFgEAnymeb8ZYf8DiB2RDD7_0eSYLWtsAXnDBhCDrlVf6oX9Y6p29xrymBBO4MHyiPUuNLo1tGcoCjmpfpNEdZ6eNq3h7IN1LL_MExEnFF-zhu76xeDUXhzCpNvwKeuVEOaW6GIUgJaI09apgTwSeLl5oviUb-zNuLmPJDZqFrylBlYNOFktfmEYBxSTz_G6DdtvAgu86O_feNP6sMi8f5pHSv2DW1kQPyXjEsPVKn2kOWfjq3rPKAYgHoLls_yPoyCHZ-EKCRNmwyQgrwJ_IEPtb7DoQpluNA79ASLyQRR8UiyYTO_KTGBMFyGe_hn5dqUsLHgKQmtNbOTVE-YemikBRCH3H042hOrBQ5Vr_BTOXVo1mMgqQx1tJezvj_ZNKASaVzI2YQr0WFtx92HYN758dWbkEe5pQQB0aB58BiJLvgIdyCxN2W-plfwYrty7qiAcjVpc97olU51cziK_YWgSFPRuuMqrdCoBXaZMPVUScNZjpZXjMSoYbWnhwCgVn5CUdR8pIcjsJkDnO-_sDQurYRUm3vj-XFYMYVP9yzGI3wFvx0YWdtrtfKCjJ7OUOMRIQjT1vyX4B9Cj_7UYy6ldn5xxExTgzEp2cl_NCuAaDYkCZEReQ8QRMwURT6b0AAAUAVV5EfIxjX4smZklx74aFSXD6txbV8CRUmDAEDNCpHbhTDGUo5eL2I2i1kFfASCBFcLMhqZZLlbFecDzcawqy1KJ0066fltRZnSUf8q4uvylvNPuao3fMTylJRqdQv4E5cXCO_qDiVAosUSbwS98jEWFMw5D3tU2VqB1w_vcoOidq-vvXM23kRENehxIwMoDvatjCXylEw6cI4jQQfh5GOsZ4kJjf8NJGZI0L5xetjOxRsThweKKyNgrUsPZEGkHXqZ2XvjA4e3YsrsqTXpBgTkIhxR-AVsuwLca5I964BKu4MCImNWVPv1nSy77c0nlokQRL8sb2x3UN4Znqew4HQca1C-H1QOkvddH_F-KDwQ7ROejkojSmn2ztNg9zvLt_V6wQ5P0rBda_ioE96NF9zdSebCPj3o1eMfpdhqNT76RRIJ0EKEVS2eqPZmvlVw3NOfagepg-GET6yCEw1J5sxNBazccKkHmd3HtOYy-_nPTpIrbiNcJURBKo4d_0QjSL6oFRNmZSGzjH6qCBv8a_yZ79EA9R21ydG6wExsbexgmXK_MSadLBVo7ZnYqHJ_feoQy--p9nnQOT16FDju2E5lPZMcWGCu9UM3WsWBut_uV1KXa8u_FR3dMC3duqNj7EmfolZCx1gVT5-Wqfjb0yJ_LpZroztP6h53BOUTwDHP8ms0LinKhxKK6QkJW2TXu5wAu-CReZc7Wf6ZFJZudpO1JjKgYlZBkemnr6vohz1h3idR50m4dg9QI7JfhzKuqFSN1JA5T8MVm3q2e0BXX_Nn3-1HM2Q0gBUeevJ5uqedgmeeNiMEsB559kXSAUTFw7EkzvazMTaREdl0ZidoGtFBRKx3langW-qX-sVLi4iGqtjIeCFFB6g3_OuCf5E9QQ2fafyQigIMmjVR1XqajmlXxa4pgDYy4vyS6GAYL0yC4lfSV_yzzGPV5-0HKt6Fqc017GZedyTpBySLXF3zcRaf-SMrz2u1boTKNe_3eJbolcjn0ojT4mP-Q8IXUH0C6Q1JSaWHd6wqmYEeI2S2LFHPns96Q4m1myI4YOeaZ6n6zxKQh425Jwqe4V54rQE6pKyscOTTBCJEdlTOwa0WR6JR59TlwVK_fFS_oUA2asXzC5EPM9TbtlC4nKSbqEzzinl7CAnOJGVS-xF_Y1a265Z7ytPGvg5RkSG-ky363CdGkV2_9AXEChIDvmsGdYUfn5CsqOVhcF_jXtT3t23on0jxz-62k0UzikvhFx3qNS2vBeMFKOyqK1FvYJpc9Pszf16L3-xS3FOl9DYmzM5egzfXn2sS97qL1ryEkpHSeocfC6pCQwbTcD5i3IOvkhE4qisVH2S-5_4L937FTK64siRBwgznx2YZFmL272NgGdIV082iI1-D-S0fyGpXVIuw__r8SQhqT0YVKpzq8bK_ucTS4T-DcOzAA&cid=CAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgB&dv3_ver=m202307240101&rfl=https%3A%2F%2Fifeg.info%2F&ds=l&xdt=1&iif=1&cor=1758702543007266600&adk=2935317967&idt=135&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:41:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 324065
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 25 Aug 2024 03:41:15 GMT

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame A01F
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1135760/69474524/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4Ja...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKU...

72 KB
25 KB

147ms
72ms

Script
text/javascript

64.233.184.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKUrkyJxRInOc9WbWOrap7w264TV03WWmDNhj49SM17PYhg42In21qHV5NjUTIN2VCGvwg5jKneIJB2FwpvA5KYWxlNNbHFKmKDbMSuRUAoCZ_4LP6MRihQrl31jXrBhQkTE-KIEbpdl1Qk8uWLuVQWwzDQcyUcbsMmYjbmJkQX1O7Q53sVtzOdbTXnsDjHmS84KQlF38P4nDiIWbBeh4POJOvUvpVhOUxY4Wkb9P-4JDtmA9PCm1hdqSo4WJjSW3gwzf9pDnIFu84aA26I9i5XsDwvpTY3WbgEHXjv0MPOPYcgm-nsCwUkSk7gUZ1T8MR2ZNJQR_S9lwUcBo0QUEOADgKqdmxwocApWfanChDMUJdyCaIPWEVg6tuHgCkgoQ8yvOqziCG__FLrjz9c823MMNKB0V-xpSGq3m3Emp3-O86wSCYh34kFeiTixbQq6oKt7lEzvyZs2RYLAT8ko6eO6EuXPVdNpBGVNEqBvbt2D5zH_Gsbv5KMC5nOC2CaBJKmCuUcpB8yuo1Ut9kVCEBI_9kTs09H0cLh2FdgRDxgtusyFGEKuzkDLQw-3uHzQCecJhsEfGvZyOPyDwUbD4jCUf2XPArL1EjxgWIYd6uV6Rw9MUdWGj7Hswb1ocUqWae5fQ-_1ZF2cEhVOO_MdnQFewSeEdpxr1FVkZ2gwZxWUpICYROT5NK3WN7j54u19S2D9JdZNcSOy-v-mLjeKSlIPwThWo9uz9j2V1nWWjt4FnqE5_zaRn_qL46-i0ESYWoXrRubLo_Qpt3VCDH8F1v2S4HfXoLMGXuXzN8wh7v_ZnNQZhElVRfyvZMF84x31NSjtLGVCMazTyuVVXnta4F2CyOCQXsx0mAlJZ0Xxxd9qucPrYmpFyPxQUl5zzB5srk_pO-PQVEGKBg12ZeafIqiHsGXEIgbiY_9ZXFDjF-kqLh13Sq1RIGav32QS7Ut0heuhw3VJ6q9-ox_BnB8PE1TdTXPt2PH5Y1Uf_O307OgWvCCUZUkk2rPK7qj0PvnJclGXO7mxe_scL0qgQdz3rh7NSkjdqMiVpApep9Y6hLJSeMQPZul5NIkR_j59yQ-edyvugKoEiuDWFUTHvGSDigwzGT30BOLPH9RRU1CGa_W_MaUUCparalUAoQYneMNuMUju3QxL03ODNWD-7LwP1DU7AYzhVPAzYJc8xOKmngKiixzlsE-mY-xk7rF86AxBYasY-bxkL8oa4GzGKRLM--Kenys66o-zZfDGnse5TtT0kCbaiUZRSZ0rrHzolyzXvVDC0oOoXslLREXvo9vS3Rm8FaqMxOWGQQAk9JBbTd2MA5xf9DxyxJAh5jO8Dk6JfmvbfzHui1CXAa2pqJFF5xwX3rgqV0-muEHYc_8fUiqldX-_zAvJ-QoViLx3ATxFzqLDaErCllSJxpsEilXp5COspMAv3I8U5YyJ8Ewvo98dL0CaaMDq_dH_zdVixyrT8Gq8-f9Kj5VqhYODwlTXhesPl08Qk-QcHoFYjU_Gl7J-doZAZH_IffpInCX-MsMhnn5RVi9V8-y8f08CZrYliyH0q39okAkYkFMlRjeYCDHVQnVTd5CoLy3IR7K7HRAf9ShMjQGc5gqanM_UFYbTqEzI-UoFOhM9gqajvQbl3Cs-sWwticMmd-C9TrEnPrim8iOWsPuBXCV7JgY5wCS_C7cJYlOHZxZ2ITFnCVkoHp6gGarQcaIsmJVAlrSvz3My5RSFpdcxkWE2muHDAHD5L00QyDy90zHtWrgYWYMmlZ4rBNWaLx2Ivu2mZeDG6FtvDoPAyX53FjJvq4vUsIPGlAcu3PQGfgWcMwrd8zATI6WXlkUPoJ-6srDx5BgzmewruGtvF0z5Rzgqc16ylZFw0FYvn-h3WikYVjMlkINqFRCAuohODXBwYmnLID3sikZrY_U0GqcPBv8-BHw8S1-gx9UnJ48erg6-RYRFVjAy0VBydLj1xqGYprDrLfUP-brhCHU4qpFi-C3gxFR_bxtctSBQbmPGwhhV1FKw8DNRmTzfiY1tCUn4MmovDPCGusLcoU0_C4c6E9Zgrg9oBbMRd4XmBFbKgdZqD0TJ7MEw4BINfALR8Z8XGE-0py3sw0fpDoPDZ_ADkx1_7gqL4QXF2TGj_iH7QM9p9HH09gLrMlpnW5PduVGX0t992dEM8rc_uaTsDapbh4KxbZEMAzVH2-nbxvz1ovEo6vVPf31xJVENs1P3gPu349M6UgQWjXjUGq9DXH_q6f4VOk3bDHO58wumGOW2Licw-MPNgyhmYrgWAgzcs0rng8c0o84mr1L1_Z3i-VeQrALLBl-rJamRfvErZ4id4GavVpKVWcBCVPQ0UkmZLYA0QuZYxTplHD9M1L3MbKG6BWgW5S249HteTLNzVu18MK9T4jQbSpF2g2KAyBBwx-8SBL1gXua1ZFrVhvKijZm4by4i4tNwBYY7hBlZLX0x_kW9V2BoHcKmOAjrmYU-hUstKkoU1UfQ9lNq_tYSWH6UWviZApwhGmZphaNTKjbqbOCmA5RH2MgPKhao87B3jFlpZH3k_IzUJWKl4rzuqP_w-DnHdIO0Cc_yFYB6MbSxjOkGvzE8AW8z1ze1YovIZ7nhcXRTXfgXKLsVpAe-PeAWW8xnKlZDYrVparqQ1W0nNiSGD_D_l-8fz77awSP2T6bS756qzzxLto6tSlXGWsSHNKDRfn1vYFx3hK5O0w_KoJH1XierresQifoVXqLvvfCrPUoNqVSuyty4Wk7C29Bmt6kVJLeNZxMia0g9a4MHV9BqyNedervZsZim0z7iv6lYaWqKEtf3oD4UVypVmH0orF7Bf8HXKA4_HvuEQ7jtNh75NOZ28w2c0B1GZd2R8pqIs614SUVO4d2-ig0b_toxbAOzqmTKEwPqw7p4FuATvqcPiMs5gtCxpsM0MhTaXzyzoHPfRkfndB_lbXW9HOzvBn2XXi3UjjzP5oTjt0f0zWa_FQhUKBBGiJqmSlLrDHTkpl4DEOuDLVxLpQL7rJ62A7ZWJbmm50s-jN96FcullwRm7T0SvjSpuu60HK5siJkTY8Z1Z-VZgN2UAdCbzXk3lrl7oFYhbjgR0WazRMOl6RKx-ILy2lnjxrGDRaZPnrAQW9ujxKOk-dAfAwjfLtROIt4OoPm8bFq1jwDNaS3-Ee6Ip0RIrGN3wL2pLFA59bNF1bDbwbDDPLaSs5aez5qRdreO8e2xIMmMFmyk_S_d24L8E3EI2MzxOY-OugOrpwc36KSGMM6E29xogZ1WYA-g0zFF9DrSLDldibnHM1DLH78NclDTzKZIlZ6-IThF1JjPOXwO5QNZ6SKBasMDhSDrV5_TLT4tVJ2foBY8ktcm2GPaors6IP9-qj-OSbljSsmua8r2uZKVb1wDEMaYbiwA6mvNj5AECNcWoahQCkAJZJQudH1k7Z8PEbpHpOcR1wlSVUNx6HMjhYj9XhCVxY3s_A7qd0ca5VKlVTxyRsqM6KBYQ8wwOnVWHSo66_Gixz1yzchnFJFZBU7NTKUv8VEqTx43hcQhZInNu_t89qCP4hHpCW6AOS2l6qhl21pB_ecLXQLxXwVSRsmkWOYX5re-fIW9V4Kdri0jXYa_wbTEZFXA38ztP6BkbHF0cIvsbjXwOIXFpabUsLccJz2ePRu6xI8POtvwCU_rVCuoRhY_vVEK_u5tpLZla0HBY0QF2SvrLmA4jtcgeBy768D3Urf_VIWIhlWZeqH5UWArPRxnh2j8hB7W3R7V1zBhzdBGDjYpcaUQgEEksAaQJSVgZYkic_1wOzO7c2Ip6zkRAbIyNt2F7rCszTTKgPkNTXPQLLjrdwH9YwefH3FUpiESb4RVYXw84bGXl87d4vx8fBjiDJ36oYAWAB&bundleId=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

64.233.184.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f157.1e100.net

Software

cafe /

Resource Hash

19e6c10e35420c97531145c7868d66221109a10be4e8f916fba6c34f2519c83a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25121
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: app14.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKUrkyJxRInOc9WbWOrap7w264TV03WWmDNhj49SM17PYhg42In21qHV5NjUTIN2VCGvwg5jKneIJB2FwpvA5KYWxlNNbHFKmKDbMSuRUAoCZ_4LP6MRihQrl31jXrBhQkTE-KIEbpdl1Qk8uWLuVQWwzDQcyUcbsMmYjbmJkQX1O7Q53sVtzOdbTXnsDjHmS84KQlF38P4nDiIWbBeh4POJOvUvpVhOUxY4Wkb9P-4JDtmA9PCm1hdqSo4WJjSW3gwzf9pDnIFu84aA26I9i5XsDwvpTY3WbgEHXjv0MPOPYcgm-nsCwUkSk7gUZ1T8MR2ZNJQR_S9lwUcBo0QUEOADgKqdmxwocApWfanChDMUJdyCaIPWEVg6tuHgCkgoQ8yvOqziCG__FLrjz9c823MMNKB0V-xpSGq3m3Emp3-O86wSCYh34kFeiTixbQq6oKt7lEzvyZs2RYLAT8ko6eO6EuXPVdNpBGVNEqBvbt2D5zH_Gsbv5KMC5nOC2CaBJKmCuUcpB8yuo1Ut9kVCEBI_9kTs09H0cLh2FdgRDxgtusyFGEKuzkDLQw-3uHzQCecJhsEfGvZyOPyDwUbD4jCUf2XPArL1EjxgWIYd6uV6Rw9MUdWGj7Hswb1ocUqWae5fQ-_1ZF2cEhVOO_MdnQFewSeEdpxr1FVkZ2gwZxWUpICYROT5NK3WN7j54u19S2D9JdZNcSOy-v-mLjeKSlIPwThWo9uz9j2V1nWWjt4FnqE5_zaRn_qL46-i0ESYWoXrRubLo_Qpt3VCDH8F1v2S4HfXoLMGXuXzN8wh7v_ZnNQZhElVRfyvZMF84x31NSjtLGVCMazTyuVVXnta4F2CyOCQXsx0mAlJZ0Xxxd9qucPrYmpFyPxQUl5zzB5srk_pO-PQVEGKBg12ZeafIqiHsGXEIgbiY_9ZXFDjF-kqLh13Sq1RIGav32QS7Ut0heuhw3VJ6q9-ox_BnB8PE1TdTXPt2PH5Y1Uf_O307OgWvCCUZUkk2rPK7qj0PvnJclGXO7mxe_scL0qgQdz3rh7NSkjdqMiVpApep9Y6hLJSeMQPZul5NIkR_j59yQ-edyvugKoEiuDWFUTHvGSDigwzGT30BOLPH9RRU1CGa_W_MaUUCparalUAoQYneMNuMUju3QxL03ODNWD-7LwP1DU7AYzhVPAzYJc8xOKmngKiixzlsE-mY-xk7rF86AxBYasY-bxkL8oa4GzGKRLM--Kenys66o-zZfDGnse5TtT0kCbaiUZRSZ0rrHzolyzXvVDC0oOoXslLREXvo9vS3Rm8FaqMxOWGQQAk9JBbTd2MA5xf9DxyxJAh5jO8Dk6JfmvbfzHui1CXAa2pqJFF5xwX3rgqV0-muEHYc_8fUiqldX-_zAvJ-QoViLx3ATxFzqLDaErCllSJxpsEilXp5COspMAv3I8U5YyJ8Ewvo98dL0CaaMDq_dH_zdVixyrT8Gq8-f9Kj5VqhYODwlTXhesPl08Qk-QcHoFYjU_Gl7J-doZAZH_IffpInCX-MsMhnn5RVi9V8-y8f08CZrYliyH0q39okAkYkFMlRjeYCDHVQnVTd5CoLy3IR7K7HRAf9ShMjQGc5gqanM_UFYbTqEzI-UoFOhM9gqajvQbl3Cs-sWwticMmd-C9TrEnPrim8iOWsPuBXCV7JgY5wCS_C7cJYlOHZxZ2ITFnCVkoHp6gGarQcaIsmJVAlrSvz3My5RSFpdcxkWE2muHDAHD5L00QyDy90zHtWrgYWYMmlZ4rBNWaLx2Ivu2mZeDG6FtvDoPAyX53FjJvq4vUsIPGlAcu3PQGfgWcMwrd8zATI6WXlkUPoJ-6srDx5BgzmewruGtvF0z5Rzgqc16ylZFw0FYvn-h3WikYVjMlkINqFRCAuohODXBwYmnLID3sikZrY_U0GqcPBv8-BHw8S1-gx9UnJ48erg6-RYRFVjAy0VBydLj1xqGYprDrLfUP-brhCHU4qpFi-C3gxFR_bxtctSBQbmPGwhhV1FKw8DNRmTzfiY1tCUn4MmovDPCGusLcoU0_C4c6E9Zgrg9oBbMRd4XmBFbKgdZqD0TJ7MEw4BINfALR8Z8XGE-0py3sw0fpDoPDZ_ADkx1_7gqL4QXF2TGj_iH7QM9p9HH09gLrMlpnW5PduVGX0t992dEM8rc_uaTsDapbh4KxbZEMAzVH2-nbxvz1ovEo6vVPf31xJVENs1P3gPu349M6UgQWjXjUGq9DXH_q6f4VOk3bDHO58wumGOW2Licw-MPNgyhmYrgWAgzcs0rng8c0o84mr1L1_Z3i-VeQrALLBl-rJamRfvErZ4id4GavVpKVWcBCVPQ0UkmZLYA0QuZYxTplHD9M1L3MbKG6BWgW5S249HteTLNzVu18MK9T4jQbSpF2g2KAyBBwx-8SBL1gXua1ZFrVhvKijZm4by4i4tNwBYY7hBlZLX0x_kW9V2BoHcKmOAjrmYU-hUstKkoU1UfQ9lNq_tYSWH6UWviZApwhGmZphaNTKjbqbOCmA5RH2MgPKhao87B3jFlpZH3k_IzUJWKl4rzuqP_w-DnHdIO0Cc_yFYB6MbSxjOkGvzE8AW8z1ze1YovIZ7nhcXRTXfgXKLsVpAe-PeAWW8xnKlZDYrVparqQ1W0nNiSGD_D_l-8fz77awSP2T6bS756qzzxLto6tSlXGWsSHNKDRfn1vYFx3hK5O0w_KoJH1XierresQifoVXqLvvfCrPUoNqVSuyty4Wk7C29Bmt6kVJLeNZxMia0g9a4MHV9BqyNedervZsZim0z7iv6lYaWqKEtf3oD4UVypVmH0orF7Bf8HXKA4_HvuEQ7jtNh75NOZ28w2c0B1GZd2R8pqIs614SUVO4d2-ig0b_toxbAOzqmTKEwPqw7p4FuATvqcPiMs5gtCxpsM0MhTaXzyzoHPfRkfndB_lbXW9HOzvBn2XXi3UjjzP5oTjt0f0zWa_FQhUKBBGiJqmSlLrDHTkpl4DEOuDLVxLpQL7rJ62A7ZWJbmm50s-jN96FcullwRm7T0SvjSpuu60HK5siJkTY8Z1Z-VZgN2UAdCbzXk3lrl7oFYhbjgR0WazRMOl6RKx-ILy2lnjxrGDRaZPnrAQW9ujxKOk-dAfAwjfLtROIt4OoPm8bFq1jwDNaS3-Ee6Ip0RIrGN3wL2pLFA59bNF1bDbwbDDPLaSs5aez5qRdreO8e2xIMmMFmyk_S_d24L8E3EI2MzxOY-OugOrpwc36KSGMM6E29xogZ1WYA-g0zFF9DrSLDldibnHM1DLH78NclDTzKZIlZ6-IThF1JjPOXwO5QNZ6SKBasMDhSDrV5_TLT4tVJ2foBY8ktcm2GPaors6IP9-qj-OSbljSsmua8r2uZKVb1wDEMaYbiwA6mvNj5AECNcWoahQCkAJZJQudH1k7Z8PEbpHpOcR1wlSVUNx6HMjhYj9XhCVxY3s_A7qd0ca5VKlVTxyRsqM6KBYQ8wwOnVWHSo66_Gixz1yzchnFJFZBU7NTKUv8VEqTx43hcQhZInNu_t89qCP4hHpCW6AOS2l6qhl21pB_ecLXQLxXwVSRsmkWOYX5re-fIW9V4Kdri0jXYa_wbTEZFXA38ztP6BkbHF0cIvsbjXwOIXFpabUsLccJz2ePRu6xI8POtvwCU_rVCuoRhY_vVEK_u5tpLZla0HBY0QF2SvrLmA4jtcgeBy768D3Urf_VIWIhlWZeqH5UWArPRxnh2j8hB7W3R7V1zBhzdBGDjYpcaUQgEEksAaQJSVgZYkic_1wOzO7c2Ip6zkRAbIyNt2F7rCszTTKgPkNTXPQLLjrdwH9YwefH3FUpiESb4RVYXw84bGXl87d4vx8fBjiDJ36oYAWAB&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 9A87 91 KB
23 KB 78ms
23ms Script
application/javascript 13.225.78.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-4.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 21:19:49 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 7086153
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: KSMmi7wgNNIe1zEVYAT2IakwQmFOX4xIdKrzJe52y0UEXOxGXV_jdg==

GET
H2

200

adj Show response
bid.g.doubleclick.net/xbbe/creative/ Frame 4FF9
Redirect Chain

https://fw.adsafeprotected.com/rfw/bgd/1135760/69474492/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI...
https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj...

71 KB
25 KB

136ms
62ms

Script
text/javascript

64.233.184.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj8_jiWHMnCa-znWhr9rcIcOgYzDlEUSobs-CtjDMJmKswkGgInb0BJiIG3r3gKcA3Pj-vlr3f8SXcUMxr1w3-DAWEBLm5aZGqsQSqRUAoCZ_4O3tPfyXpxdBjXSvx4sjZIKFjuwyiJWdyxo7_HHEklXBW8jsimoL6he5v60DDzSHP1oNnAvuW19fIGiKA9RZxe6-ZGDJFgxaxpjwZFPjMSGVeynKCaiH6wQ_W2lCJlSs-sebv3ZXJl-WlM8uaqSDD_N62JAfO0SGetg0LBim9MlPAOuH1PziznzGsEFSNPo-dXIfY33wEWzX0qX2x5s29071rnX3miPutmGIUDjgJwtnD-hZc14S6o5bpJWP_XFXHMzfBqAKk0mbjZPCru4ASoq4DZe2SFt1JZVWtqSpPN5STq97QBfT1Rrd591Y0Yx6uVM4V5iGaZ-7wnBb9WjUtVtDx6gBnUuI-tXLe3EWCfza_29yrr8X5SvsrH9NR3NuA2wmW9qXeOJXeg2cepQTM8WKewbw87QKemWk2GJUFwY6fb3CblABdC7tiEFu_WzuI7DVKI_k86lh2n-qKtf1yVkKGoBuMOLdVwJ7MbaGtf_aqz0qAYIER022PDoFr9VFtDPf9Bqy7TVJ1OL2Kj9doSSUA014pjecuH-21iTB6G32vHHRBITuN-QeZrkhF9joZTc4tuVl2LGs_zDJm-1pgmTgc-s9YpeRxgIfDQyuYAaEicZYZTAvlXzQHbpKBUqs9Z-CKhcp25XkUQR35CTxxpct2-TMH8f-UOsFAfX8Sy63BI9KxqY6HEPJ_6oJGRGoYGPQOemZkYrwFsAxJxM5iSHXyvzvT9HFX9mBfL9-Pv6GYHE0rz7Hrg47C7BL5GJ1hL5EZr9WPpkHZuinXkWAKkM9sOkvm1NGM41Za5Q3uovWxdUXjz4eIJuD4RGwavES9YRNwTExQvI545sP6qdOkXRXyeezwwQPmexVZSmj9s0WOXmBNB5UcVqspTJh9e3WcTkrAuC3piAHftsqLrJZPHatrBBozQBHtyt306791A9mzlYImeZycOkTJIQVfbHmo6EyeOsiT5TGMo19JQNC5PW1ajoYj_X2BdSn6vOkpqOqCmEYPm5etHPkj1_JyNENNTv2zXzDDVwSN0VIJeUiwdMChTT34dnRYRlzBlX3A_Hh8uTFzgpxb5bu8Tx_zCNuPJ0z5jxizCOSD1XZADNhk7izLoLSXAaLmz2s6zToWEK34svG056oTmxX2KZh5ByiqMF0mUryDXuWCvUqtZAk8ojhCVcYmuFKwbKhCd9zkuDlOrrv45f51EeCWsLXkrS2Z9HthlGVZQ6rNYIOXNCeffG2REgAhdsr1Zm2LmFeD4jFAO1wFHcnXY69boW0jJLyfs9Tkw9Y0pHPiXF7kCvlSVRHjN-9S7pV55xfTjY6AzppDqZqr6iWAnPZkuxd--be-C-q2mviQ8Fm9x4bSeklDYWrsgAnwc0xRtOkHWjPyrsohxO-TW-8tEKTXXA2ga1yFwM7oV2azgTB8mafux-DWiVrAl9nkcfv9g2uKDuoYGlQhCPRJ1R0WPSuP5CrhcFWDcjTQctVxkW8Y1vMikR9U6IfLYtr19Cr_xeEsLKMlaGX2H5y2K_nVMsSoVM1JqetUv6SqdSmcp7cA1B7zBDI-TFRDnMQsaD3uO2LUVcj5vzJaPKMVvJ0AsatcNBtYxbj4YAjasAezD26ipwz5YP5Gf8nMJL0A4Jgk5aSfXwvC71tZuAuX4tQCzcB2rX66_5DGfl7aOFAAJs3Q4uRyTND-NWxqKJqxTJfkXC9k6VGtPa2ONLihKpGTZrcSxuRfgWeVJYfdBj-mxfQn31ho_ouA2QElWJ_vYROciG9HKavnZQ-Dr7-w5t_JgcIz8R0LgMZOiY-pW5NBAjbJjxQt4yZga6LChPm0Jmz87kOlOlmKXWJDolQGeYqkPuxIH8koqprpQ0AJJp5zqa0iTw6VD_zq3XKNn34IuN_f2_uut_TnXKSrPGqS0tueBx4oo096D0gzwxh7wfQLnCd71RDxYecSywdmZ-v_iFUgU0WBXrI46MzyaXqgDD8XgQRz0Qel95ZCX9Uiy7LjehuztjZGPWI9tYmJ6Erwbgv8bN1Kqz-6j8NUkrafqjzt1mdmB9qjP6RR9CI1LetkoaLaysksws-1Xknpi6aaTaCdYE-LePFRyBf8zJFbxvk8kvuReqf5rkEU08VE0o9OWuV09SJFtc7LupFtTiiFv2-1syTMs2MrHa1Qw-nLVOHG9ayFCBNdD5FmADurXmstXEXqCCyyoVsUGbR4Khdd1RXE4MOxNXEiuenJAt_DT9DWB201rfDcy9V-lSmoCxsY5kdrYTSBDsEmPlQo1kSpe-pq4PyazEAlzQ5UF_teIrCS-0zlVxRC0Nq4Ai-6CiKxwxC2U3N5HASXNNIrWEtbo1HK0lRHJB1H5aCD8MgMbFdiCfC7u7V3h6SWV-Y-LAZuNWUUDMXMNJds4qFHF0q5lX8c2oSzT_lmIiItwQUn5RfBIxLJBIuTNJIAwD_r4zW4ki9575f4APQFEEjCSg8DtP1tkzf6WWymP53Epa9DTMutm2bH9LfGYXz-uLMpiHJZMCLsSY5JiBPay7QbsQSyJCTpNZAFHDrOIBWVPF7OGm4kmsCEbhWs5_VOy5ILX2s-i2NwmkyuDAmVaHuQueTwiD4LiJcu3AzI0oZHxFVdWcJoKYXHUAsulklh-GgXSLAVfOohitgwXOwFv8h-M022NglP5HoqLSJmdSYfzz711Vf1s03TyRczRby7uokCKxXWi6p-a5R6Cmu0D14b18VLBQ9gEac62ArSPwmSMsl3wfa5qYrlP039KmyOLWjJ0dtC5P66Mr7FzvyZOGRF6B0STJ2QJC34c9LfCgTYkzoMnbPLZ_0LAS4UNpVNGqc3oiP-C9kbup33WJuKJ8Psqw7u8qFUv6TM38CenSqmCn8sI8wUEQanDb10a321AyV01g_RUWXGfagmHW37laV7xdRBpC7hF001Mwlj7oO7K9l7l64Ye6Ck4AcQpl2Zs1CphDtuUNrWA8ZUwhYuZd5KwYnKZCCck9r9x3Yzb4K3vC_GMA1IegC2g6XDnuSb9pBBCkoDfw21vxcYZnKoLKsUXAdshGuZraRiaWz1kK7EKLPii1r7HEevERgSWoFgaF95-RvWP4H5WzMKjYnrDsKP4LYcMgaxJzvl111_DuqEdePBBAmtxn_ZfmPZkmRJuN2tHTtUl7ZyNBtv8P6xNtyXnJFytbfEx2Qt7HHUlyaHm_3RedVkEHyPlZ8DAtwZ47dVQB7zk2CRaCf98CQfO_rkPCEl5WcYxmLGkCxe7zgYcsE25f9c-syrTneAjL0lB3HHBiX2zpnok3DXb1wDFD3Y3FbBPMXBWGOE7yLCEr5sxTxHM62c7ItfuMFPk-qfytkCB1mQfZrtV3a-h1wsrUlD60ZMlDYdwvBu49ukzwv7CF-Frw-pZpS_HkAvAIXPteeWOtBZ7Of588q4zivhaf_GV_cl0ZRXteBBjgPQILlMMt-0WHu6RnunxQaH808hKtZc6pbljJFcvHs6eGQltGuxgLosFGH5Ugoix1Ty9Ltx1nICVvLFqVC7KfwNTfU19e-jvYNzmv52VoHd6A_fjRtdpIwba753xrxPmkynI6_vzjDKkFkrYlt4l9_7WaJoPa8er-WwamXreB-b-EM_cLH0TFa_HxbXcT-TGISTt_LYCaZHRpRCAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgBYAE&bundleId=

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1

Protocol

Server

64.233.184.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wa-in-f157.1e100.net

Software

cafe /

Resource Hash

6a743412cfd658ecb1e6ce0420f0863d74859f5a8c4ab49f1183865f4ae60308

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25072
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: app01.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://bid.g.doubleclick.net/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj8_jiWHMnCa-znWhr9rcIcOgYzDlEUSobs-CtjDMJmKswkGgInb0BJiIG3r3gKcA3Pj-vlr3f8SXcUMxr1w3-DAWEBLm5aZGqsQSqRUAoCZ_4O3tPfyXpxdBjXSvx4sjZIKFjuwyiJWdyxo7_HHEklXBW8jsimoL6he5v60DDzSHP1oNnAvuW19fIGiKA9RZxe6-ZGDJFgxaxpjwZFPjMSGVeynKCaiH6wQ_W2lCJlSs-sebv3ZXJl-WlM8uaqSDD_N62JAfO0SGetg0LBim9MlPAOuH1PziznzGsEFSNPo-dXIfY33wEWzX0qX2x5s29071rnX3miPutmGIUDjgJwtnD-hZc14S6o5bpJWP_XFXHMzfBqAKk0mbjZPCru4ASoq4DZe2SFt1JZVWtqSpPN5STq97QBfT1Rrd591Y0Yx6uVM4V5iGaZ-7wnBb9WjUtVtDx6gBnUuI-tXLe3EWCfza_29yrr8X5SvsrH9NR3NuA2wmW9qXeOJXeg2cepQTM8WKewbw87QKemWk2GJUFwY6fb3CblABdC7tiEFu_WzuI7DVKI_k86lh2n-qKtf1yVkKGoBuMOLdVwJ7MbaGtf_aqz0qAYIER022PDoFr9VFtDPf9Bqy7TVJ1OL2Kj9doSSUA014pjecuH-21iTB6G32vHHRBITuN-QeZrkhF9joZTc4tuVl2LGs_zDJm-1pgmTgc-s9YpeRxgIfDQyuYAaEicZYZTAvlXzQHbpKBUqs9Z-CKhcp25XkUQR35CTxxpct2-TMH8f-UOsFAfX8Sy63BI9KxqY6HEPJ_6oJGRGoYGPQOemZkYrwFsAxJxM5iSHXyvzvT9HFX9mBfL9-Pv6GYHE0rz7Hrg47C7BL5GJ1hL5EZr9WPpkHZuinXkWAKkM9sOkvm1NGM41Za5Q3uovWxdUXjz4eIJuD4RGwavES9YRNwTExQvI545sP6qdOkXRXyeezwwQPmexVZSmj9s0WOXmBNB5UcVqspTJh9e3WcTkrAuC3piAHftsqLrJZPHatrBBozQBHtyt306791A9mzlYImeZycOkTJIQVfbHmo6EyeOsiT5TGMo19JQNC5PW1ajoYj_X2BdSn6vOkpqOqCmEYPm5etHPkj1_JyNENNTv2zXzDDVwSN0VIJeUiwdMChTT34dnRYRlzBlX3A_Hh8uTFzgpxb5bu8Tx_zCNuPJ0z5jxizCOSD1XZADNhk7izLoLSXAaLmz2s6zToWEK34svG056oTmxX2KZh5ByiqMF0mUryDXuWCvUqtZAk8ojhCVcYmuFKwbKhCd9zkuDlOrrv45f51EeCWsLXkrS2Z9HthlGVZQ6rNYIOXNCeffG2REgAhdsr1Zm2LmFeD4jFAO1wFHcnXY69boW0jJLyfs9Tkw9Y0pHPiXF7kCvlSVRHjN-9S7pV55xfTjY6AzppDqZqr6iWAnPZkuxd--be-C-q2mviQ8Fm9x4bSeklDYWrsgAnwc0xRtOkHWjPyrsohxO-TW-8tEKTXXA2ga1yFwM7oV2azgTB8mafux-DWiVrAl9nkcfv9g2uKDuoYGlQhCPRJ1R0WPSuP5CrhcFWDcjTQctVxkW8Y1vMikR9U6IfLYtr19Cr_xeEsLKMlaGX2H5y2K_nVMsSoVM1JqetUv6SqdSmcp7cA1B7zBDI-TFRDnMQsaD3uO2LUVcj5vzJaPKMVvJ0AsatcNBtYxbj4YAjasAezD26ipwz5YP5Gf8nMJL0A4Jgk5aSfXwvC71tZuAuX4tQCzcB2rX66_5DGfl7aOFAAJs3Q4uRyTND-NWxqKJqxTJfkXC9k6VGtPa2ONLihKpGTZrcSxuRfgWeVJYfdBj-mxfQn31ho_ouA2QElWJ_vYROciG9HKavnZQ-Dr7-w5t_JgcIz8R0LgMZOiY-pW5NBAjbJjxQt4yZga6LChPm0Jmz87kOlOlmKXWJDolQGeYqkPuxIH8koqprpQ0AJJp5zqa0iTw6VD_zq3XKNn34IuN_f2_uut_TnXKSrPGqS0tueBx4oo096D0gzwxh7wfQLnCd71RDxYecSywdmZ-v_iFUgU0WBXrI46MzyaXqgDD8XgQRz0Qel95ZCX9Uiy7LjehuztjZGPWI9tYmJ6Erwbgv8bN1Kqz-6j8NUkrafqjzt1mdmB9qjP6RR9CI1LetkoaLaysksws-1Xknpi6aaTaCdYE-LePFRyBf8zJFbxvk8kvuReqf5rkEU08VE0o9OWuV09SJFtc7LupFtTiiFv2-1syTMs2MrHa1Qw-nLVOHG9ayFCBNdD5FmADurXmstXEXqCCyyoVsUGbR4Khdd1RXE4MOxNXEiuenJAt_DT9DWB201rfDcy9V-lSmoCxsY5kdrYTSBDsEmPlQo1kSpe-pq4PyazEAlzQ5UF_teIrCS-0zlVxRC0Nq4Ai-6CiKxwxC2U3N5HASXNNIrWEtbo1HK0lRHJB1H5aCD8MgMbFdiCfC7u7V3h6SWV-Y-LAZuNWUUDMXMNJds4qFHF0q5lX8c2oSzT_lmIiItwQUn5RfBIxLJBIuTNJIAwD_r4zW4ki9575f4APQFEEjCSg8DtP1tkzf6WWymP53Epa9DTMutm2bH9LfGYXz-uLMpiHJZMCLsSY5JiBPay7QbsQSyJCTpNZAFHDrOIBWVPF7OGm4kmsCEbhWs5_VOy5ILX2s-i2NwmkyuDAmVaHuQueTwiD4LiJcu3AzI0oZHxFVdWcJoKYXHUAsulklh-GgXSLAVfOohitgwXOwFv8h-M022NglP5HoqLSJmdSYfzz711Vf1s03TyRczRby7uokCKxXWi6p-a5R6Cmu0D14b18VLBQ9gEac62ArSPwmSMsl3wfa5qYrlP039KmyOLWjJ0dtC5P66Mr7FzvyZOGRF6B0STJ2QJC34c9LfCgTYkzoMnbPLZ_0LAS4UNpVNGqc3oiP-C9kbup33WJuKJ8Psqw7u8qFUv6TM38CenSqmCn8sI8wUEQanDb10a321AyV01g_RUWXGfagmHW37laV7xdRBpC7hF001Mwlj7oO7K9l7l64Ye6Ck4AcQpl2Zs1CphDtuUNrWA8ZUwhYuZd5KwYnKZCCck9r9x3Yzb4K3vC_GMA1IegC2g6XDnuSb9pBBCkoDfw21vxcYZnKoLKsUXAdshGuZraRiaWz1kK7EKLPii1r7HEevERgSWoFgaF95-RvWP4H5WzMKjYnrDsKP4LYcMgaxJzvl111_DuqEdePBBAmtxn_ZfmPZkmRJuN2tHTtUl7ZyNBtv8P6xNtyXnJFytbfEx2Qt7HHUlyaHm_3RedVkEHyPlZ8DAtwZ47dVQB7zk2CRaCf98CQfO_rkPCEl5WcYxmLGkCxe7zgYcsE25f9c-syrTneAjL0lB3HHBiX2zpnok3DXb1wDFD3Y3FbBPMXBWGOE7yLCEr5sxTxHM62c7ItfuMFPk-qfytkCB1mQfZrtV3a-h1wsrUlD60ZMlDYdwvBu49ukzwv7CF-Frw-pZpS_HkAvAIXPteeWOtBZ7Of588q4zivhaf_GV_cl0ZRXteBBjgPQILlMMt-0WHu6RnunxQaH808hKtZc6pbljJFcvHs6eGQltGuxgLosFGH5Ugoix1Ty9Ltx1nICVvLFqVC7KfwNTfU19e-jvYNzmv52VoHd6A_fjRtdpIwba753xrxPmkynI6_vzjDKkFkrYlt4l9_7WaJoPa8er-WwamXreB-b-EM_cLH0TFa_HxbXcT-TGISTt_LYCaZHRpRCAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgBYAE&bundleId=
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 5CAA 91 KB
23 KB 44ms
39ms Script
application/javascript 13.225.78.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.78.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-78-4.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Thu, 08 Jun 2023 21:19:49 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edfd22ec6695cdc9d7ac634220af1314.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C2
age: 7086153
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: VPi06UgO97KawHkanXKnUy2ntEcox2DBPADcf9arfQkoK2ujMB8Nww==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BB03 22 KB
8 KB 38ms
37ms Document
text/html 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 227436
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
215 B 357ms
115ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7qY,pingTime:-3,time:114,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:115,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B107~0%5D,as:%5B107~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
216 B 353ms
114ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7r0,pingTime:-6,time:116,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:116,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B108~0%5D,as:%5B108~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,rmeas:1,rend:0,renddet:IMG.us,siq:25%7D&tpiLookup=ao:ifeg.info*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 336ms
116ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR7rj,pingTime:-3,time:79,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:22%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:80,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B73~0%5D,as:%5B73~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b1.1135760-69474524%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,rmeas:1,rend:0,renddet:IMG.us,siq:23%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt09.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 440ms
222ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR7rl,pingTime:-6,time:81,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:81,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B74~0%5D,as:%5B74~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b1.1135760-69474524%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,rmeas:1,rend:0,renddet:IMG.us,siq:23%7D&tpiLookup=ao:ifeg.info*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 63e0a2a793d720ddab32c7ad1c79b976.js Show response
www.gstatic.com/mysidia/ Frame D98F 9 KB
4 KB 23ms
21ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/63e0a2a793d720ddab32c7ad1c79b976.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=280&adk=4008274141&adf=2489288063&pi=t.aa~a.2176458453~rp.4&daaos=1693292574399~1693292574399&w=1140&fwrn=4&fwrnh=100&lmt=1693338140&rafmt=1&to=qs&pwprc=7853647499&format=1140x280&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345340466&bpp=3&bdt=2113&idt=3&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90%2C0x0&nras=2&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&psts=AOrYGsmqZIEu38c6_m-IydOxfvxbdPiLnYM0tigtgiQFvj3jdeVhk2YJdgq41IbthX4gHXLoP7p1xJXF82FelvGegVxe0BYjOo_oOiQ5KQXZrBPhwWhQ8sTN72maFrVH-Q%2CAOrYGsmgaH7XT2cMuAI_BtB2vvh4pMfXuNDeHvFSMYoa_RLTNV-WwcKNKMUlCItotWzNAol8imVxAH8ZQt4lRVesuRl3xGs%2CAOrYGsnUZxQKVPprHTJKvSqGwTMZIRPtCsHEqODLRfEXOddCG-7nYf1aecrBrQSkn1z-cAGFtGRU2Vgt_N3B9YiEz4gDHw%2CAOrYGsl4brJ2F_VHw7QDNj1y4-6cTFDBkOE6d6HaO3eJXbSGNAOkpWE3dm-31A04uCQRECYOATIIBHsstad9SeRPRgy5BqCv&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=l6pvXfickw&p=https%3A//ifeg.info&dtd=16

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 03:15:26 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 325615
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3931
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 24 Nov 2023 03:15:26 GMT

GET
H3 200 6b2333ff0b6a934f314e6b5957720264.js Show response
www.gstatic.com/mysidia/ Frame D98F 19 KB
8 KB 25ms
23ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

36ef63420f2a82374d016a378bf127ba8d3c761c8dcad295188b1690a17a0108

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 02:20:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415314
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7824
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 02:20:27 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D98F 14 KB
1 KB 33ms
31ms Stylesheet
text/css 172.217.18.10
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.10 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra02s19-in-f10.1e100.net

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 29 Aug 2023 21:42:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 29 Aug 2023 20:01:31 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 29 Aug 2023 21:42:21 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame D98F 2 KB
897 B 36ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 865
x-xss-protection: 0
server: cafe
etag: 5051423035144352294
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 136beb7e84d4b05a5b5bba85738ca9f6.js Show response
www.gstatic.com/mysidia/ Frame D98F 6 KB
2 KB 24ms
22ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/136beb7e84d4b05a5b5bba85738ca9f6.js?tag=analytics_pingback_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

220049135e6c242896cea20cbd980419905e04e43cc5d1f9d23db3e00e25c6f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 06:19:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 55377
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2330
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Mon, 27 Nov 2023 06:19:24 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame D98F 23 KB
9 KB 37ms
36ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9067
x-xss-protection: 0
server: cafe
etag: 16184311534176170479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame D98F 3 KB
1 KB 38ms
37ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 16:31:52 GMT
content-encoding: br
x-content-type-options: nosniff
age: 18629
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 16:31:52 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/ Frame D98F 20 KB
8 KB 39ms
37ms Script
text/javascript 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230828/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

cafe /

Resource Hash

b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:56:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27974
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8273
x-xss-protection: 0
server: cafe
etag: 16365778639179992903
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:56:07 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame D98F 0
0 28ms
27ms Image
text/html 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRq0O3-rZmd6Xq4yIGS6VVRbjlAeUTfOjmDimysPVjO1d-Ao3TT27aq2CuvwYNZ34WKJO0H3B52gfcyKGN_iZ3BydUZfg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=280&adk=4008274141&adf=2489288063&pi=t.aa~a.2176458453~rp.4&daaos=1693292574399~1693292574399&w=1140&fwrn=4&fwrnh=100&lmt=1693338140&rafmt=1&to=qs&pwprc=7853647499&format=1140x280&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345340466&bpp=3&bdt=2113&idt=3&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90%2C0x0&nras=2&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&psts=AOrYGsmqZIEu38c6_m-IydOxfvxbdPiLnYM0tigtgiQFvj3jdeVhk2YJdgq41IbthX4gHXLoP7p1xJXF82FelvGegVxe0BYjOo_oOiQ5KQXZrBPhwWhQ8sTN72maFrVH-Q%2CAOrYGsmgaH7XT2cMuAI_BtB2vvh4pMfXuNDeHvFSMYoa_RLTNV-WwcKNKMUlCItotWzNAol8imVxAH8ZQt4lRVesuRl3xGs%2CAOrYGsnUZxQKVPprHTJKvSqGwTMZIRPtCsHEqODLRfEXOddCG-7nYf1aecrBrQSkn1z-cAGFtGRU2Vgt_N3B9YiEz4gDHw%2CAOrYGsl4brJ2F_VHw7QDNj1y4-6cTFDBkOE6d6HaO3eJXbSGNAOkpWE3dm-31A04uCQRECYOATIIBHsstad9SeRPRgy5BqCv&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=l6pvXfickw&p=https%3A//ifeg.info&dtd=16
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s50-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame D98F 181 KB
56 KB 48ms
47ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57780
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1693222425768293"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 29 Aug 2023 21:42:21 GMT

GET
H3 200 3c1ec1505caf618a1f8c049839112e9c.js Show response
www.gstatic.com/mysidia/ Frame D98F 36 KB
15 KB 21ms
20ms Script
text/javascript 172.217.16.131
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/3c1ec1505caf618a1f8c049839112e9c.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s46-in-f3.1e100.net

Software

sffe /

Resource Hash

af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 02:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 415992
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15058
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 00:31:57 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Thu, 23 Nov 2023 02:09:09 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
215 B 422ms
222ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7rE,pingTime:-2,time:156,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:288,beZ:289,mfA:292,cmA:294,inA:294,inZ:298,prA:298,prZ:306,si:312,poA:314,poZ:341,cmZ:341,mfZ:341,loA:403,loZ:406,ltA:443,ltZ:443%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:24%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:156,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B148~0%5D,as:%5B148~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1.1135760-69474492%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:IMG.us,siq:25,sinceFw:129,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt14.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 308ms
116ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR7rM,pingTime:-2,time:108,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:381,beZ:383,mfA:385,cmA:386,inA:386,inZ:391,prA:391,prZ:398,si:404,poA:405,poZ:428,cmZ:428,mfZ:428,loA:462,loZ:464,ltA:489,ltZ:489%7D%7D,sca:%7Bdfp:%7Bdf:0%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:22%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:108,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B101~0%5D,as:%5B101~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b1.1135760-69474524%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:23,sinceFw:84,readyFired:false%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 5373 22 KB
8 KB 40ms
39ms Document
text/html 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 227436
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 06:31:45 GMT
expires: Mon, 26 Aug 2024 06:31:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame BB03 37 KB
14 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

GET
H3 200 14763004658117789537
tpc.googlesyndication.com/simgad/6131904500167394782/ Frame D98F 19 KB
19 KB 37ms
36ms Image
image/jpeg 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/6131904500167394782/14763004658117789537?w=600&h=314

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.1 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra15s28-in-f1.1e100.net

Software

sffe /

Resource Hash

c87ad09b52f364f03bfca33c6f2662ef2dc1c019ccdd7da6872791f6c3228eb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Sat, 26 Aug 2023 07:35:44 GMT
x-content-type-options: nosniff
age: 309997
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19294
x-xss-protection: 0
last-modified: Thu, 25 May 2023 12:56:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 25 Aug 2024 07:35:44 GMT

GET
DATA 200
OK truncated
/ Frame D98F 206 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ Frame D98F 209 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 7F24 1 KB
643 B 22ms
22ms Document
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 43938
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 29 Aug 2023 09:30:03 GMT
etag: 48472445140208031
expires: Wed, 30 Aug 2023 09:30:03 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame D98F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7f0030ccf3ad8764c53d36b5a3f95a389c0c73240dd6cf23c767ff3e6d17ac8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5373 37 KB
14 KB 21ms
21ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame EDAA 0
12 B 36ms
35ms Image
text/plain 172.217.18.1
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?xkNAKQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.1 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra15s28-in-f1.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F24
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESECKBHATrg83voOaDeqc7tFA&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3I0bDdyV1QxUUI2dEQ1&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cver=1&google_push=AXcoOmQcf9jyPmUqvvaK4oVzy7Mm5Dh_lSQJWTbLT4uT8-I...

170 B
188 B

30ms
30ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3I0bDdyV1QxUUI2dEQ1&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cver=1&google_push=AXcoOmQcf9jyPmUqvvaK4oVzy7Mm5Dh_lSQJWTbLT4uT8-INnla1hSluzVCYTCtR7ReV-WgsmrjRwSjtTWLlLEgIpPpXzmbeRLOltdY

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 29 Aug 2023 21:42:21 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-788-g55788f4#dev-temp-decrease-retargeting-updates-batch i-0310c9e42ac8c94ba@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=U3I0bDdyV1QxUUI2dEQ1&google_gid=CAESECKBHATrg83voOaDeqc7tFA&google_cver=1&google_push=AXcoOmQcf9jyPmUqvvaK4oVzy7Mm5Dh_lSQJWTbLT4uT8-INnla1hSluzVCYTCtR7ReV-WgsmrjRwSjtTWLlLEgIpPpXzmbeRLOltdY
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F24
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=4&google_gid=CAESEItUbLve8we7JItnXbJOICY&google_cver=1&google_push=AXcoOmSPuXhUtN0twEFwK0UREnJ9xcwnGnBM_mSCgdO_WD0eVX3lcyk_C0Is8Asslfpxm2UuuIVkHOFd52XjLO8l...
https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AXcoOmSPuXhUtN0twEFwK0UREnJ9xcwnGnBM_mSCgdO_WD0eVX3lcyk_C0Is8Asslfpxm2UuuIVkHOFd52XjLO8loRo6Mwpf8XLEzio

170 B
188 B

30ms
29ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AXcoOmSPuXhUtN0twEFwK0UREnJ9xcwnGnBM_mSCgdO_WD0eVX3lcyk_C0Is8Asslfpxm2UuuIVkHOFd52XjLO8loRo6Mwpf8XLEzio

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Tue, 29 Aug 2023 21:42:21 GMT
Server: MT3 1031 59fd23a master cdg cdg-pixel-x26 config_version:"1438"
Content-Type: image/gif
Access-Control-Allow-Origin: *
location: https://cm.g.doubleclick.net/pixel?google_nid=mediamath&google_hm=&google_push=AXcoOmSPuXhUtN0twEFwK0UREnJ9xcwnGnBM_mSCgdO_WD0eVX3lcyk_C0Is8Asslfpxm2UuuIVkHOFd52XjLO8loRo6Mwpf8XLEzio
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache
Connection: keep-alive
Keep-Alive: timeout=360
Content-Length: 0
Expires: Tue, 29 Aug 2023 21:42:20 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame 7F24
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEPhN-j4mFWui_QbXwng-384&google_cver=1&google_push=AXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4u...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPhN-j4mFWui_QbXwng-384&google_cver=1&google_push=AXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX...

43 B
422 B

200ms
191ms

Image
image/gif

104.18.24.173
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPhN-j4mFWui_QbXwng-384&google_cver=1&google_push=AXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Server: 104.18.24.173 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
content-type: image/gif; charset=utf-8
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7fe7f6a11aa69122-FRA
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 318
content-type: text/html
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEPhN-j4mFWui_QbXwng-384&google_cver=1&google_push=AXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAXcoOmTmF9iC9jEEpHG9QtxfWXul6K_OuvepC_BbPRHE_XsevCbT_xJF-f6A1Ui-aF2ScOr4yaarx3aBl0R-wma6VUJsmNej1tX4ucw%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
cf-ray: 7fe7f69f79649122-FRA
alt-svc: h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 7F24 0
174 B 83ms
29ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEFDRinLR6_dTBIea3NQ_eIY&google_cver=1&google_push=AXcoOmQ8HlpizkcdFx-Mq7Bpy0IsOBTfMAS7I1kvn8FscvqzdcvFKcrPuo8n8qm3s4bD_VZFJhbBWF76GG2-ZuvAQxY-M3Zuz6u1rg
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1755920978034369&output=html&h=280&adk=4008274141&adf=2489288063&pi=t.aa~a.2176458453~rp.4&daaos=1693292574399~1693292574399&w=1140&fwrn=4&fwrnh=100&lmt=1693338140&rafmt=1&to=qs&pwprc=7853647499&format=1140x280&url=https%3A%2F%2Fifeg.info%2F2023%2F08%2F14%2Fa-discreet-exchange-conversations-behind-the-black-hatted-man%2F&fwr=0&pra=3&rpe=1&resp_fmts=3&wgl=1&fa=40&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1693345340466&bpp=3&bdt=2113&idt=3&shv=r20230828&mjsv=m202308240101&ptt=9&saldr=aa&abxe=1&cookie=ID%3D3e1357f4193fe912-228e33005fde00fc%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w&gpic=UID%3D00000c6b64e96ce6%3AT%3D1693345339%3ART%3D1693345339%3AS%3DALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg&prev_fmts=970x90%2C970x90%2C300x250%2C728x90%2C728x90%2C0x0&nras=2&correlator=4130418885789&frm=20&pv=1&ga_vid=256524315.1693345339&ga_sid=1693345339&ga_hid=1240889588&ga_fc=1&u_tz=120&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=230&ady=1661&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&oid=2&psts=AOrYGsmqZIEu38c6_m-IydOxfvxbdPiLnYM0tigtgiQFvj3jdeVhk2YJdgq41IbthX4gHXLoP7p1xJXF82FelvGegVxe0BYjOo_oOiQ5KQXZrBPhwWhQ8sTN72maFrVH-Q%2CAOrYGsmgaH7XT2cMuAI_BtB2vvh4pMfXuNDeHvFSMYoa_RLTNV-WwcKNKMUlCItotWzNAol8imVxAH8ZQt4lRVesuRl3xGs%2CAOrYGsnUZxQKVPprHTJKvSqGwTMZIRPtCsHEqODLRfEXOddCG-7nYf1aecrBrQSkn1z-cAGFtGRU2Vgt_N3B9YiEz4gDHw%2CAOrYGsl4brJ2F_VHw7QDNj1y4-6cTFDBkOE6d6HaO3eJXbSGNAOkpWE3dm-31A04uCQRECYOATIIBHsstad9SeRPRgy5BqCv&pvsid=1231807028608599&tmod=1575539969&uas=0&nvt=1&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=128&bc=31&ifi=8&uci=a!8&btvi=4&fsb=1&xpc=l6pvXfickw&p=https%3A//ifeg.info&dtd=16
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F24
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEIWZ7kWjUQ9rGVdaZ4Wegq0&google_cver=1&google_push=AXcoOmT-F8T8IeXklyirSn-cYVtlij1GFhjZHVW8rgZTs6Rrcmw11cyusxk1NazYcXKFkcUi3GYQIz8cV91pHu...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3Mjg2Mjg2MDQzNjM3MTYwNA%3D%3D&google_push=AXcoOmT-F8T8IeXklyirSn-cYVtlij1GFhjZHVW8rgZTs6Rrcmw11cyusxk1NazYcXKFkcUi3GYQIz8cV91pHueU7M...

170 B
188 B

29ms
28ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3Mjg2Mjg2MDQzNjM3MTYwNA%3D%3D&google_push=AXcoOmT-F8T8IeXklyirSn-cYVtlij1GFhjZHVW8rgZTs6Rrcmw11cyusxk1NazYcXKFkcUi3GYQIz8cV91pHueU7MkKFjlTLEN6Vzw

Requested by

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI3Mjg2Mjg2MDQzNjM3MTYwNA%3D%3D&google_push=AXcoOmT-F8T8IeXklyirSn-cYVtlij1GFhjZHVW8rgZTs6Rrcmw11cyusxk1NazYcXKFkcUi3GYQIz8cV91pHueU7MkKFjlTLEN6Vzw
Date: Tue, 29 Aug 2023 21:42:21 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 7F24
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEIRF5rOnSRLrxXwLYYbjse0&google_cver=1&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zp...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEIRF5rOnSRLrxXwLYYbjse0&google_cver=1&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zpwp55FRQ

170 B
188 B

32ms
31ms

Image
image/png

142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zpwp55FRQ

Protocol

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AXcoOmR2jk52MzY94vWutmUYgj-mGGSz4E5sW1pufyhMSqGyJDjwgattYfNL-SA9BEQucvXiBx7hHY2MiFghITIcNBMd3zpwp55FRQ
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx
dis.criteo.com/dis/ Frame 7F24 43 B
363 B 103ms
32ms Image
image/gif 178.250.7.11
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dis.criteo.com/dis/usersync.aspx?r=4&p=14&cp=google&cu=1&url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcjp%26google_hm%3D%40%40CRITEO_USERID%40%40%26google_push%3DAXcoOmS_Mn0nY7O8V3YuSdrZpA0u9bdPZxg_1k2gvAadu18AJpzaYGIFykMA5dAEduq7bb-tUcAN4Ncg30fFOoudOBrqUz4mbfbcQw&google_gid=CAESEDDts1O7uP2XIjB7n1gqT5Q&google_cver=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

178.250.7.11 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),

Reverse DNS

Software

Kestrel /

Resource Hash

4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload;

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:20 GMT
x-errorlevel: 0
strict-transport-security: max-age=31536000; preload;
server: Kestrel
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
content-type: image/gif
cache-control: no-cache
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 235759
expires: Tue, 29 Aug 2023 00:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 7F24 0
12 B 29ms
28ms Image
text/html 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Kr8bi3hc9PLG4duzoytiPokPTPrNJn2SYiedCDHXCEOpOoBZdwVVHCDquIiicpATavEbbW

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D98F 0
20 B 55ms
55ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4FF9 111 KB
39 KB 84ms
22ms Script
text/javascript 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 10:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 30 Aug 2023 10:55:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/ Frame 4FF9 11 KB
4 KB 20ms
19ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1135760/69474492/xbbe/creative/adj?p=APEucNWd0_-342YeWmfRVr1mjAOk7mnZ9CDKhEbT0zoRQq2xQqHbhgM&d=CokBAKAmf-BwyyUlMsSnR-EYwShJ4j-URz59GMBpl_4541EpEdTjuuQDv7ZyrsI2NzsV_eabeEbqiobqjY5fGDMBj8_jiWHMnCa-znWhr9rcIcOgYzDlEUSobs-CtjDMJmKswkGgInb0BJiIG3r3gKcA3Pj-vlr3f8SXcUMxr1w3-DAWEBLm5aZGqsQSqRUAoCZ_4O3tPfyXpxdBjXSvx4sjZIKFjuwyiJWdyxo7_HHEklXBW8jsimoL6he5v60DDzSHP1oNnAvuW19fIGiKA9RZxe6-ZGDJFgxaxpjwZFPjMSGVeynKCaiH6wQ_W2lCJlSs-sebv3ZXJl-WlM8uaqSDD_N62JAfO0SGetg0LBim9MlPAOuH1PziznzGsEFSNPo-dXIfY33wEWzX0qX2x5s29071rnX3miPutmGIUDjgJwtnD-hZc14S6o5bpJWP_XFXHMzfBqAKk0mbjZPCru4ASoq4DZe2SFt1JZVWtqSpPN5STq97QBfT1Rrd591Y0Yx6uVM4V5iGaZ-7wnBb9WjUtVtDx6gBnUuI-tXLe3EWCfza_29yrr8X5SvsrH9NR3NuA2wmW9qXeOJXeg2cepQTM8WKewbw87QKemWk2GJUFwY6fb3CblABdC7tiEFu_WzuI7DVKI_k86lh2n-qKtf1yVkKGoBuMOLdVwJ7MbaGtf_aqz0qAYIER022PDoFr9VFtDPf9Bqy7TVJ1OL2Kj9doSSUA014pjecuH-21iTB6G32vHHRBITuN-QeZrkhF9joZTc4tuVl2LGs_zDJm-1pgmTgc-s9YpeRxgIfDQyuYAaEicZYZTAvlXzQHbpKBUqs9Z-CKhcp25XkUQR35CTxxpct2-TMH8f-UOsFAfX8Sy63BI9KxqY6HEPJ_6oJGRGoYGPQOemZkYrwFsAxJxM5iSHXyvzvT9HFX9mBfL9-Pv6GYHE0rz7Hrg47C7BL5GJ1hL5EZr9WPpkHZuinXkWAKkM9sOkvm1NGM41Za5Q3uovWxdUXjz4eIJuD4RGwavES9YRNwTExQvI545sP6qdOkXRXyeezwwQPmexVZSmj9s0WOXmBNB5UcVqspTJh9e3WcTkrAuC3piAHftsqLrJZPHatrBBozQBHtyt306791A9mzlYImeZycOkTJIQVfbHmo6EyeOsiT5TGMo19JQNC5PW1ajoYj_X2BdSn6vOkpqOqCmEYPm5etHPkj1_JyNENNTv2zXzDDVwSN0VIJeUiwdMChTT34dnRYRlzBlX3A_Hh8uTFzgpxb5bu8Tx_zCNuPJ0z5jxizCOSD1XZADNhk7izLoLSXAaLmz2s6zToWEK34svG056oTmxX2KZh5ByiqMF0mUryDXuWCvUqtZAk8ojhCVcYmuFKwbKhCd9zkuDlOrrv45f51EeCWsLXkrS2Z9HthlGVZQ6rNYIOXNCeffG2REgAhdsr1Zm2LmFeD4jFAO1wFHcnXY69boW0jJLyfs9Tkw9Y0pHPiXF7kCvlSVRHjN-9S7pV55xfTjY6AzppDqZqr6iWAnPZkuxd--be-C-q2mviQ8Fm9x4bSeklDYWrsgAnwc0xRtOkHWjPyrsohxO-TW-8tEKTXXA2ga1yFwM7oV2azgTB8mafux-DWiVrAl9nkcfv9g2uKDuoYGlQhCPRJ1R0WPSuP5CrhcFWDcjTQctVxkW8Y1vMikR9U6IfLYtr19Cr_xeEsLKMlaGX2H5y2K_nVMsSoVM1JqetUv6SqdSmcp7cA1B7zBDI-TFRDnMQsaD3uO2LUVcj5vzJaPKMVvJ0AsatcNBtYxbj4YAjasAezD26ipwz5YP5Gf8nMJL0A4Jgk5aSfXwvC71tZuAuX4tQCzcB2rX66_5DGfl7aOFAAJs3Q4uRyTND-NWxqKJqxTJfkXC9k6VGtPa2ONLihKpGTZrcSxuRfgWeVJYfdBj-mxfQn31ho_ouA2QElWJ_vYROciG9HKavnZQ-Dr7-w5t_JgcIz8R0LgMZOiY-pW5NBAjbJjxQt4yZga6LChPm0Jmz87kOlOlmKXWJDolQGeYqkPuxIH8koqprpQ0AJJp5zqa0iTw6VD_zq3XKNn34IuN_f2_uut_TnXKSrPGqS0tueBx4oo096D0gzwxh7wfQLnCd71RDxYecSywdmZ-v_iFUgU0WBXrI46MzyaXqgDD8XgQRz0Qel95ZCX9Uiy7LjehuztjZGPWI9tYmJ6Erwbgv8bN1Kqz-6j8NUkrafqjzt1mdmB9qjP6RR9CI1LetkoaLaysksws-1Xknpi6aaTaCdYE-LePFRyBf8zJFbxvk8kvuReqf5rkEU08VE0o9OWuV09SJFtc7LupFtTiiFv2-1syTMs2MrHa1Qw-nLVOHG9ayFCBNdD5FmADurXmstXEXqCCyyoVsUGbR4Khdd1RXE4MOxNXEiuenJAt_DT9DWB201rfDcy9V-lSmoCxsY5kdrYTSBDsEmPlQo1kSpe-pq4PyazEAlzQ5UF_teIrCS-0zlVxRC0Nq4Ai-6CiKxwxC2U3N5HASXNNIrWEtbo1HK0lRHJB1H5aCD8MgMbFdiCfC7u7V3h6SWV-Y-LAZuNWUUDMXMNJds4qFHF0q5lX8c2oSzT_lmIiItwQUn5RfBIxLJBIuTNJIAwD_r4zW4ki9575f4APQFEEjCSg8DtP1tkzf6WWymP53Epa9DTMutm2bH9LfGYXz-uLMpiHJZMCLsSY5JiBPay7QbsQSyJCTpNZAFHDrOIBWVPF7OGm4kmsCEbhWs5_VOy5ILX2s-i2NwmkyuDAmVaHuQueTwiD4LiJcu3AzI0oZHxFVdWcJoKYXHUAsulklh-GgXSLAVfOohitgwXOwFv8h-M022NglP5HoqLSJmdSYfzz711Vf1s03TyRczRby7uokCKxXWi6p-a5R6Cmu0D14b18VLBQ9gEac62ArSPwmSMsl3wfa5qYrlP039KmyOLWjJ0dtC5P66Mr7FzvyZOGRF6B0STJ2QJC34c9LfCgTYkzoMnbPLZ_0LAS4UNpVNGqc3oiP-C9kbup33WJuKJ8Psqw7u8qFUv6TM38CenSqmCn8sI8wUEQanDb10a321AyV01g_RUWXGfagmHW37laV7xdRBpC7hF001Mwlj7oO7K9l7l64Ye6Ck4AcQpl2Zs1CphDtuUNrWA8ZUwhYuZd5KwYnKZCCck9r9x3Yzb4K3vC_GMA1IegC2g6XDnuSb9pBBCkoDfw21vxcYZnKoLKsUXAdshGuZraRiaWz1kK7EKLPii1r7HEevERgSWoFgaF95-RvWP4H5WzMKjYnrDsKP4LYcMgaxJzvl111_DuqEdePBBAmtxn_ZfmPZkmRJuN2tHTtUl7ZyNBtv8P6xNtyXnJFytbfEx2Qt7HHUlyaHm_3RedVkEHyPlZ8DAtwZ47dVQB7zk2CRaCf98CQfO_rkPCEl5WcYxmLGkCxe7zgYcsE25f9c-syrTneAjL0lB3HHBiX2zpnok3DXb1wDFD3Y3FbBPMXBWGOE7yLCEr5sxTxHM62c7ItfuMFPk-qfytkCB1mQfZrtV3a-h1wsrUlD60ZMlDYdwvBu49ukzwv7CF-Frw-pZpS_HkAvAIXPteeWOtBZ7Of588q4zivhaf_GV_cl0ZRXteBBjgPQILlMMt-0WHu6RnunxQaH808hKtZc6pbljJFcvHs6eGQltGuxgLosFGH5Ugoix1Ty9Ltx1nICVvLFqVC7KfwNTfU19e-jvYNzmv52VoHd6A_fjRtdpIwba753xrxPmkynI6_vzjDKkFkrYlt4l9_7WaJoPa8er-WwamXreB-b-EM_cLH0TFa_HxbXcT-TGISTt_LYCaZHRpRCAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgBYAE&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-1755920978034369&ias_chanId=1&ias_placementId=20171342326&bidurl=https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0g6Rmyg8p6OXoPQyB6kUQu7&adsafe_url=https%3A%2F%2Fifeg.info&adsafe_type=g&adsafe_url=https%3A%2F%2Fifeg.info%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271804%26client%3Dca-pub-1755920978034369%26fa%3D4%26ifi%3D10%26uci%3Da!a%26btvi%3D5%26xpc%3D1e5EmwA6Ev%26p%3Dhttps%253A%2F%2Fifeg.info&adsafe_type=be&adsafe_jsinfo=,id:efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b,c:mIR7qo,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-h7xr7,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:i,cc:NaN.NaN.0.0,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:4,mot:0,app:0,maw:0,fm:tOmstSW+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:23,oid:eeb0dd9d-46b4-11ee-afe9-0e54d760e1e1,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27863
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:57:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame 4FF9 30 KB
11 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27863
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:57:58 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame A01F 111 KB
39 KB 75ms
41ms Script
text/javascript 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 10:55:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38831
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 30 Aug 2023 10:55:10 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/ Frame A01F 11 KB
4 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/elements/html/omrhp.js

Requested by

Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rfw/bgd/1135760/69474524/xbbe/creative/adj?p=APEucNWPwIHgu0vUwHZ5J0J5iKJjvSOJO0ZQoq_xL_bXkmdoFQ2R36s&d=CokBAKAmf-D0AxiecQvrbRTBCiJOR1NIVqNvWfL_SD37kTalBY-b5MXJnbjU4JaLcr8kntthzS_TYmMX8-dO7xhKUrkyJxRInOc9WbWOrap7w264TV03WWmDNhj49SM17PYhg42In21qHV5NjUTIN2VCGvwg5jKneIJB2FwpvA5KYWxlNNbHFKmKDbMSuRUAoCZ_4LP6MRihQrl31jXrBhQkTE-KIEbpdl1Qk8uWLuVQWwzDQcyUcbsMmYjbmJkQX1O7Q53sVtzOdbTXnsDjHmS84KQlF38P4nDiIWbBeh4POJOvUvpVhOUxY4Wkb9P-4JDtmA9PCm1hdqSo4WJjSW3gwzf9pDnIFu84aA26I9i5XsDwvpTY3WbgEHXjv0MPOPYcgm-nsCwUkSk7gUZ1T8MR2ZNJQR_S9lwUcBo0QUEOADgKqdmxwocApWfanChDMUJdyCaIPWEVg6tuHgCkgoQ8yvOqziCG__FLrjz9c823MMNKB0V-xpSGq3m3Emp3-O86wSCYh34kFeiTixbQq6oKt7lEzvyZs2RYLAT8ko6eO6EuXPVdNpBGVNEqBvbt2D5zH_Gsbv5KMC5nOC2CaBJKmCuUcpB8yuo1Ut9kVCEBI_9kTs09H0cLh2FdgRDxgtusyFGEKuzkDLQw-3uHzQCecJhsEfGvZyOPyDwUbD4jCUf2XPArL1EjxgWIYd6uV6Rw9MUdWGj7Hswb1ocUqWae5fQ-_1ZF2cEhVOO_MdnQFewSeEdpxr1FVkZ2gwZxWUpICYROT5NK3WN7j54u19S2D9JdZNcSOy-v-mLjeKSlIPwThWo9uz9j2V1nWWjt4FnqE5_zaRn_qL46-i0ESYWoXrRubLo_Qpt3VCDH8F1v2S4HfXoLMGXuXzN8wh7v_ZnNQZhElVRfyvZMF84x31NSjtLGVCMazTyuVVXnta4F2CyOCQXsx0mAlJZ0Xxxd9qucPrYmpFyPxQUl5zzB5srk_pO-PQVEGKBg12ZeafIqiHsGXEIgbiY_9ZXFDjF-kqLh13Sq1RIGav32QS7Ut0heuhw3VJ6q9-ox_BnB8PE1TdTXPt2PH5Y1Uf_O307OgWvCCUZUkk2rPK7qj0PvnJclGXO7mxe_scL0qgQdz3rh7NSkjdqMiVpApep9Y6hLJSeMQPZul5NIkR_j59yQ-edyvugKoEiuDWFUTHvGSDigwzGT30BOLPH9RRU1CGa_W_MaUUCparalUAoQYneMNuMUju3QxL03ODNWD-7LwP1DU7AYzhVPAzYJc8xOKmngKiixzlsE-mY-xk7rF86AxBYasY-bxkL8oa4GzGKRLM--Kenys66o-zZfDGnse5TtT0kCbaiUZRSZ0rrHzolyzXvVDC0oOoXslLREXvo9vS3Rm8FaqMxOWGQQAk9JBbTd2MA5xf9DxyxJAh5jO8Dk6JfmvbfzHui1CXAa2pqJFF5xwX3rgqV0-muEHYc_8fUiqldX-_zAvJ-QoViLx3ATxFzqLDaErCllSJxpsEilXp5COspMAv3I8U5YyJ8Ewvo98dL0CaaMDq_dH_zdVixyrT8Gq8-f9Kj5VqhYODwlTXhesPl08Qk-QcHoFYjU_Gl7J-doZAZH_IffpInCX-MsMhnn5RVi9V8-y8f08CZrYliyH0q39okAkYkFMlRjeYCDHVQnVTd5CoLy3IR7K7HRAf9ShMjQGc5gqanM_UFYbTqEzI-UoFOhM9gqajvQbl3Cs-sWwticMmd-C9TrEnPrim8iOWsPuBXCV7JgY5wCS_C7cJYlOHZxZ2ITFnCVkoHp6gGarQcaIsmJVAlrSvz3My5RSFpdcxkWE2muHDAHD5L00QyDy90zHtWrgYWYMmlZ4rBNWaLx2Ivu2mZeDG6FtvDoPAyX53FjJvq4vUsIPGlAcu3PQGfgWcMwrd8zATI6WXlkUPoJ-6srDx5BgzmewruGtvF0z5Rzgqc16ylZFw0FYvn-h3WikYVjMlkINqFRCAuohODXBwYmnLID3sikZrY_U0GqcPBv8-BHw8S1-gx9UnJ48erg6-RYRFVjAy0VBydLj1xqGYprDrLfUP-brhCHU4qpFi-C3gxFR_bxtctSBQbmPGwhhV1FKw8DNRmTzfiY1tCUn4MmovDPCGusLcoU0_C4c6E9Zgrg9oBbMRd4XmBFbKgdZqD0TJ7MEw4BINfALR8Z8XGE-0py3sw0fpDoPDZ_ADkx1_7gqL4QXF2TGj_iH7QM9p9HH09gLrMlpnW5PduVGX0t992dEM8rc_uaTsDapbh4KxbZEMAzVH2-nbxvz1ovEo6vVPf31xJVENs1P3gPu349M6UgQWjXjUGq9DXH_q6f4VOk3bDHO58wumGOW2Licw-MPNgyhmYrgWAgzcs0rng8c0o84mr1L1_Z3i-VeQrALLBl-rJamRfvErZ4id4GavVpKVWcBCVPQ0UkmZLYA0QuZYxTplHD9M1L3MbKG6BWgW5S249HteTLNzVu18MK9T4jQbSpF2g2KAyBBwx-8SBL1gXua1ZFrVhvKijZm4by4i4tNwBYY7hBlZLX0x_kW9V2BoHcKmOAjrmYU-hUstKkoU1UfQ9lNq_tYSWH6UWviZApwhGmZphaNTKjbqbOCmA5RH2MgPKhao87B3jFlpZH3k_IzUJWKl4rzuqP_w-DnHdIO0Cc_yFYB6MbSxjOkGvzE8AW8z1ze1YovIZ7nhcXRTXfgXKLsVpAe-PeAWW8xnKlZDYrVparqQ1W0nNiSGD_D_l-8fz77awSP2T6bS756qzzxLto6tSlXGWsSHNKDRfn1vYFx3hK5O0w_KoJH1XierresQifoVXqLvvfCrPUoNqVSuyty4Wk7C29Bmt6kVJLeNZxMia0g9a4MHV9BqyNedervZsZim0z7iv6lYaWqKEtf3oD4UVypVmH0orF7Bf8HXKA4_HvuEQ7jtNh75NOZ28w2c0B1GZd2R8pqIs614SUVO4d2-ig0b_toxbAOzqmTKEwPqw7p4FuATvqcPiMs5gtCxpsM0MhTaXzyzoHPfRkfndB_lbXW9HOzvBn2XXi3UjjzP5oTjt0f0zWa_FQhUKBBGiJqmSlLrDHTkpl4DEOuDLVxLpQL7rJ62A7ZWJbmm50s-jN96FcullwRm7T0SvjSpuu60HK5siJkTY8Z1Z-VZgN2UAdCbzXk3lrl7oFYhbjgR0WazRMOl6RKx-ILy2lnjxrGDRaZPnrAQW9ujxKOk-dAfAwjfLtROIt4OoPm8bFq1jwDNaS3-Ee6Ip0RIrGN3wL2pLFA59bNF1bDbwbDDPLaSs5aez5qRdreO8e2xIMmMFmyk_S_d24L8E3EI2MzxOY-OugOrpwc36KSGMM6E29xogZ1WYA-g0zFF9DrSLDldibnHM1DLH78NclDTzKZIlZ6-IThF1JjPOXwO5QNZ6SKBasMDhSDrV5_TLT4tVJ2foBY8ktcm2GPaors6IP9-qj-OSbljSsmua8r2uZKVb1wDEMaYbiwA6mvNj5AECNcWoahQCkAJZJQudH1k7Z8PEbpHpOcR1wlSVUNx6HMjhYj9XhCVxY3s_A7qd0ca5VKlVTxyRsqM6KBYQ8wwOnVWHSo66_Gixz1yzchnFJFZBU7NTKUv8VEqTx43hcQhZInNu_t89qCP4hHpCW6AOS2l6qhl21pB_ecLXQLxXwVSRsmkWOYX5re-fIW9V4Kdri0jXYa_wbTEZFXA38ztP6BkbHF0cIvsbjXwOIXFpabUsLccJz2ePRu6xI8POtvwCU_rVCuoRhY_vVEK_u5tpLZla0HBY0QF2SvrLmA4jtcgeBy768D3Urf_VIWIhlWZeqH5UWArPRxnh2j8hB7W3R7V1zBhzdBGDjYpcaUQgEEksAaQJSVgZYkic_1wOzO7c2Ip6zkRAbIyNt2F7rCszTTKgPkNTXPQLLjrdwH9YwefH3FUpiESb4RVYXw84bGXl87d4vx8fBjiDJ36oYAWAB&bundleId=&ias_dspID=3&ias_campId=1008772806&ias_pubId=pub-1755920978034369&ias_chanId=1&ias_placementId=20171342326&bidurl=https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/&ias_dealId=&adsafe_par&ias_impId=v4~~ABAjH0hsGRw_iT9WYQ5CV-3iOnnH&adsafe_url=https%3A%2F%2Fifeg.info&adsafe_type=g&adsafe_url=https%3A%2F%2Fifeg.info%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20230828%2Fr20110914%2Fzrt_lookup.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271801%26client%3Dca-pub-1755920978034369%26fa%3D1%26ifi%3D11%26uci%3Da!b%26btvi%3D6%26xpc%3D4yhhRWfi5m%26p%3Dhttps%253A%2F%2Fifeg.info&adsafe_type=be&adsafe_jsinfo=,id:f49197b5-d337-f770-95c0-9dddc4339cb5,c:mIR7pw,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-7d74fbcfb-hbrfg,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:5,mot:0,app:0,maw:0,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,tt:rjss,et:25,oid:eeb0ddc0-46b4-11ee-8c92-26eb2574325b,v:19.8.439,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27863
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4196
x-xss-protection: 0
server: cafe
etag: 15907914729094346842
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:57:58 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/ Frame A01F 30 KB
11 KB 20ms
20ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230828/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:57:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 27863
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11511
x-xss-protection: 0
server: cafe
etag: 961974302080011826
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 12 Sep 2023 13:57:58 GMT

GET
DATA 200
OK truncated
/ Frame A01F 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29c6f764e7441ad2a24f60000fdbbef99a057ca7d4efb401b05dd1f1fd8ec171

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame D98F 33 KB
33 KB 22ms
22ms Font
font/woff2 142.250.186.35
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.35 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f3.1e100.net

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Wed, 23 Aug 2023 05:14:28 GMT
x-content-type-options: nosniff
age: 577673
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Aug 2024 05:14:28 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
215 B 113ms
113ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7xH,pingTime:-10,time:531,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE2LjAuNTg0NS4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1693345341468%7C%7Cdbd1bd09c85b6863bc8147e3ddbc33c1%7C%7Cf3b2a520b07e1265656cdb121718396d%7C%7Cb93f5e0cf14b93c6017c3845f94575f6%7C%7C8a02799cb1b7232433e0d0d5b47f239e%7C%7C56a35646eb45dbdc8121f81e26ce362a%7C%7C8e64bc1ec31079470b7e353bcf0d7dda%7C%7C74ea7bdad96ea179218b50f37ca31538%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt28.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame D98F
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C_NGOPGbuZMKVH4OlhcIPxOeLuAHwzvajcrbY1peoEbfFrI_ZDxABILilkDFglYKAgJQHoAHz1pqvKcgBCakCZxYlskZFkj6oAwHIA8sEqgSbAk_QVuIVZHZwJa8Er5TRbrVbUcbIZuPHiaJ...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222338459588484485576%22,%22debug_reporting%22:true,%22destination%22:%22https://promotion-biz.com%22,%22event_report_window...

0
0

55ms
55ms

Fetch
text/css

142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222338459588484485576%22,%22debug_reporting%22:true,%22destination%22:%22https://promotion-biz.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211104856947%22],%224%22:[%2208-29%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227905894636252139953%22}&andc=true

Protocol

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"2338459588484485576","debug_reporting":true,"destination":"https://promotion-biz.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11104856947"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"7905894636252139953"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:21 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"2338459588484485576","debug_reporting":true,"destination":"https://promotion-biz.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11104856947"],"4":["08-29"],"6":["true"]},"priority":"500","source_event_id":"7905894636252139953"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 115ms
115ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR7y7,pingTime:-10,time:501,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtMTIwfHxNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTE2LjAuNTg0NS4xMTAgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1693345341495%7C%7Cddd7a422f81a8f18c8f769bb37ec89c6%7C%7Cf3b2a520b07e1265656cdb121718396d%7C%7C2801bf6f58c42cee68bcad0f16ee42fa%7C%7Cb3dbf5cad767c48f017e899a4c70c17e%7C%7C153a48fed1640c2c42642c5a2214ca2b%7C%7C581b5496f90143c107cacb0443691432%7C%7C00f783609a01bbb7cf436009cbf3e8d3%7C%7C1663701684%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20230828/r20110914/zrt_lookup.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt18.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 55ms
54ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&wpc=ca-pub-1755920978034369&su=ifeg.info&eid=44759876%2C44759927%2C44759842%2C31077370%2C31077451&doc=complete&pg_h=5957&pg_w=1600&pg_hs=5957&c=6&aa_c=1&av_h=140&av_w=829.429&av_a=112448.571&s=261.391&all_s=10&b=374.906&all_b=374.906&d=0.118&all_d=0.165&ard=0.049&all_ard=0.083&dt=d

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js Show response
pagead2.googlesyndication.com/bg/ Frame 15BC 37 KB
14 KB 22ms
21ms Script
text/javascript 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/F8SkcvzQj7M3-2pXT2CJHOka8GJR2_XQE30kFDFsEbE.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

sffe /

Resource Hash

17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 13:25:19 GMT
content-encoding: br
x-content-type-options: nosniff
age: 29822
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14626
x-xss-protection: 0
last-modified: Tue, 22 Aug 2023 10:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 28 Aug 2024 13:25:19 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D98F 0
20 B 55ms
55ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=mys&d=Cg4IByoKd2ViX2Jhbm5lcgoHCAgqA2x0cgoKCAEqBmJhbm5lcgoKCAIqBnNlcnZlcgoVCAQqEW15c2lkaWFfYW5hbHl0aWNzCg0QECEAAAAAYOnkQDAECg0QESEAAAAAEDjzQDAECg0QEiEAAAAAAAAgQDAECg0QEyEAAAAAAAAIQDAECg0QFyEAAADNzOSLQDAECg0QFCEAAAAA0Jf4QDAECg0QFSEAAAAAAAAqQDAECg0QFiEAAAAAAAAUQDAECg0QGCEAAACZmT2PQDAECg0QMiEAAAAAmJnZPzAECg0QMyEAAAAAmJnZPzAECg0QNCEAAAAAmJnZPzAECg0QNSEAAAAAmJnZPzAECg0QNiEAAAAAmJnZPzAECg0QNyEAAAAAmJnZPzAECg0QOCEAAAAAAAD4PzAECg0QOSEAAACZmcWAQDAECg0QOiEAAAAzM-OAQDAECg0QOyEAAADNzNiLQDAECg0QPCEAAADNzNiLQDAECg0QPSEAAACZmeWLQDAECg0QPiEAAAAAAOyOQDAECg0QPyEAAAAAAOyOQDAECg0QQCEAAAAzM1uPQDAEEhpDTUtqZ196cWdvRURGWU5TUVFJZHhQTUNGdyIJdGV4dC9yeXVrKBU=

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/mysidia/6b2333ff0b6a934f314e6b5957720264.js?tag=pingback

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/ Frame 29B7 164 KB
95 KB 58ms
20ms Document
text/html 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

70ae86178e0e75c4d5014f3f41a7cb8e6b45fc8de91666b8500e822bafbdcfa1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 375799
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 97392
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Fri, 25 Aug 2023 13:19:02 GMT
expires: Sat, 24 Aug 2024 13:19:02 GMT
last-modified: Fri, 25 Aug 2023 12:20:01 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4FF9 0
0 108ms
56ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDNKs4ujmeZQgB702ys58SoXmVaP4yKKsrPo3slg8WsneeolaXPGzcduCNOY484XLL2CV4IKr6MewEiMrTLq-c9j7qx7Uj_ZKiXB0hUP9WT0TdNR8IDnwRF79Vw7KNbcs6xIvd5oZ3XMOafTVvEZyfKIPmJt7bqSw4NSfTiOyxE5Wz_a2Mh7aaTSypqki5mmBAx-WucIhi5EZU&sai=AMfl-YQh1902i4eG_9V6Qns2BSqdXuLcXpDs2Jc--Ksag6GsZhMpvEs9UA9-7h4df60hsgzFKeA9iCraw5OibizJW9fM2sE046BB9fW_ZOQQz8UhlwLy0-t7oDcJMHgUknh5mfe3up5zi-zLJSSBClIm5ucpsg&sig=Cg0ArKJSzJ6klLuFCkB9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=216&cbvp=1&cstd=212&cisv=r20230828.28734&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:21 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/ Frame 565F 161 KB
92 KB 48ms
24ms Document
text/html 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

96d12be8828c1a1d5400ef1e07dbb09aa7ef9170b6f5f9d70a3860527a1f585f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 184111
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 93884
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sun, 27 Aug 2023 18:33:50 GMT
expires: Mon, 26 Aug 2024 18:33:50 GMT
last-modified: Wed, 08 Feb 2023 07:10:35 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A01F 0
0 89ms
57ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsufN1PKc-vzZvAlAgm6LD1ZPvdYcJvk6BFZhTLjfAPFf4ZpvZxjjFWRtI4hEgVfAAq7AEN0RzMPqEfy3-ncHP4nO8y7HS1-s562cAshSyxUqZlwYM9EG_XEf_emJserghYVDloZM5RfS8q5L3kYiKKBJlfH8-K5Aas4cQaUY9NJ7MqmQovOuGBZNq4gKlZpdbUgPBcfq0Oyai8k&sai=AMfl-YSM-8YR4rRJTcHsbcoQ1eLYwuiDSHlCHmdndQmferuBzRXQuRkYUnYjdkUug6-llzBF6euuD1c8q4XApx1-NoA3SKD9Pgnd-kiOloB4Apr5CJc_lQlj_nXfrqglyFQzuZ0skrOgsWLSCajmnIs8ZE4u6w&sig=Cg0ArKJSzD2DnMPTn2uFEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=207&cbvp=1&cstd=204&cisv=r20230828.45814&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:21 GMT

OPTIONS
H3 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 54ms
54ms Preflight
text/html 142.250.186.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s04-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 29 Aug 2023 21:42:21 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Cisco_Logo_no_TM_White-RGB.svg.js Show response
s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/ Frame 565F 2 KB
934 B 19ms
19ms Script
application/x-javascript 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/Cisco_Logo_no_TM_White-RGB.svg.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

a6b42e1a4e0c724426510be3a635fbc5d7ca308e7a49c8724069486179c44da8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 04:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 146547
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 905
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 07:10:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Aug 2024 04:59:54 GMT

GET
DATA 200
OK truncated
/ Frame 29B7 7 KB
7 KB Font
font/woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d38ecb9492d4983d6f6a0239ed70ea03e67ec1d8044dfb91d41672042d3a849f

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: font/woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 29B7 72 KB
72 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 29a5f3793d5ea14a97c6237a7c6f80e3bb381f93101c9514cfbfa2444f5ca4e9

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4FF9 0
0 57ms
56ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDNKs4ujmeZQgB702ys58SoXmVaP4yKKsrPo3slg8WsneeolaXPGzcduCNOY484XLL2CV4IKr6MewEiMrTLq-c9j7qx7Uj_ZKiXB0hUP9WT0TdNR8IDnwRF79Vw7KNbcs6xIvd5oZ3XMOafTVvEZyfKIPmJt7bqSw4NSfTiOyxE5Wz_a2Mh7aaTSypqki5mmBAx-WucIhi5EZU&sai=AMfl-YQh1902i4eG_9V6Qns2BSqdXuLcXpDs2Jc--Ksag6GsZhMpvEs9UA9-7h4df60hsgzFKeA9iCraw5OibizJW9fM2sE046BB9fW_ZOQQz8UhlwLy0-t7oDcJMHgUknh5mfe3up5zi-zLJSSBClIm5ucpsg&sig=Cg0ArKJSzJ6klLuFCkB9EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=405&vt=11&dtpt=189&dett=3&cstd=212&cisv=r20230828.28734&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:21 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BB03 0
20 B 58ms
57ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BwmMKPGbuZL-NMo79x_AP38u0-AoAAAAAOAHgBAI&bg=!JySlJGvNAAYkVgHwBFY7ADQBe5WfONkZ8BmcGCWS8scPvlnmPHD4F6pqM2Cte7G_EKJT1FevM5GxjwpdO9Ener3a2o8XAgAAAbFSAAAABmgBB5kC-d0WqZzifeR84UxvrC0fSRWpCRMrLhuieGBNX04g0wMlq2z1HkAmoLgDdWs1cDeXZNT24I-LB560qhAcdzRP9W6V3ywHlv1JzvApVgUkP4FFvWB3ZI2LFV01iR_BNS0PCIEzF3ql-qkuO-VgEuP3gofR9hBk61jQjpwiSxNSkXUrdjTpaV3NH9sO0hEWES4sUCR7RvzNmv1rP8aBwr_GjvNSRsBgfxaBBqcurVfgF8ZOv8OexEGVvCVysh8aYgHNyR772X1Ja-bcs4yTrw-mke2X0ZYPbG3PCEJ9nEHhMrIwcG7UchPz9l0BmJpB_wrhT2JDfmEnKw-1jXgGa3xNQvdH3WMTXSNiRPhiVaYttiYXlEsRFLHSbsV0aliJ2V1a_c5_58dv_7KH5yEEFxXhgZzNu7ryeSrjXcoVh16L3NL1tWTyYzXXpsusuIp2jJvPmSPIpCJk4jPV4UQ0y5aw4ZTSx3cq_c3lQzw3GkrU8XVbQ7lfkwu5ZUpQ1aiolp6cczTE2SBy9fPSX-ntnx8Fc3QsU_I5YRwCMEXDjpTZxaDLsXUUw2w-PzHhni1fpJFrQJmoijjX4mQBUKANYLP2nKptvlu8JjjSo1U0-Pkk6kitehjA0JnUMoINejn19xLBKfWXvPoj2XdMLG-DEhUtDtzSwumq357CxVEaz-XFS_WzD0l6YXjrqaJZilQFzC__B0OHhTHprM6ZCeIi8CXGljgMLHKuhgFWXdZRIko1zcDkWX7TG8_WuqmVqF68v-Cu3ERmjSwnFWyWdCAVK7l0kAwfDRPKSjGrdXv_0zR2Ubs1IYIjhDAgLo7y2JCqdk7QA6e9QjTsznSD74vrITRAK7O3OnsNE8UagxIS17sPBdNFjXsI62Nm4cIk6v9VayOmjIr653IGAIkmp83DqasDUEt7H5zqo94VnzrpMt-CtmSPLCm-ztTjqdtO8BYpUKJ2KFd7dFeV8kHlpdopMf3FhMT7hUigpXVZa66y7F6NDdfD9hKN7W4Bz_Ja

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 565F 73 KB
73 KB Font
application/font-woff

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956

Request headers

Referer
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: application/font-woff;charset=utf-8

GET
DATA 200
OK truncated
/ Frame 4FF9 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 19db89d38208a9b33cc7d3f9a4a670c727311c3e489f21232e8d77180dfacd50

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Cisco-Secure-stacked-2C.png
s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/ Frame 29B7 2 KB
2 KB 20ms
19ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/Cisco-Secure-stacked-2C.png?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

c7b01e2e75d24fdd36e6ebc64749abec3440dceb5085ac2b1338a66db173418f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 13:19:02 GMT
x-content-type-options: nosniff
age: 375799
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1877
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 12:20:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Aug 2024 13:19:02 GMT

GET
H3 200 SORv3_springs_F-copy-2.png
s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/ Frame 29B7 46 KB
46 KB 21ms
20ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/SORv3_springs_F-copy-2.png?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

6bcc24398323d453d420aa0c486c5f7e860c2141158bcb598ee7cff1cc0a98fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:48 GMT
x-content-type-options: nosniff
age: 135273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47262
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 12:20:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Aug 2024 08:07:48 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A01F 0
0 58ms
58ms Fetch
image/gif 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsufN1PKc-vzZvAlAgm6LD1ZPvdYcJvk6BFZhTLjfAPFf4ZpvZxjjFWRtI4hEgVfAAq7AEN0RzMPqEfy3-ncHP4nO8y7HS1-s562cAshSyxUqZlwYM9EG_XEf_emJserghYVDloZM5RfS8q5L3kYiKKBJlfH8-K5Aas4cQaUY9NJ7MqmQovOuGBZNq4gKlZpdbUgPBcfq0Oyai8k&sai=AMfl-YSM-8YR4rRJTcHsbcoQ1eLYwuiDSHlCHmdndQmferuBzRXQuRkYUnYjdkUug6-llzBF6euuD1c8q4XApx1-NoA3SKD9Pgnd-kiOloB4Apr5CJc_lQlj_nXfrqglyFQzuZ0skrOgsWLSCajmnIs8ZE4u6w&sig=Cg0ArKJSzD2DnMPTn2uFEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=424&vt=11&dtpt=217&dett=3&cstd=204&cisv=r20230828.45814&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Host: ifeg.info
URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 29 Aug 2023 21:42:21 GMT

GET
H3 200 Secure-Connectivity-gradient-2.png
s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/ Frame 565F 14 KB
14 KB 20ms
19ms Image
image/png 172.217.23.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/Secure-Connectivity-gradient-2.png?

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

67f2ecef79e595db98512dd9219e737ecc0b04682d45c459f7acf99dea98ca20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 06:08:47 GMT
x-content-type-options: nosniff
age: 142414
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14746
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 07:10:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Aug 2024 06:08:47 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/Cisco-Secure-stacked-2C.png?

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

c7b01e2e75d24fdd36e6ebc64749abec3440dceb5085ac2b1338a66db173418f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Fri, 25 Aug 2023 13:19:02 GMT
x-content-type-options: nosniff
age: 375799
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1877
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 12:20:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 24 Aug 2024 13:19:02 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/SORv3_springs_F-copy-2.png?

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

6bcc24398323d453d420aa0c486c5f7e860c2141158bcb598ee7cff1cc0a98fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11975722891409238959/DE-DEU_XA-10_0_160x600_BAN-A_HTML5_MOFU-no-Security-SecurityOutcomesReportV2-Security_rptsc030390_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 08:07:48 GMT
x-content-type-options: nosniff
age: 135273
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47262
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 12:20:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Aug 2024 08:07:48 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
215 B 114ms
113ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7Dh,time:877,type:e,im:%7Bpci:%7Btdr:562%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:296,o:581,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B573~0%5D,as:%5B573~728.90%5D%7D%7D,%7Bsl:i,t:581,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B175~75,121~100%5D,as:%5B296~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:193,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1.1135760-69474492%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:25,sis:411%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
server: nginx
x-server-name: dt01.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/Secure-Connectivity-gradient-2.png?

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.23.102 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

mil04s23-in-f102.1e100.net

Software

sffe /

Resource Hash

67f2ecef79e595db98512dd9219e737ecc0b04682d45c459f7acf99dea98ca20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/9894747364103409124/DE-DEU_XA-10_0_728x90_BAN-A_HTML5_BOFU-no-Security-SCSubHubBanners-Security-ALL_0_105/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

date: Mon, 28 Aug 2023 06:08:47 GMT
x-content-type-options: nosniff
age: 142414
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14746
x-xss-protection: 0
last-modified: Wed, 08 Feb 2023 07:10:35 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 27 Aug 2024 06:08:47 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5373 0
20 B 57ms
56ms Image
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=Bj03SPGbuZI77NMLE3gOXxJ_QAQAAAAA4AeAEAg&bg=!uLulu_TNAAYkVgHwBFY7ADQBe5WfOMsU4QPuCtduc6NibKWg-JNCQpGl-mdfvtP_XnE3f70MV7i35r1HIMjRe48QH_7MAgAAAZlSAAAABWgBB5kC930H6VKcs56uTOdMS41XrjjW_BG-XyBNklj1KRd0ASh5r_ScIjChcwbh2jKQhOPgi1DkpRYZnS_F6Z1OUZhP9Q8nhhCWW1eIW7Vpy8SHwCCUDowToVAfh6rx7W43KH90xLwkuOUeBtHVnSKeekkKs37j3Hjbnqj0y_7HJs_jYBuB9Gv29FBLhZcGq94Pl1IE3Josa2l5wHS0MiP6Aq9WS9AauerI-2LmiIbF_NlYw9wfap4sdhyTLonnrlMQFmW-LMxkLpgPPnWud0QgFokJ2ec3Qjb-K7rXxOZ1lZiYhQ0etRiEfJnJqku2Al-rdxhcUgJ9IGKDvbzlbon_SxX9z34FGjSfihurxkSLKvJnQg4l587nk_vlNzSZuTZ0b6ytYkdxKrnFKmAhEiymlOACnqAM1DRG1qDoHhRx5tXMQLjq6xOHx0g_MsmqoecC4TpObOgPxi4k3Xr_OnJ9P27hLoqT8AR5fJa8gG7ZS8XegVnV9x2ajIgUsxVv0KD05C9AkDVCX17t0GAR14u854X76JxhAbZnmFY0tlmOSfH6RzUShDZcSzpQw23NTZJmHDaPXfSoSIuhlCLC98igcneOvcFrfE68Z8L7Mian8BCXBKlwUfaLuL4uzOycP5w6ue9MCxpHpIzBHz-iNzlzI7D0jvJ37Y3iBU6kegnGdX3X7iKKLrggGhv48ZGi3ofaVZLKzSduDsc9-ZW0K3l2k352briDcAUwmPmPX_nMrnxZ5nAPb5efHA-9Tt9d8cBA5jhm6ZSNpMckDU9v47l663lrM1ZGSfBL6RJfT_y-cGPjgBgf2AxdETkxPYyQezyUo1lib8HJ4sXNTQ7y6mkXVqtdJU_M75YM2KlHrCevJnC9EfhdN2exjz7S6JJ9eBMd7fOYXq1z1avvV47BOy9simLgAAJbojCF-rjcueq8j7hmwg4iXX_U_CvEpoakRZHCFAt3EySqRwvG0CG9puQavmhvM3wmk4RKDeX6YO5BOdzPPfWZFOKDDakUTQ

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:21 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 56ms
56ms Image
text/html 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230828&jk=1231807028608599&bg=!zc6lzoHNAAYkVgHwBFY7ADQBe5WfOAUr3RAKOKOBLtNOa4tR5-0Oo7uo0LuxEbBNMbxQe5Cp7Upgzm7uSTM_BY92i10rAgAAAcJSAAAACmgBBwoAmseTz9iu0Yfy5YYpWiFka_kDYmodT81mMr6rWgB1dci6v11o_SF7gv6R_ExiocOZ0-KdALFOGiljVl7FABETm5Ps3uk9qs7IJkh0Jl-xX7RD3i1yQ2P4ijychG9hzxesEwFMn3o_ZSqcyLNyEh6ne1-KnLhdgkxE6BZC-mfQaQ5jEnP7uw6kS4kdhgpIHP1fIjBQMDHeIdLG6E6ZAq1aPC8b2sgravayVQDtZg8S93ktRQm2ID-M74ypIRCDPPRYdzBoKT7ZvXtOGZTlj7aKSwoEjdnSgXiR4EU6HshHd6dvB4o325SnMpsUHqVA4HHcmsPCKw9bxCFO7Qgus9O4tXhZ2QiK5Hb7EoiRMz5wflHpYAnG7SoEXuoExQ2zNmp_MaU3zIlv4aZPCij3H-DKUJ7iWQK90f4iPA4oExMsNSxgxwNnAD-_OB21g44_DAdlsuP9sxZ5mr9SdU3Qev8SiTlb8onKZ_BUEZJxfbq1TsTjYrzJeMi0-P32b0-t7nOrNCKS6ztpJFJCos6wFtEgAZO6ecY9DcYgydor4kGS7gfcX96bQna04pown6CPAgrSqne8S9lS__rJDXfzM602Db06tNIY2b7mjevPF6w9Pr-c0kNNDni01M0LgvgaxDdd5pNDJjO6nPSF10mHlaig67WcYs4fqv8wqQSNLF5aYvTIPIUmYsNJUcDklOpyBgxMWMw-SMk400yVAWyRUGX1V8sZpy7Xyy5AUKDRGJ9jnpBnO2DjMwNNjgovEo8Rve7DJNUAMBzN8rmhBCT1ENZryuHMqv0OmNQERUtJO4e32d1EQMeAY8bWtIitfUF5hpEzUTUIYc3EX8zo_fdLk5C21iaPNf5CwPf72XnDbmSVsBXcPZCVW_ZyeY64AzRBRccjk4GRy1NTDkntBfEn42CDHsp1b4okVowA3QbldrNowjlYOLL_m44t6u-U4fTTu5N20QU5Nw-94GCBoZcWo48EjbW9MMEXQwM3Imc35Ek8UyE2j0m0lCT2o3egp2J0KBrDh8HLMJ4kK1j5D2rHzFawnTy-awe8k3x_YAy1rTGeGc4q5kHRca-TTKNTjTiwqv3Qd36lO5r47TpX1MT16CXv23D0mIVqRVbREy6S
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.16.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s08-in-f194.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ifeg.info/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 114ms
113ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR7KQ,time:1290,type:e,im:%7Bpci:%7Btdr:1032%7D%7D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:0,o:1290,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1283~0%5D,as:%5B801~0.0,482~160.600%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:212,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b1.1135760-69474524%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:23,sis:327%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
server: nginx
x-server-name: dt03.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame A01F 42 B
64 B 58ms
57ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstM_05e924DXigpdj0TEcK2ohcDq9ubsVGIvYcKXN7YEcSMR99SY7Z1HxXtQ4Y7Zpb4G3rGvc14pYn1CNoa22-RKz2jGy184E8GD7IsVvaAFOsPbuSijbxERr4EZzYFwz9exfFwDFMVzjhS&sai=AMfl-YTWTcHJ6-HAvGakFZFsWtSSb4IoisF_Ue5LE5cVwYXml22VM2UCMxPNyyvWp9RPH8skd86d-9kNzUtDo4LmDrJWN6gjG3MvS4Pwnga1_2gZXHd6hrMVINJneDnM4drEnSexlkoUgqbVXZIo&sig=Cg0ArKJSzL9o4-3XrK5oEAE&cid=CAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgB&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=791,1000,1000,1000,1000&tos=791,209,0,0,0&v=20230828&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693345340651&rpt=714&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
215 B 113ms
112ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7Ps,pingTime:1,time:1632,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:24%7D,%7Bpiv:82,vs:i,r:,t:581%7D,%7Bpiv:100,t:756%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1051,o:581,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B573~0%5D,as:%5B573~728.90%5D%7D%7D,%7Bsl:i,t:581,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B175~75,876~100%5D,as:%5B1051~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:118,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1.1135760-69474492%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:25,sis:411%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
server: nginx
x-server-name: dt15.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4FF9 0
20 B 53ms
53ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8344681121071&version=m202307240101&ct=76&x=1&cor=14800076822442146000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame A01F 43 B
215 B 113ms
113ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR7Tf,pingTime:1,time:1867,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:24%7D,%7Bpiv:82,vs:i,r:,t:581%7D,%7Bpiv:100,t:756%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1286,o:581,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B573~0%5D,as:%5B573~728.90%5D%7D%7D,%7Bsl:i,t:581,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B175~75,1111~100%5D,as:%5B1286~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:115,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1.1135760-69474492%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:25,sis:411%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
server: nginx
x-server-name: dt19.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A01F 0
20 B 54ms
53ms Ping
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3843730824815&version=m202307240101&ct=76&x=1&cor=1758702543007266600

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4FF9 42 B
64 B 58ms
57ms Fetch
image/gif 172.217.16.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstmpMmJDI3jzF24xZftJKf1QmC-1XvrsnWND5GUPGBVfTkc1KmQOXhUDsYJq6yJpzux__nexJLdLyrIY_9H8CIBrGhbWz9vs8I4lw5DJ-ID1a8zLloKAnuY_EJpqxQmAJ09i0pYpL3bSxwS&sai=AMfl-YQh4agtppzn-H3rM1BhAhZU90UTxnv4Yd5-XOShnKHy7RAoxwcHEzopFCGOF-6rAzydsdUU7BjgUKBHXYmhRKboPxd1nPWct0aGKUf4vhAoPaqmJrVvyNLxue1S0NxbdNMlGkmE1KqxRe66&sig=Cg0ArKJSzNqBSQZtc_KuEAE&cid=CAQSSwBpAlJWBliSJz_XA7M7tzYinrOREBsjI23YXusKzNNMqA-Q1Nc9AsuOt3Af1jB58fcVSmIRJvhFVhfDzhsZeXzt3i_Hx8GOIMnfqhgB&id=lidar2&mcvt=1070&p=0,0,600,160&mtos=1070,1070,1070,1070,1070&tos=1070,0,0,0,0&v=20230828&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1693345340614&rpt=722&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f194.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:22 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 114ms
113ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR8au,pingTime:1,time:2880,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:22%7D,%7Bw:160,h:600,t:808%7D,%7Bpiv:100,vs:i,r:,t:1879%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1879,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1872~0,1~100%5D,as:%5B801~0.0,1072~160.600%5D%7D%7D,%7Bsl:i,t:1879,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:115,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b1.1135760-69474524%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:23,sis:327%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:23 GMT
server: nginx
x-server-name: dt22.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4FF9 43 B
215 B 115ms
114ms Image
image/gif 44.213.255.228
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=efe7b0ef-2fc6-3009-ba7b-2bfbeb09014b&tv=%7Bc:mIR8au,pingTime:1,time:2880,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:0,h:0,t:22%7D,%7Bw:160,h:600,t:808%7D,%7Bpiv:100,vs:i,r:,t:1879%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:1001,o:1879,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:22,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1872~0,1~100%5D,as:%5B801~0.0,1072~160.600%5D%7D%7D,%7Bsl:i,t:1879,wc:0.0.1600.1200,ac:NaN.NaN.160.600,am:i,cc:NaN.NaN.160.600,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1000~100%5D,as:%5B1000~160.600%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:115,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1*.1135760-69474492%7C1a11%7C1b1.1135760-69474524%7C1b11%7C1b12%7C1c1%7C1d,idMap:1a1*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr,siq:23,sis:327%7D&br=c
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.255.228 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-255-228.compute-1.amazonaws.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 29 Aug 2023 21:42:23 GMT
server: nginx
x-server-name: dt23.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET dt
dt.adsafeprotected.com/ Frame A01F 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dt.adsafeprotected.com
URL: https://dt.adsafeprotected.com/dt?advEntityId=1135760&asId=f49197b5-d337-f770-95c0-9dddc4339cb5&tv=%7Bc:mIR8RY,pingTime:5,time:5632,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:24%7D,%7Bpiv:82,vs:i,r:,t:581%7D,%7Bpiv:100,t:756%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:0,b11:0,cnod:1,gm:0,slTimes:%7Bi:5051,o:581,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:24,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B573~0%5D,as:%5B573~728.90%5D%7D%7D,%7Bsl:i,t:581,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:i,cc:NaN.NaN.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B175~75,4876~100%5D,as:%5B5051~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:115,fm:tOmstS2+11%7C121%7C13%7C141%7C142%7C151%7C152%7C16%7C17%7C18%7C1911%7C1a1.1135760-69474492%7C1a11%7C1b1*.1135760-69474524%7C1b11%7C1c1%7C1d,idMap:1b1*,rmeas:1,rend:1,renddet:DIV.qs.sn,siq:25,sis:411%7D&br=c

Verdicts & Comments Add Verdict or Comment

79 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
ifeg.info/	1969-12-31 23:59:59	Name: PHPSESSID Value: hl6uhpdj9pucaojb1a1s04atgv
.ifeg.info/	1970-01-20 23:58:25	Name: _ga Value: GA1.2.256524315.1693345339
.ifeg.info/	1970-01-20 14:23:51	Name: _gid Value: GA1.2.1015227179.1693345339
.ifeg.info/	1970-01-20 14:22:25	Name: _gat_gtag_UA_75224506_1 Value: 1
.ifeg.info/	1970-01-20 23:44:01	Name: __gads Value: ID=3e1357f4193fe912-228e33005fde00fc:T=1693345339:RT=1693345339:S=ALNI_MaZCiy7B7q5Z2cQvi-eRnM4aGlS1w
.ifeg.info/	1970-01-20 23:44:01	Name: __gpi Value: UID=00000c6b64e96ce6:T=1693345339:RT=1693345339:S=ALNI_Mar7T7tl9JB-WTy6RGNYuL-YhZHFg
.doubleclick.net/	1970-01-20 23:44:01	Name: IDE Value: AHWqTUme48nTVW72DL4i5Kkuz4oamXfHNiw41XVoI6AQLDerOFt_BVM5ArkCzkVhxwc
.doubleclick.net/	1970-01-20 14:22:28	Name: DSID Value: NO_DATA
.googleadservices.com/	1970-01-20 16:32:01	Name: ar_debug Value: 1
.casalemedia.com/	1970-01-20 23:08:01	Name: CMID Value: ZO5mPJ8eB9OQbJGx32XKvQAA
.casalemedia.com/	1970-01-20 16:32:01	Name: CMPS Value: 5233
.casalemedia.com/	1970-01-20 16:32:01	Name: CMPRO Value: 5233
.adnxs.com/	1970-01-20 16:32:01	Name: uuid2 Value: 8186277162281298696
.adnxs.com/	1970-01-20 16:32:01	Name: anj Value: dTM7k!M41.D>6NRF']wIg2Il`etmH-!]tbPl1M>e)ZlrFUfJ+tGXxoXL#P2aDau[8E'tcla!u2x9y[e?_.zvj71!=J3If)y3KL9D3I?+qe#xx+
.doubleclick.net/	1970-01-20 18:41:37	Name: APC Value: AfxxVi4tOsf0DmaRxGgeflO8UnoDFlPANBvQduiq_wLx9aEe9TBCwA
.adfarm1.adition.com/	1970-01-20 16:32:01	Name: UserID1 Value: 7272862860436371604
.blismedia.com/	1970-01-20 23:08:05	Name: b Value: 64EE663D39B62CBD414BC233BLIS
.w55c.net/	1970-01-20 23:54:06	Name: wfivefivec Value: Sr4l7rWT1QB6tD5
.mathtag.com/	1970-01-20 15:05:37	Name: mt_mop Value: 4:1693345341
.de17a.com/	1970-01-20 23:00:49	Name: guid Value: 1.5158688741889801792
.w55c.net/	1970-01-20 15:05:37	Name: matchgoogle Value: 5
.tribalfusion.com/	1970-01-20 16:32:01	Name: ANON_ID Value: aWntuJujieEo7YxU2mxDp7xoLnhZb73StsyZatvr1o7gYcZaAhsZaO1tny1SOyb7NZd5b4nekZdvoOyMRsO2MTOuJ7Kxhy

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://ifeg.info/2023/08/14/a-discreet-exchange-conversations-behind-the-black-hatted-man/(Line 57) Message: Refused to create a worker from 'blob:https://ifeg.info/145391ac-8f04-4e2a-bb34-87b89161922d' because it violates the following Content Security Policy directive: "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval'". Note that 'worker-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.tribalfusion.com
bid.g.doubleclick.net
cdn.ampproject.org
cm.g.doubleclick.net
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
ifeg.info
pagead2.googlesyndication.com
partner.googleadservices.com
pixel.wp.com
pm.w55c.net
s.tribalfusion.com
s0.2mdn.net
secure.gravatar.com
static.adsafeprotected.com
stats.g.doubleclick.net
stats.wp.com
sync.mathtag.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
dt.adsafeprotected.com
104.18.24.173
13.225.78.4
142.250.184.206
142.250.185.132
142.250.185.161
142.250.185.162
142.250.185.194
142.250.185.226
142.250.185.72
142.250.186.162
142.250.186.34
142.250.186.35
144.202.4.162
172.217.16.131
172.217.16.194
172.217.18.1
172.217.18.10
172.217.23.102
178.250.7.11
185.29.134.244
185.80.39.216
192.0.73.2
192.0.76.3
2.16.97.41
213.155.156.165
3.74.29.98
34.96.105.8
35.244.159.8
37.252.172.123
44.213.255.228
54.171.7.45
64.233.184.157
74.125.133.156
85.114.159.93
00b5a31a52a4e71fd10824e2e26039cf2a7b7d5ba0c7d833ccceb6b207660f45
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
0907e75ab7f4aa03bcbc01778262abd0671f8742abaca30e9816cc90a6b28935
09309ddb733a7c98fba0d2d5a245e3eea11f6eedae44ca55f08027659a614d14
093ed144c5fa96a4f8fcab183ebc78f4257acd922b1d8bf6c74a4baecbd88683
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c25ce3cbc2dd4aab461a2dff79562efe1f987b7482ea83056790ec4914a1a7e
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1369b30a0d9b9b9aa771f961decf6a74802e2e6ed375268e2fe750fb4c7250aa
1457cc910b41a8b5ba411e458bbc70f31f27681f26e366f2836d36f20cce8580
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
17c4a472fcd08fb337fb6a574f60891ce91af06251dbf5d0137d2414316c11b1
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
189d37b2b4ff6cc9cc20e2a84f203912ef8517643cceb4fa4188c475556108c8
19db89d38208a9b33cc7d3f9a4a670c727311c3e489f21232e8d77180dfacd50
19e6c10e35420c97531145c7868d66221109a10be4e8f916fba6c34f2519c83a
1a20326f4e41f89c8aa3c95542834da293f334338d546f9aa0c577d76fa5b73b
1c468f25c66a9aeaa637ca5244f64ec7f967734b2dc2aa92b667cf5316155e81
1df629c9e3d7999c38bfa18b45032197fd4da30e8e893bf07f5083e1fa9b4390
220049135e6c242896cea20cbd980419905e04e43cc5d1f9d23db3e00e25c6f9
24366c51064fc57cb419cc93db561f43bf3461affb1d04deb4d552a7e2ba4956
25801c59f15295613ed5a0cfe70eb1cd1b9853fdd561d1db0c592fd0540c6869
2722395eb4b66748c28bb0de09e2dff45c49b130ba8762c5caf7ef36b0895215
29a5f3793d5ea14a97c6237a7c6f80e3bb381f93101c9514cfbfa2444f5ca4e9
29c6f764e7441ad2a24f60000fdbbef99a057ca7d4efb401b05dd1f1fd8ec171
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2d7b7d9d5f46003fd39e1c6dee0c2f617bc32ec707d819bd4eab2fc8081938de
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e4e396f54df8c221694cc036c817087771e03f276547097539ab206dfb126ae
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
3178d561d0443be6280f35273c0a2413a2b763f468e430cbc29b1a1bc50ef89a
328cb29271341963f1503c02d0d00d7d67f60396961e4fdac73b74ebbe16d803
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
36d04991b27d96ebcaabe87041ec6c9e4a32a2939cbfc8ff070a62f7a0f8c75b
36ef63420f2a82374d016a378bf127ba8d3c761c8dcad295188b1690a17a0108
3ab7853ddfc8ef3468082187bff5636436df85cd9d1e54653530c018cf9d9280
3d2b34675fd418a1b23c652fa791f4875ccc12860d9b4b6ec8ae4aa09d51ec1e
3fadf99638094a841349a5bc82be83289b9b7c795838626f5ab8462763bad224
44eefef34507164f4234b958d8f6906488a2521071379498041568bae9499b2e
4539a37b37acaf787b3ccd0bb1e9a3372c9150aff547eeddd0296ad2a6d664f8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b61f735ba127d88a8673f26e34a79bc25968d5be1bb43004958065526d28bb9
4c62c820213f1ab28757a744fd3d15b65fc1ac9e148c8db2c50eb8a20959f930
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4eb7a2ba33082e2e7e8f36a4a7e2a04d39393b368d926be480c93f8e44e82767
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4faa1d5635283a0d49e1933de318b24491751c9a3ccf2fe404b9137929e3eb86
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
508ecc51e1ebdc0798b41ab754e78fcfb51c0f573fd1a72195fee5020785841b
521457922129a04fbc4524021ac47021659a1e1931c5dfe1a0e13be5dcaaefba
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
53338edc3d34036181d4d3504f731aaad9d38a4fc6486fb2b417e34eb1ed17f2
5526e738d75a0038ff5247dd07362c0e747b61acd6bafaa96d94392a4da96e2e
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5847707988b0ee28c7b583abaabd6c203ad910326e5b9fe12149a0bc8ac43e5c
5b4636a32cddf9e7607a1b7a857c417cf8c0a4137fc7647ee94bd4396b4b5301
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
5dd41eadd5583b320b30fc18d6dc0b7167eee44540dfc809e8628ece122448b7
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
61fd6ba4d87951389bb292a35743f9d67710b2ddc31cc4c0bbde35c811363a03
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
67447c3656caad630373253691f3e8f64467eafd6e7305c9b0e98111b0b41694
67635d2c414b5dc350a6596eb89eb56b011902de29de6a1a78692d811a50341c
67ebf650147a9122e94ff1b25a78a82e903b92b877821c1479de69f00f59d429
67f2ecef79e595db98512dd9219e737ecc0b04682d45c459f7acf99dea98ca20
69cb605f0a4a781056612fe26df57089a48b6f8e96a19a5ab954dd9b900d77c3
6a743412cfd658ecb1e6ce0420f0863d74859f5a8c4ab49f1183865f4ae60308
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bcc24398323d453d420aa0c486c5f7e860c2141158bcb598ee7cff1cc0a98fd
70ae86178e0e75c4d5014f3f41a7cb8e6b45fc8de91666b8500e822bafbdcfa1
76384e46c31a19642f77652a3304907e75921d22de8c1364cf61dfc18411a804
76740b2a7b0a35eed6ceb509cefd8ddd6955bd5c656b0581f2dcdb48040ced8f
7ac09376cadacabe79e795875aaffacb594e91cffd1e2f71c7b4ffe050dc3af7
7b30a44912b79ef248fd539414e666301b7338b1fa8a2baefa539a267638da0b
82152a6c4911a9c699f2b0185cd78a79b2214a9dbddd0a1bd6d83363bb82365d
8674f707de405e62ecaf0ebcacaa49cba61e4b7a57f33ba685b9d1f2bb01f2ac
8d5550f049ec5584b1c3bd3d4f4a2ae67cef34412b64b51c4b22a78e821357d7
91d224e7fe92d4be644959ddc6acaf9c2f3c8fd32be3ced96ddfd3a39b1f8d58
9598667818afc48e553985ab08773ac0027f445b097adac23e9116808206b9a5
96d12be8828c1a1d5400ef1e07dbb09aa7ef9170b6f5f9d70a3860527a1f585f
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a1cda6441d6032222b35f93ae5f3bddff8eab851e5e8622049ef96f0b53bb01b
a290d8dd892311fe83badf0a62ea7bf477fa585627a646e838e80d7a6e921692
a6b42e1a4e0c724426510be3a635fbc5d7ca308e7a49c8724069486179c44da8
a75b4fcd9a2ca16dd0f928054400cbd522b0d70c642148aec5d27e94c48ef76a
a93798e0c7065b4e6f3131e493d070eb2ba3e18e88795df58811fc849b235e10
a97f44f196e9ecd639750da2dacc90a6c3a7b9e5e3e692bb970ddbfaaffb615c
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ac6c7df9ea6f8e1bcacee7bbb1df0c7902650aa2bef04e536ae838e7c9146aa8
ae63276d13de5376dd9d5d0dd2d330cb131ace6ab96008ddcad724acff553cea
af4c22461aedf382190d0367cfb759d2faf8fb994a917406557d81d48f63344a
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1fe6456a4e2d8871862a70a1d1ad7dee8887643ee994ad850ee0a30072cfbd2
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
ba0fa0cc474428475587109e6af8d43c0250fa3df5145c36a50a6a8235901875
bad41ea7fd61735e3e216f7efd11586d24a7e7bea305c15a315f71e91c2b6b0c
c1242fa94be3c8b4f77e19e0098a00ce4714e76b48fcf9fb6c6fb95e978bc5df
c50a34e60a1f092c888acd50523b8f8f67b3879d90a21f0b012e8153ce93c2c5
c5a151f6d9e09fd60bf6973d09630854a1ea0545ac0cbeb88dec0790b3c04b7b
c7b01e2e75d24fdd36e6ebc64749abec3440dceb5085ac2b1338a66db173418f
c7f0030ccf3ad8764c53d36b5a3f95a389c0c73240dd6cf23c767ff3e6d17ac8
c87ad09b52f364f03bfca33c6f2662ef2dc1c019ccdd7da6872791f6c3228eb9
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cd8e77bb9997f70d4bc63ba8380377a8acb727d08c8c2872bdc1583faf953978
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d38ecb9492d4983d6f6a0239ed70ea03e67ec1d8044dfb91d41672042d3a849f
d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29
d7779d95203bed5280ee3281f856607f95ac5df680547356656c7109d7d0a6a6
daebd7f90f4f822563fa689c2412bd15b53bff0dff8e4e6f4f334ef0a8c53c97
ddc9c01c9bea7249e9fdf4dbcb1e5d4a662db24f4c4d14ba75cf95050a7cdda9
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e174a58a503ab84b3d1b9de12fd3895788204485170f1289e445f7b5b98ec789
e2d3127da85763e024971c6192f78becbdf85db231b3d088c9f8b3777d444ede
e2e60e9eae839d6b2e857c708f6d02ae6069141594b941a1590cd5c5435d42f4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e469a9cd1e50424a7f2f8f7200f20c800b5c46f322ef759d73770745e5329e2f
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e64ed909680284310d43b2c1e481c46cdd194084f1df8a605ab46183771add7e
e8f90c57666c653afe0787d9595df1208fd410663226d00e9a6ce5a17cdaf2d8
ed5b5df9ceacfe76857ac51964972b0b417a215b2f50e837fd6b64bad7339c40
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f51052bd6497dfa454b67975acb33a59b561443fbbe16a7aac155d4232c77e79
f51c2ea8be90351c31c2eaf325eb98d4495c2fa17dbf45ece1405e3f4d62a747
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
ff4bd34aa98a0214833619d3d751838db015722dfbbec15cd14dadc66cd67869
fff2521683fbf32be173e39b9c07cef94f74b1534a4265ea6d53ea8742f8db93

ifeg.info Open in urlscan Pro 144.202.4.162 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

242 Requests

92 %HTTPS

0 %IPv6

26 Domains

37 Subdomains

31 IPs

8 Countries

4670 kBTransfer

10271 kBSize

22 Cookies

13 Outgoing links

Redirected requests

242 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 12 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

ifeg.info Open in urlscan Pro
144.202.4.162 Public Scan

Screenshot
Live screenshot

Full Image

242
Requests

92 %
HTTPS

0 %
IPv6

26
Domains

37
Subdomains

31
IPs

8
Countries

4670 kB
Transfer

10271 kB
Size

22
Cookies

242 HTTP transactions
12 data transactions