painthy.com Open in urlscan Pro
45.130.41.84 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://painthy.com/
Submission: On December 11 via manual (December 11th 2023, 10:44:47 am UTC) from IN — Scanned from DE

Summary HTTP 296 Redirects Behaviour Indicators

Summary

This website contacted 24 IPs in 4 countries across 14 domains to perform 296 HTTP transactions. The main IP is 45.130.41.84, located in St Petersburg, Russian Federation and belongs to BEGET-AS, RU. The main domain is painthy.com.
TLS certificate: Issued by R3 on December 2nd 2023. Valid for: 3 months.

This is the only time painthy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
32	45.130.41.84 45.130.41.84	198610 (BEGET-AS) (BEGET-AS)
4	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
52	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
14 30	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
41	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:811::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:400d:805::2003	15169 (GOOGLE) (GOOGLE)
28	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
9 12	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
5 11	172.64.151.101 172.64.151.101	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 7	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
3 6	52.51.176.114 52.51.176.114	16509 (AMAZON-02) (AMAZON-02)
37	2a00:1450:400... 2a00:1450:4001:831::2006	15169 (GOOGLE) (GOOGLE)
9	142.250.74.194 142.250.74.194	15169 (GOOGLE) (GOOGLE)
6	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2600:9000:223... 2600:9000:223f:a400:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
12	2600:1f18:1ac... 2600:1f18:1aca:4280:aab:ddb9:5e71:5416	() ()
1 2	2a00:1450:400... 2a00:1450:4001:828::2004	() ()
296	24

32 45.130.41.84 (St Petersburg, Russian Federation)

ASN198610 (BEGET-AS, RU)
PTR: ssl.codia2.beget.com

painthy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

52 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 14 redirects

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:811::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:400d:805::2003 (Ireland)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 142.250.185.226 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 142.250.185.130 (United States) 9 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 172.64.151.101 (United States) 5 redirects

ASN13335 (CLOUDFLARENET, US)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.52 (Frankfurt am Main, Germany) 4 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.51.176.114 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-51-176-114.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:831::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.250.74.194 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: fra24s02-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:223f:a400:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 (None, )

ASN- ()

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2004 (None, ) 1 redirects

ASN- ()

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
93	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 tpc.googlesyndication.com — Cisco Umbrella Rank: 148	2 MB
57	doubleclick.net 23 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 33 securepubads.g.doubleclick.net — Cisco Umbrella Rank: 196 cm.g.doubleclick.net — Cisco Umbrella Rank: 219 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 515	453 KB
37	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 300	461 KB
32	painthy.com painthy.com	1024 KB
28	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 138
24	adsafeprotected.com 3 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 900 static.adsafeprotected.com — Cisco Umbrella Rank: 602 dt.adsafeprotected.com	306 KB
20	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn3.gstatic.com csi.gstatic.com	119 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 578	8 KB
7	adnxs.com 4 redirects ib.adnxs.com — Cisco Umbrella Rank: 229	5 KB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 204	87 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 206	383 KB
4	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	4 KB
2	google.com 1 redirects www.google.com	1 KB
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2814 pixel.wp.com — Cisco Umbrella Rank: 2796	3 KB
296	14

	Domain	Requested by
52	pagead2.googlesyndication.com	painthy.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
41	tpc.googlesyndication.com	googleads.g.doubleclick.net painthy.com tpc.googlesyndication.com pagead2.googlesyndication.com
37	s0.2mdn.net	painthy.com s0.2mdn.net
32	painthy.com	painthy.com
30	googleads.g.doubleclick.net	14 redirects pagead2.googlesyndication.com googleads.g.doubleclick.net painthy.com
28	www.googleadservices.com	painthy.com
12	dt.adsafeprotected.com	googleads.g.doubleclick.net painthy.com
12	cm.g.doubleclick.net	9 redirects googleads.g.doubleclick.net
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
9	googleads4.g.doubleclick.net	painthy.com
9	csi.gstatic.com	pagead2.googlesyndication.com securepubads.g.doubleclick.net
8	www.gstatic.com	googleads.g.doubleclick.net
7	ib.adnxs.com	4 redirects googleads.g.doubleclick.net
6	static.adsafeprotected.com	googleads.g.doubleclick.net
6	cdnjs.cloudflare.com	s0.2mdn.net
6	fw.adsafeprotected.com	3 redirects painthy.com
6	securepubads.g.doubleclick.net	googleads.g.doubleclick.net
6	www.googletagservices.com	googleads.g.doubleclick.net painthy.com
4	fonts.googleapis.com	painthy.com googleads.g.doubleclick.net
2	www.google.com	1 redirects tpc.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
1	encrypted-tbn3.gstatic.com	googleads.g.doubleclick.net
1	pixel.wp.com	painthy.com
1	stats.wp.com	painthy.com
296	24

This site contains no links.

Subject Issuer	Validity	Valid
painthy.com R3	`2023-12-02` - `2024-03-01`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2023-11-28` - `2024-12-28`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon RSA 2048 M02	`2023-03-29` - `2024-04-27`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-03` - `2024-07-02`	a year	crt.sh
static.adsafeprotected.com Amazon RSA 2048 M02	`2023-07-07` - `2024-08-04`	a year	crt.sh
dt.adsafeprotected.com Amazon RSA 2048 M02	`2023-05-09` - `2024-06-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-11-20` - `2024-02-12`	3 months	crt.sh

This page contains 30 frames:

Primary Page: https://painthy.com/
Frame ID: 59F25EEBAEF95CC4DCFFD3B3637219E7
Requests: 49 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/zrt_lookup_fy2021.html
Frame ID: 6B329A4DA349B27FECDAC3B50FDB5D07
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&adk=1812271804&adf=3025194257&lmt=1702291481&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fpainthy.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481149&bpp=4&bdt=478&idt=306&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5815262515655&rume=1&frm=20&pv=2&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=325
Frame ID: DEB287EA7B2167FF3837D64C4DF10742
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Frame ID: 4A6DFAE4871D838CF09C3C8A293DF828
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=1118&slotname=9671647671&adk=103722881&adf=596777495&pi=t.ma~as.9671647671&w=325&cr_col=1&cr_row=13&fwrn=2&lmt=1702291481&rafmt=9&format=325x1118&url=https%3A%2F%2Fpainthy.com%2F&ea=0&crui=image_sidebyside&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481155&bpp=1&bdt=485&idt=330&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C325x250&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=332
Frame ID: 8B6151CC81928625CD06DD5B4AA10FC8
Requests: 46 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGPKT3_QBMAE&v=APEucNXI3pi1o39g3AM67SgHZPxTC1EA3koMe2nAE08ZSzC5RlAc1jkaugkGVh0iI7_nrDkdDLLupahOJpOreviKctpAAeqWA0B_AmEof9WNccyF7Gavff6535CyUD1kCLPrDgU5RujcX-MkNmUlorxCvl0yBbkAvKC_5IIJj2IjhPBjZKKYK8Q
Frame ID: A57C6351A9E5229DE8E69DAB42649BD9
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: CD8ED613FD636987CBBABD3911D57E6A
Requests: 25 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: B793248C5EF49C351052B0C36718442F
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
Frame ID: 85A4766754260E9821789884B3144A06
Requests: 16 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 65CC14A65C934E1ACAAFAC22708174D7
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 4D0C82FD0411A1DFA0769E7F26F780F8
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 57E004551C01FC5ABE96543F627F343A
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: 0B2387E2713FE84F1A02107D77180059
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Frame ID: BEB2ABB397024E94FCBC463D7DE010EE
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNVbItSL6gShXexb4J9IBGvnRziGlrc168hGLa4RnNC_jdYRvVGchfGEBwDasCJKnzgBnWCQEm0m7bTrHrmncVvoywiWZ77iL6we7uKO0UPlNN2QHY8bNYc0qjb76D9jiNe1i2OUnjLS6hN-bUpYgSERQyJ8vkzRenlvgkml56elPb13k3g
Frame ID: B749F2514287D9C16AA72EF2617B801E
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 4B401FDEAEEBB9FB76980D19CFC2A6CF
Requests: 26 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWmox68tIcBY20DmO7oPO82lC9LZEeW-9NReSgowraU0MTexjm7nEQj6zgh3zfsWHHZCbd8cYLk2VTuwmiZ_kK3bcxA4EwfbGAZpzUGQyX6G4T1Q-VuE7och2cE5w5s7hAnkDGdtqxAypb0I03vYsK5baveFLZU1derlGoYEhf0tuEuEXI
Frame ID: C2D38D5DBC32D01BE175528A2FEB1476
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/js/dv3.js
Frame ID: 5A9EFA98E195919807E69D848421EA44
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: BA2BFEE88374486C25152862DC626A1A
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: AC19BAEA762C7AFDF41A573A0B3C37E5
Requests: 2 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Frame ID: 7158E741E4ECA4D385987154FEDA231B
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 8EA55955616D09A8473587FAF8E07D4E
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: 91128752A70B3347E10EB356404D6C07
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: BC01B3B299F6D00D127D3B1A39AD9446
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
Frame ID: DB0FC0E1CADB2FCEEEA7E024A7862867
Requests: 13 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 65DA074458359AEFD3A8D7DFF235EFB0
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js
Frame ID: A84163830CEE9A7C9158AE6725DC2B4C
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/62bHydCX.html
Frame ID: 9ACD155BCD8CF6E9EBDFFDDA10FA5395
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
Frame ID: 56C17E4711013C6BDED5A3DFBAE6AAB6
Requests: 13 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.6.2.js
Frame ID: 816E4555D6E71F5203AFBA63CCE0C558
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Painthy - Your Job Guide Info

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

296
Requests

89 %
HTTPS

65 %
IPv6

14
Domains

24
Subdomains

24
IPs

4
Countries

5173 kB
Transfer

10939 kB
Size

11
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73

https://googleads.g.doubleclick.net/pagead/adview?ai=C6rwkGeh2ZbCjIKe578EP98WDIPDbgd90mv_T_bcShtLmrYkCEAEgtq6xkAEoDWCVgoCAsAegAZroq8IpyAEGqQJiLYh_9w6yPqgDAcgDAqoE5gFP0MVjOreeozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHrjHkPoMBeICg5lIEJ59Mf-8b8cMXAR_9SQ4p-8euKEchJAEaoeEhirJriEhSzHqLokyKHBdWZpsrZEWrJoFBb92yIIyunULLWeSk5ack2B0GdzC4LKcBH_mcA97t5wdbDH8UsGUUomwzds7kleJVn_naUkZGbhroPeTAIBZPSAMNDfwUmBrcIs7NaMol0FPeDvhRYwt8UbIcffHZYHS5VJHBjaormC8M9kEVMAEm_SE29IEiAWdv-3TTZIFBAgEGAGSBQQIBRgEoAY3gAeaoPyhBKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEN_YTdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYm-68-JmHgwOaCSFodHRwczovL2pvYm1lc2guZGUvdG9wLWpvYnMvYnVlcm-ACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLYEw6IFALQFQGYFgGAFwGyFxwKGggAEhRwdWItOTc3OTEzNDgzNTQ4OTc4MRgA&sigh=o5VlUS1LJsM&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222492744730336515905%22,%22debug_reporting%22:true,%22destination%22:%22https://jobmesh.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211144983578%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217344830558226227153%22}&andc=true

Request Chain 74

https://googleads.g.doubleclick.net/pagead/adview?ai=CpPpRGeh2ZbCjIKe578EP98WDIKWjv7B0r-im2JER2tkeEAIgtq6xkAEoDWCVgoCAsAegAdbRrMADyAEGqQJiLYh_9w6yPqgDAcgDAqoE2AFP0IJrG7eZozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHri_k_pMBeUKg0IS5YahLEFJoCzgu-uUNrDVUX8bTaJYcZPAn4QEcynJ2yIhPjLq24gy3XFdrJlsWJIUWZkH8Lx2PYEyT3YL2GSSZpWdZmN17N_CFbGc8XzmhQx7Qp8dmTL8p8KUp6qgLf203pfehyuvpEEZWSIhCfUqmeMG5Juv9hC-xr2a79PAOYuFkXvexogk5mybAWby9lg4xnDABPPznpiyAYgF_92BggOSBQQIBBgBkgUECAUYBKAGN4AHkq7TP6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEN_YTdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYm-68-JmHgwOaCR9odHRwczovL3d3dy5haWRhLXdoaXJscG9vbHMuZGUvgAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTk3NzkxMzQ4MzU0ODk3ODEYAA&sigh=SBU88GRTFV4&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226644071119630907920%22,%22debug_reporting%22:true,%22destination%22:%22https://aida-whirlpools.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22940255446%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228978932373045830145%22}&andc=true

Request Chain 75

https://googleads.g.doubleclick.net/pagead/adview?ai=CYDcDGeh2ZbCjIKe578EP98WDINvHyuhz7ta_7_QR-rjh-e1AEAMgtq6xkAEoDWCVgoCAsAegAZGYlrgCyAEGqQJiLYh_9w6yPqgDAcgDAqoE1gFP0KcSL7eVozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHrjHkPoMBfgCg7AQPLB8Mf-8b8cMXAR_9SQ4p-8euKEchJAEaoeEhirJriEhSzHqLokyKHBdWZpsrZEWrJoFBb92yIIyunULLWeSk5ack2B0GdzC4LKcBH_mcA97t5wdbDH8UsGUUomwzdsE3DeIU3_nHl2TZrhrsPehA5AVBSACLF2RUkgZzVzKG4edHrmT6RzbyE6VGchwhUvZwASBmYT_vgSIBajPmZRNkgUECAQYAZIFBAgFGASgBjeAB9fn6ccBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ39hN0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlib7rz4mYeDA5oJNGh0dHBzOi8vd3d3LmFsZGktZ3J1ZW5lLWVuZXJnaWUuZGUvZWxla3Ryb21vYmlsaXRhZXSACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLYEw2IFALQFQGAFwGyFxwKGggAEhRwdWItOTc3OTEzNDgzNTQ4OTc4MRgA&sigh=vZFRDYk9SHM&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217209372598306579560%22,%22debug_reporting%22:true,%22destination%22:%22https://aldi-gruene-energie.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22654674961%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216646425511006459617%22}&andc=true

Request Chain 76

https://googleads.g.doubleclick.net/pagead/adview?ai=CZjmgGeh2ZbCjIKe578EP98WDIJy_nIZ0nYCp__cP_Irsmf4OEAQgtq6xkAEoDWCVgoCAsAegAbjpieUDyAEGqQJiLYh_9w6yPqgDAcgDAqoE1wFP0J8fI7eUozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHri_k_pMBeUKg1wS5ZPpMLy7S8AodABX8V8-wenru6FYcddxaQeEcyk8LSGhvjIfLYsy33OoWppsWJLhr5gF8LyDy4IyT3b-LmeSZpVokGF07N8347Kc8XwTcw97Qp_obzH8p8JhUamgDc1EOHnfv6giYUkZWWL7mdwBJqZEsjqBDEjSxk6canToG4uJhZmGqojX6k6bD3BVsxpuZ8AErPH95NcDiAX5zbL7M5IFBAgEGAGSBQQIBRgEoAY3gAewlvYaqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ39hN0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlib7rz4mYeDA5oJHmh0dHBzOi8vd3d3LmdvaW4uZGUvbWVnYS1zYWxlL4AKAcgLAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAtgTDYgUAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi05Nzc5MTM0ODM1NDg5NzgxGAA&sigh=pow__cSXRVI&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212933278080046887236%22,%22debug_reporting%22:true,%22destination%22:%22https://goin.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221017279672%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211745036043852588609%22}&andc=true

Request Chain 77

https://googleads.g.doubleclick.net/pagead/adview?ai=CaXXJGeh2ZbCjIKe578EP98WDIMTs09RzpcnazYURZBAFILausZABKA1glYKAgLAHoAHg6uvCA8gBBqkCYi2If_cOsj6oAwHIAwKqBOcBT9C4aCS3lqM0NJMK70QUndur91nO3aForbA27uGg3j4n8KZOtPNAO8ruvHr1pgJeZSO-fFQ4JVfoIx64v5P6TAXlCoNCEuXrhROWu0vAKHQAV_FfPsHp67uhWHHXcWkHhHMpPC0hob4yHy2LMt9zqFqabFiS4a-YBfC8g8uCMk92_i5nkmaVaJBhdOzfN-OynPF8E3MPe0Kf6G8x_KfCYVGpoA3NRDhZscyOImEd5dkd-5nMAR-ROMg6gXMa0P1OtG6lC-ClrTBpbXgy8NDnQMCTxFP3y3FG4Itz6AoUqKB2NizIZaEWwATitL3DoASIBaSVpMlJkgUECAQYAZIFBAgFGASgBjeAB4iVlD2oB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDf2E3SCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJvuvPiZh4MDmgm7AWh0dHBzOi8vd3d3LmFjby1zaG93ZXJkcmFpbi5kZS9zaG93ZXJkcmFpbi1jLz9tdG1fY2FtcGFpZ249QVVGJTIwJTdDJTIwU2hvd2VyRHJhaW4lMjAlN0MlMjBSZXRhcmdldGluZyZtdG1fc291cmNlPUdvb2dsZSUyMEFkcyZtdG1fbWVkaXVtPVBQQyZtdG1fY29udGVudD1EaXNwbGF5Jm10bV9ncm91cD1TaG93ZXJkcmFpbiUyMEOACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLYEw2IFALQFQGAFwGyFxwKGggAEhRwdWItOTc3OTEzNDgzNTQ4OTc4MRgA&sigh=KN0g4XlvZbg&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%221902607541520538014%22,%22debug_reporting%22:true,%22destination%22:%22https://aco-showerdrain.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22945485152%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229419734410118565649%22}&andc=true

Request Chain 78

https://googleads.g.doubleclick.net/pagead/adview?ai=CeT6tGeh2ZbCjIKe578EP98WDIK--xIV0kZCSyKwSwM3a_IoqEAYgtq6xkAEoDWCVgoCAsAegAbT7rbgCyAEGqQKKS7qLS0aSPqgDAcgDAqoE2QFP0LpHBreXozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHri_k_pMBeUKg1wS5fD_AkNJoCzgu-uUNrDVUX8bTaJYcZPAn4QEcynJ2yIhPjLq24gy3XFdrJlsWJIUWZkH8Lx2PYEyT3YL2GSSZpWdZmN17N_CFbGc8XzmhQx7Qp8dmTL8p8KUp6qgLf203pf3kw8maIQRkmNf02UDsmRSs9Y72IGG478B6VYWEqmFnW9Xg5YPcmC5AWjkaXFUoutLwATOzObQuASIBcLk-KdNkgUECAQYAZIFBAgFGASgBjeAB7SE0scBqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ39hN0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlib7rz4mYeDA5oJVWh0dHBzOi8vd3d3LmR5bmFtaWNmcmVlbGFuY2VyLmFlLz9odHRwczovL3d3dy5keW5hbWljZnJlZWxhbmNlci5hZS8_a2V5d29yZD0mZGV2aWNlPWOACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLYEwzQFQGYFgGAFwGyFxwKGggAEhRwdWItOTc3OTEzNDgzNTQ4OTc4MRgA&sigh=Hckwtr18oNE&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213405643983492057765%22,%22debug_reporting%22:true,%22destination%22:%22https://dynamicfreelancer.ae%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22655064500%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222608816485311594705%22}&andc=true

Request Chain 79

https://googleads.g.doubleclick.net/pagead/adview?ai=C9kMRGeh2ZbCjIKe578EP98WDIJHS19JzgJfF56sSwI23ARAHILausZABKA1glYKAgLAHoAH2sabPA8gBBqkCYi2If_cOsj6oAwHIAwKqBNEBT9COPCy3mKM0NJMK70QUndur91nO3aForbA27uGg3j4n8KZOtPNAO8ruvHr1pgJeZSO-fFQ4JVfoIx64x5D6BAVGd39xMuScQzH_k0_HDA8GYvW3PVKo67shWHGTcWmHBHMpPC0hIbwyHy2LMt1zqFqYbFiS4a-aBfC8g8uCMk92_i5mkmaVaJBgdOzfN-OynPF8E3MPe0Kf6G8x_IfSdFRDbZjsaTYLof2NdWNqEfbPzgztAQmTG5gOqVuLInxguN_uPakEq79jT3YqXi3pDBvABKKNnYPBBIgFn4npwEySBQQIBBgBkgUECAUYBKAGN4AH8s3ZMKgH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEN_YTdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYm-68-JmHgwOaCTBodHRwczovL3d3dy5pYi1rcmVzcy5kZS9rYXJyaWVyZS9zdGVsbGVuYW5nZWJvdGWACgHICwGiDBgqFgoU5LSxAu61sQK1uLECrLqxAru7sQLYEwrQFQGYFgGAFwGyFxwKGggAEhRwdWItOTc3OTEzNDgzNTQ4OTc4MRgA&sigh=8Iskf9qBl1U&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222043480426039352713%22,%22debug_reporting%22:true,%22destination%22:%22https://ib-kress.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22971610358%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226952136800700670529%22}&andc=true

Request Chain 80

https://googleads.g.doubleclick.net/pagead/adview?ai=CaDTDGeh2ZbCjIKe578EP98WDINnx9Nx02bv-kskR5ub_q5wyEAggtq6xkAEoDWCVgoCAsAegAfC9xvYDyAEGqQJiLYh_9w6yPqgDAcgDAqoE2AFP0PhIL7eaozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHri_k_pMBeUKg0sS5f_FeEJJoCzgu-uUNrDVUX8bTaJYcZPAn4QEcynJ2yIhPjLq24gy3XFdrJlsWJIUWZkH8Lx2PYEyT3YL2GSSZpWdZmN17N_CFbGc8XzmhQx7Qp8dmTL8p8KUp6qgLf203peE52rnpEEZWQIgCfUqmYpGh56v9lbB5JGa77jAOYuFkXuYuaoI5mybAWbynxhbw3DABK-u0NGLBIgF6pidp0OSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGN4AH-MG5CagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6a-G9gHAfIHBBDf2E3SCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJvuvPiZh4MDmgl1aHR0cHM6Ly93d3cuZ2llc3N3ZWluLmNvbT91dG1fc291cmNlPWdvb2dsZSZ1dG1fbWVkaXVtPWNwYyZ1dG1fY2FtcGFpZ249UG1heF9ERS1BTEwmYWRncm91cGlkPSZ1dG1fY29udGVudD0mdXRtX3Rlcm09gAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BML0BUBmBYBgBcBshccChoIABIUcHViLTk3NzkxMzQ4MzU0ODk3ODEYAA&sigh=hYtnMhbMJHs&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=493&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22819981611205273990%22,%22debug_reporting%22:true,%22destination%22:%22https://giesswein.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221053925104%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228300229079040952561%22}&andc=true

Request Chain 81

https://googleads.g.doubleclick.net/pagead/adview?ai=CYA5qGeh2ZbCjIKe578EP98WDILuioNt057TRoZESsr79zIsOEAkgtq6xkAEoDWCVgoCAsAegAaC656cpyAEGqQK6DwMDmA21PqgDAcgDAqoE5QFP0JLzJaynmoeHmXH-TBOHx7qgFMLfdtOkizfprOnePi4SfVvI70A_yaepeqq3Cll_P68rGTQnFSfCHDtFkzvOFSzIZ_A-PmqM2hN0oCzPm-uUZbLIUeweuOWtchOEaodxcClJLiHUvTLqLIvH3nNdWZqZW5AUrJrw87x2yILHTHYLLWdnZZSdk2CB79_C4LJp8nzmcA-OQZ8dbDEJpMKUcrlAK0wZ2SFAn7rvaUlZwyhSm1a-BfiDF44Pc3sufPEbLoHkMwWPv2NPcSpXRsthL0rqcfvT7PGM741LJDamuNmRNqHewASQqYbOtgSIBdnWsI1KkgUECAQYAZIFBAgFGASgBjeAB6Dyt4cEqAfZtrECqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwHyBwQQ39hN0ggfCIDhgBAQARgfMgKqAjoCgEBIvf3BOlib7rz4mYeDA5oJYmh0dHBzOi8vb3RhaWxhbmRlLmNvbS9lbi9nYWxsZXJ5L29oLXRoaXMtc3BvcnQtMzAtZnVubmllc3QtbW9tZW50cy5odG1sLzIvP3V0bV9zb3VyY2U9Z29vZ2xlX21lZGlhgAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BMCiBQB0BUBgBcBshccChoIABIUcHViLTk3NzkxMzQ4MzU0ODk3ODEYAA&sigh=9SZL7lgLtDo&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214807382156384512548%22,%22debug_reporting%22:true,%22destination%22:%22https://otailande.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211089337632%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227509856445670617825%22}&andc=true

Request Chain 82

https://googleads.g.doubleclick.net/pagead/adview?ai=CgpI6Geh2ZbCjIKe578EP98WDIIb0zs90yteT3v8R2tkeEAogtq6xkAEoDWCVgoCAsAegAfSdlNYDyAEGqQJiLYh_9w6yPqgDAcgDAqoE0gFP0OUWN7edozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHrjHkPoEBUM2LI7AD3CL_hRQiCjnn5CSA7Q9UuxaTaLYcZOEn4SE8ynJ2yIhvjDq24gy3XNdrJluWJIUWZkF8Lx2PYEyT3YL2GSTZpWdZmN07N_CFbGc8XzmhQx7Qp8dmTL8p-KEsq9kwAKN85lEUpKu80M6UbPVJz8vmbV-1sav3i4KXmC0y2YbzEpjs0FPeDzhUfInyUbABOze95nFAYgF6qntpgOSBQQIBBgBkgUECAUYBKAGN4AH9OHrKagH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEN_YTdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYm-68-JmHgwOaCWJodHRwczovL2dlcm1hbnkuam9ic2lubmV0d29yay5jb20vP3V0bV9zb3VyY2U9Z29vZ2xlJnV0bV9tZWRpdW09YWR3b3Jkc1NlYXJjaCZ1dG1fY2FtcGFpZ249R2VybWFueYAKAcgLAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAtgTDNAVAZgWAYAXAbIXHAoaCAASFHB1Yi05Nzc5MTM0ODM1NDg5NzgxGAA&sigh=r2BRKXe2Q-w&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214772958049271622596%22,%22debug_reporting%22:true,%22destination%22:%22https://jobsinnetwork.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22985992948%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221352604594412554017%22}&andc=true

Request Chain 83

https://googleads.g.doubleclick.net/pagead/adview?ai=Cn_rAGeh2ZbCjIKe578EP98WDIPajit100p2w__UQZBALILausZABKA1glYKAgLAHoAHVlP7HA8gBBqkCYi2If_cOsj6oAwHIAwKqBNgBT9CoZzK3m6M0NJMK70QUndur91nO3aForbA27uGg3j4n8KZOtPNAO8ruvHr1pgJeZSO-fFQ4JVfoIx64v5P6TAXlCoNCEuWwvX4ySqAs4LvrlDaw1VF_G02iWHGTwJ-EBHMpydsiIT4y6tuIMt1xXayZbFiSFFmZB_C8dj2BMk92C9hkkmaVnWZjdezfwhWxnPF85oUMe0KfHZky_KfClKeqoC39tN6XuLBKwaRBGVkiIQn1KpmkBoH6qPYuirORmu_TwDmLhZF74PL9COZsmwFm8rFYXad3wATW0cupqgSIBeich8dIkgUECAQYAZIFBAgFGASgBjeAB7y_qS6oB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDf2E3SCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJvuvPiZh4MDmgkYaHR0cHM6Ly93d3cuc3RlcHN0b25lLmRlgAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BMLiBQB0BUBmBYBgBcBshccChoIABIUcHViLTk3NzkxMzQ4MzU0ODk3ODEYAA&sigh=zwvCfJ25PHs&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229418751400450968574%22,%22debug_reporting%22:true,%22destination%22:%22https://stepstone.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22956271189%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228670972857201271889%22}&andc=true

Request Chain 84

https://googleads.g.doubleclick.net/pagead/adview?ai=CXmF7Geh2ZbCjIKe578EP98WDIMjd5eBenvefkZYK_e2l_Z4YEAwgtq6xkAEoDWCVgoCAsAegAbPIotwDyAEGqQJiLYh_9w6yPqgDAcgDAqoE1QFP0Mg7F7eTozQ0kwrvRBSd26v3Wc7doWitsDbu4aDePifwpk6080A7yu68evWmAl5lI758VDglV-gjHrjHkPoMBesCg8caTcx-Mf-8b8cMXAR_9SQ4p-8euKEchJAEaoeEhirJriEhSzHqLokyKHBdWZpsrZEWrJoFBb92yIIyunULLWeSk5ack2B0GdzC4LKcBH_mcA97t5wdbDH8UsGUUomwzdt5qV5gn7rvaUlZwyhCm2r7aom2F9I1YDIuVM2-5X7KF5MYZ5CiZxD5yECD89x8wtnABOHD8LSnAogF9J6ZyweSBQQIBBgBkgUECAUYBKAGN4AHtbfdI6gH2baxAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcB8gcEEN_YTdIIHwiA4YAQEAEYHzICqgI6AoBASL39wTpYm-68-JmHgwOaCRlodHRwczovL3Nob3AudGV3aXBhY2suZGUvgAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BMNiBQI0BUBgBcBshccChoIABIUcHViLTk3NzkxMzQ4MzU0ODk3ODEYAA&sigh=20lnjEc6db8&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215029706786777272338%22,%22debug_reporting%22:true,%22destination%22:%22https://tewipack.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22998810675%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223258735801741691217%22}&andc=true

Request Chain 85

https://googleads.g.doubleclick.net/pagead/adview?ai=CSd9LGeh2ZbCjIKe578EP98WDINiMh8508Yeo46IS2tkeEA0gtq6xkAEoDWCVgoCAsAegAfXxo7cqyAEGqAMByAMCqgTWAU_QsSknt5KjNDSTCu9EFJ3bq_dZzt2haK2wNu7hoN4-J_CmTrTzQDvK7rx69aYCXmUjvnxUOCVX6CMeuMeQ-gwF-AKDy1Iky34x_7xvxwxcBH_1JDin7x64oRyEkARqh4SGKsmuISFLMeouiTIocF1ZmmytkRasmgUFv3bIgjK6dQstZ5KTlpyTYHQZ3MLgspwEf-ZwD3u3nB1sMfxSwZRSibDN22O9b41Xf-dpSRkZuGuw99k1mTs5IGc3EeRSSEvOXMobh517ot-cHNvITpUZsEaMZeXABIW7w4O6BIgF37eFyE2SBQQIBBgBkgUECAUYBKAGN4AH9an0lgWoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDf2E3SCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WJvuvPiZh4MDmgkoaHR0cHM6Ly9nbG9iYWxsYWJvcm1hcmtldGNvbmZlcmVuY2UuY29tL4AKAcgLAaIMGCoWChTktLEC7rWxArW4sQKsurECu7uxAtgTDdAVAZgWAYAXAbIXHAoaCAASFHB1Yi05Nzc5MTM0ODM1NDg5NzgxGAA&sigh=AZF7b-J2Sno&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&template_id=492&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211952824550364225982%22,%22debug_reporting%22:true,%22destination%22:%22https://globallabormarketconference.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211390220533%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226313502304488864049%22}&andc=true

Request Chain 87

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPqBVBooT_v6Dtc6ZQpYHkA&google_cver=1 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPqBVBooT_v6Dtc6ZQpYHkA&google_cver=1&C=1

Request Chain 88

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXboGr6e9LJ9mATf4BcIcwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

Request Chain 89

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIMZ2cm0-5IFDg0xl949PPY&google_cver=1

Request Chain 90

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

Request Chain 136

https://fw.adsafeprotected.com/rfw/st/1627455/73523864/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20492286635&bidurl=https://painthy.com/&ias_dealId=&xsId=ABAjH0hmZdbgBlL2_NQkVGDqOeAz&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hmZdbgBlL2_NQkVGDqOeAz&adContainerId=brand_safety_Guh2ZamANZyTjuwPpIaX-AI&cbFunctionName=goog_wrapCb_Guh2ZamANZyTjuwPpIaX-AI&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpainthy.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fpainthy.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fads%3Fclient%3Dca-pub-9779134835489781%26output%3Dhtml%26h%3D250%26slotname%3D6557565023%26adk%3D1903834021%26adf%3D658209549%26pi%3Dt.ma~as.6557565023%26w%3D325%26fwrn%3D4%26fwrnh%3D100%26lmt%3D1702291481%26rafmt%3D1%26format%3D325x250%26url%3Dhttps%253A%252F%252Fpainthy.com%252F%26ea%3D0%26fwr%3D0%26fwrattr%3Dtrue%26rpe%3D1%26resp_fmts%3D3%26wgl%3D1%26uach%3DWyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.%26dt%3D1702291481153%26bpp%3D1%26bdt%3D482%26idt%3D326%26shv%3Dr20231206%26mjsv%3Dm202312050101%26ptt%3D9%26saldr%3Daa%26abxe%3D1%26prev_fmts%3D0x0%26nras%3D1%26correlator%3D5815262515655%26rume%3D1%26frm%3D20%26pv%3D1%26ga_vid%3D1141759930.1702291481%26ga_sid%3D1702291481%26ga_hid%3D1597768592%26ga_fc%3D0%26u_tz%3D60%26u_his%3D2%26u_h%3D1200%26u_w%3D1600%26u_ah%3D1200%26u_aw%3D1600%26u_cd%3D24%26u_sd%3D1%26dmc%3D8%26adx%3D1045%26ady%3D110%26biw%3D1600%26bih%3D1200%26scr_x%3D0%26scr_y%3D0%26eid%3D44759876%252C44759927%252C44759837%252C31079265%252C31079924%252C31080036%252C95320885%252C31061691%252C31061693%26oid%3D2%26pvsid%3D2462913498881428%26tmod%3D1858147498%26uas%3D0%26nvt%3D1%26fc%3D1920%26brdim%3D0%252C0%252C0%252C0%252C1600%252C0%252C1600%252C1200%252C1600%252C1200%26vis%3D1%26rsz%3D%257C%257ClEe%257C%26abl%3DCS%26pfx%3D0%26fu%3D128%26bc%3D31%26psd%3DW251bGwsbnVsbCxudWxsLDNd%26ifi%3D2%26uci%3Da!2%26fsb%3D1%26dtd%3D330&adsafe_type=bed&adsafe_jsinfo=,id:7b142224-dd4e-d0c1-69f9-61c68dbfb19d,c:wuidKe,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765b799994-chgqz,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tY7TAcR+11%7C12%7C131*.1627455-73523864%7C1311%7C1312%7C1313%7C14,idMap:131*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:17,oid:4b2c6d10-9812-11ee-ae14-2a28f91ef4f7,v:19.8.464,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 197

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

Request Chain 198

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXboGr6e9LJ9mATf4BcIcwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

Request Chain 199

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1

Request Chain 200

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

Request Chain 201

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

Request Chain 202

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXboGr6e9LJ9mATf4BcIcwAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

Request Chain 203

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1

Request Chain 204

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

Request Chain 218

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 233

https://googleads.g.doubleclick.net/pagead/adview?ai=CZPsuGeh2ZdrTH-m878EPvJ6x2A6g9fHMZ5qQjfSVCY3m2r_NARABILausZABYJWCgICwB6ABlsWe3QPIAQGpAv_c2wbsELM-qAMByAPLBKoE3AFP0I8VyPb6z60OQbchi8zdOlc1MS70EChAWS2TS4CY7TQ52JapepleFi2lDkWxKO4cUuj8zbUny6wCdEBNtY116lVhveBn4QQn2UJo_p9Tea5i1RtxqBKbMRy1skkCq0tFO52eXeO9JGmxQyvh_TlyHSDFI2UL38J1jmISg9tBwHLw5eP8ydIZimWHWK4Mcj-CFLxQm2isv83U8innjzzxBUfWQ9QJ_2hN3xzcl1yO0HbbON9vydhnR57wLFJBmFi6nNZ6fUQMs4Id5-kTfjJ1pj6P3MZe0d9fDS5EwATf0ov5_AGIBaKJ4sUGkgUECAQYAZIFBAgFGASAB9K64SKoB9m2sQKoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDZsW_SCB8IgOGAEBABGB8yAqoCOgKAQEi9_cE6WNaXvPiZh4MDmgktaHR0cHM6Ly93d3cud29ya3BsYW5ldC5jaC9zdGVsbGVuYW5nZWJvdGUucGhwgAoByAsBogwYKhYKFOS0sQLutbECtbixAqy6sQK7u7EC2BMNiBQG0BUBgBcBshccChoIABIUcHViLTk3NzkxMzQ4MzU0ODk3ODEYALIYAyIBAA&sigh=-gk0CfIi-Fs&uach_m=%5BUACH%5D&ase=2&nis=4&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&cbvp=2&vis=1 HTTP 302
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216780569059548707557%22,%22debug_reporting%22:true,%22destination%22:%22https://workplanet.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221000841878%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225769334435251625105%22}&andc=true

Request Chain 234

https://fw.adsafeprotected.com/rfw/st/1627455/73523873/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20487174429&bidurl=https://painthy.com/&ias_dealId=&xsId=ABAjH0jyNOxkmhPLCJYds3zjlpnw&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jyNOxkmhPLCJYds3zjlpnw&adContainerId=brand_safety_HOh2ZceWDtiXjuwP6_KvYA&cbFunctionName=goog_wrapCb_HOh2ZceWDtiXjuwP6_KvYA&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpainthy.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fpainthy.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231206%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231206%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-1-%26adk%3D1812271803%26client%3Dca-pub-9779134835489781%26fa%3D3%26ifi%3D5%26uci%3Da!5%26btvi%3D1&adsafe_type=be&adsafe_jsinfo=,id:70f24f45-5e7e-a88d-d7c0-fa0dd5ae5f1b,c:wuie2i,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765b799994-gm9r6,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tY7TAuM+11%7C12%7C1311%7C1312%7C1313%7C14%7C1511%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C1711%7C181%7C182%7C191%7C1a,idMap:161*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:27,oid:4bce0447-9812-11ee-bc60-9ef3ca10fe92,v:19.8.464,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

Request Chain 257

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20492286635&bidurl=https://painthy.com/&ias_dealId=&xsId=ABAjH0iNo2hACzlZ1P8Ryi5CHKx9&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iNo2hACzlZ1P8Ryi5CHKx9&adContainerId=brand_safety_HOh2ZfmeFfGZjuwPvMOLyAw&cbFunctionName=goog_wrapCb_HOh2ZfmeFfGZjuwPvMOLyAw&true_pb=&adsafe_pb=https%3A%2F%2Fstatic.adsafeprotected.com%2F4a.js&adsafe_url=https%3A%2F%2Fpainthy.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fpainthy.com%2F&adsafe_type=c&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231206%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1&adsafe_type=d&adsafe_url=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fpagead%2Fhtml%2Fr20231206%2Fr20110914%2Fzrt_lookup_fy2021.html%3Ffsb%3D1%23RS-2-%26adk%3D1812271804%26client%3Dca-pub-9779134835489781%26fa%3D4%26ifi%3D6%26uci%3Da!6%26btvi%3D2&adsafe_type=be&adsafe_jsinfo=,id:eea54a64-f72a-8b26-47dc-1ad97a6d993d,c:wuie3R,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-765b799994-s58r6,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,mu:10000,br:c,bru:c,an:n,oam:0,mtim:3,mot:0,app:0,maw:0,fm:tY7TAwi+11%7C12%7C1311%7C1312%7C1313%7C14%7C1511%7C1611%7C1612%7C1613%7C1614%7C171*.1627455-73523888%7C1711%7C1712%7C1713%7C181%7C182%7C191%7C1a,idMap:171*,ex:e2,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:IMG.us,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:30,oid:4bddbc1b-9812-11ee-b877-5aaefb9f3dc5,v:19.8.464,sp:0,st:0,fwm:0,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/4a.js

296 HTTP transactions
5 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
painthy.com/ 49 KB
9 KB 478ms
333ms Document
text/html 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 / PHP/7.4.33
Resource Hash: 854a70be53102e3030c42d4c3f65eb8f0d838569b5733913b9a5eae6eb3ff521

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:40 GMT
link: <https://painthy.com/wp-json/>; rel="https://api.w.org/"
server: nginx-reuseport/1.21.1
vary: Accept-Encoding
x-powered-by: PHP/7.4.33

GET
H2 200 style.min.css
painthy.com/wp-includes/css/dist/block-library/ 107 KB
14 KB 74ms
72ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-includes/css/dist/block-library/style.min.css?ver=6.4.2
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 18:31:51 GMT
server: nginx-reuseport/1.21.1
etag: W/"654bd417-1add3"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
painthy.com/wp-includes/js/mediaelement/ 11 KB
3 KB 75ms
72ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Tue, 30 Nov 2021 11:58:07 GMT
server: nginx-reuseport/1.21.1
etag: W/"61a611cf-2bf8"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 wp-mediaelement.min.css
painthy.com/wp-includes/js/mediaelement/ 4 KB
1 KB 75ms
72ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.2
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Tue, 30 Nov 2021 11:58:07 GMT
server: nginx-reuseport/1.21.1
etag: W/"61a611cf-105a"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 css
fonts.googleapis.com/ 1 KB
838 B 84ms
34ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins%3A%2C400%7CPoppins%3A%2C400%7CPoppins%3A%2C400%2C%2C400&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Cvietnamese&ver=1.6

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2e120707b7a0de913a32da3e779b975bd342672ca68c9aa373029f38c90cfb56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 10:37:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Dec 2023 10:44:40 GMT

GET
H2 200 bootstrap.css
painthy.com/wp-content/themes/disto/css/ 221 KB
34 KB 75ms
73ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/css/bootstrap.css?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 6c38dc17dbebb7e00014f3ea1025d5bb245baff733b50069eff5403b5dfaeeb8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-373fb"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 style.css
painthy.com/wp-content/themes/disto/ 733 KB
89 KB 75ms
73ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/style.css?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: ceee574841dd9f8ff1f1d23a93e3115a2c6b0392f804f3c6b35fd6c53d754073

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-b7494"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 responsive.css
painthy.com/wp-content/themes/disto/css/ 93 KB
13 KB 75ms
73ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/css/responsive.css?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: dc94b334bdbade3c6e278dcb6568556f0ce413d97a49d046e94a67f56472f0ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-17598"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 jetpack.css
painthy.com/wp-content/plugins/jetpack/css/ 98 KB
18 KB 75ms
74ms Stylesheet
text/css 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/plugins/jetpack/css/jetpack.css?ver=12.7
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: e3e284f113e4bcac5dff1505966a91a128687b12fae8d9c14e83d334a1f4afe6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Thu, 12 Oct 2023 20:07:28 GMT
server: nginx-reuseport/1.21.1
etag: W/"65285200-188fa"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 jquery.min.js Show response
painthy.com/wp-includes/js/jquery/ 86 KB
30 KB 75ms
74ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 08 Nov 2023 18:31:50 GMT
server: nginx-reuseport/1.21.1
etag: W/"654bd416-15601"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 jquery-migrate.min.js Show response
painthy.com/wp-includes/js/jquery/ 13 KB
5 KB 75ms
74ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 09 Aug 2023 07:30:14 GMT
server: nginx-reuseport/1.21.1
etag: W/"64d34086-3509"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
51 KB 166ms
122ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9779134835489781

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2233c53a2b65d37a6c9826430686fe2cfdcafe5d9169727961e727291369e604

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Origin: https://painthy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52117
x-xss-protection: 0
server: cafe
etag: 291925939538344814
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:41 GMT

GET
H2 200 logo-painthy.png
painthy.com/wp-content/uploads/2022/07/ 3 KB
4 KB 270ms
268ms Image
image/png 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2022/07/logo-painthy.png
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 566165820cb347905665472e5e57227f1a034c64299787686311ffa124d9082b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Wed, 06 Jul 2022 23:14:45 GMT
server: nginx-reuseport/1.21.1
etag: "62c61765-d7f"
content-type: image/png
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 3455
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Germany-job-vacancy-780x450.jpg
painthy.com/wp-content/uploads/2022/11/ 69 KB
69 KB 75ms
74ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2022/11/Germany-job-vacancy-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 7eb0253f0361aa22f7eca8b526abb2e43c2576f2a36aea5b0848a18d6570378c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Tue, 08 Nov 2022 17:24:52 GMT
server: nginx-reuseport/1.21.1
etag: "636a90e4-11455"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 70741
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Sweden-shool-4-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 77 KB
77 KB 270ms
269ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Sweden-shool-4-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 5d718e731772b953c14feecc2919cfc6c1dac89785885346c17e5a5f5e300e1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 20:26:23 GMT
server: nginx-reuseport/1.21.1
etag: "65761eef-13415"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 78869
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 canada4-shool-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 47 KB
48 KB 65ms
65ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/canada4-shool-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 2118ff5e7b81b33ce532537119543614a3258f77bfa6e61a28c7f76777faf46b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 19:36:55 GMT
server: nginx-reuseport/1.21.1
etag: "65761357-bdb0"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 48560
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 post-like.js Show response
painthy.com/wp-content/plugins/disto-function/ 918 B
629 B 68ms
66ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/plugins/disto-function/post-like.js?ver=1.0
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: f278bf82a64ac1a5ae8f69e06890047a914b3d0100bf856aabd758d2e15edf36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:56:33 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c61321-396"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 fluidvids.js Show response
painthy.com/wp-content/themes/disto/js/ 1 KB
863 B 68ms
66ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/fluidvids.js?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: d9ce958515e4c42199afa5f6f985d7038047c2ca5821147d68fe3604b138e5aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-484"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 infinitescroll.js Show response
painthy.com/wp-content/themes/disto/js/ 10 KB
4 KB 68ms
66ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/infinitescroll.js?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: aaadde89b0db2f97f270379b4762e025c85a1a4d8a4c9ae2421ab48198cc3ae6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-2971"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 justified.js Show response
painthy.com/wp-content/themes/disto/js/ 37 KB
12 KB 68ms
66ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/justified.js?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 25fdc7a17a7b3884e86c6f6b72b60288025980e5bcfff6b736f077902c1697ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-94e2"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 slick.js Show response
painthy.com/wp-content/themes/disto/js/ 42 KB
10 KB 68ms
67ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/slick.js?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 2c55dea800c7c131d9f3e3ac8a411abf3ca2b4fa836a7376aba3e99c43a621ba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-a77b"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 theia-sticky-sidebar.js Show response
painthy.com/wp-content/themes/disto/js/ 5 KB
2 KB 68ms
67ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/theia-sticky-sidebar.js?ver=1.5
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: ad386e83074906780dfa1feec2070ff6e11f15c07953ac3d8431300ae0ba175b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-1509"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 aos.js Show response
painthy.com/wp-content/themes/disto/js/ 14 KB
5 KB 68ms
67ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/aos.js?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-37a3"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 custom.js Show response
painthy.com/wp-content/themes/disto/js/ 18 KB
3 KB 68ms
67ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/js/custom.js?ver=1.6
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: c0a71ca2c2b80121a9db00dd745294b6a10f3904add5781197d3f6db69e4a574

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
content-encoding: gzip
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: W/"62c612f1-48ce"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:40 GMT

GET
H2 200 e-202350.js Show response
stats.wp.com/ 7 KB
3 KB 69ms
21ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202350.js
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Mon, 11 Dec 2023 10:44:41 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684464982353.1523
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Sun, 08 Dec 2024 22:20:13 GMT

GET
BLOB 200
OK 67586ff4-c967-4068-9fba-8a33d98b331f
https://painthy.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://painthy.com/67586ff4-c967-4068-9fba-8a33d98b331f
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 150 KB
51 KB 116ms
72ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9779134835489781

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

85504127fe4db2de68001bdda289346afe0f83ee56310e0b8b0815c196e27cbd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Origin: https://painthy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 52120
x-xss-protection: 0
server: cafe
etag: 12139768252868267034
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:41 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.gstatic.com/s/poppins/v20/ 8 KB
8 KB 68ms
21ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Poppins%3A%2C400%7CPoppins%3A%2C400%7CPoppins%3A%2C400%2C%2C400&subset=latin%2Clatin-ext%2Ccyrillic%2Ccyrillic-ext%2Cgreek%2Cgreek-ext%2Cvietnamese&ver=1.6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://painthy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 19:07:20 GMT
x-content-type-options: nosniff
age: 315441
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7884
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 06 Dec 2024 19:07:20 GMT

GET
H2 200 fontawesome-webfont.woff2
painthy.com/wp-content/themes/disto/css/fonts/ 65 KB
65 KB 65ms
65ms Font
application/font-woff2 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-content/themes/disto/css/fonts/fontawesome-webfont.woff2?v=4.5.0
Requested by: Host: painthy.com
URL: https://painthy.com/wp-content/themes/disto/css/bootstrap.css?ver=1.6
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

Request headers

Referer: https://painthy.com/wp-content/themes/disto/css/bootstrap.css?ver=1.6
Origin: https://painthy.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Wed, 06 Jul 2022 22:55:45 GMT
server: nginx-reuseport/1.21.1
etag: "62c612f1-10440"
content-type: application/font-woff2
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 66624
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Germany-2-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 70 KB
70 KB 68ms
66ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Germany-2-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 9bfb077c58ba2ed326e6c2e5fde000951543d1dbb6a5fed4662eeade4c1ebdd1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 19:00:55 GMT
server: nginx-reuseport/1.21.1
etag: "65760ae7-11770"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 71536
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Poland-jobs-1-1-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 66 KB
66 KB 68ms
67ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Poland-jobs-1-1-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: c412e214b5bf8c2c5df9b4564a28d33a50208291c0e3d713b635806713c74a56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 17:57:13 GMT
server: nginx-reuseport/1.21.1
etag: "6575fbf9-10667"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 67175
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Singapore-petro-1-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 72 KB
72 KB 69ms
67ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Singapore-petro-1-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 1e9d81ffc95fdfa7a102e3e0f3441e497d93a20d57dbf0f3e97f28348e762198

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 16:47:19 GMT
server: nginx-reuseport/1.21.1
etag: "6575eb97-120a6"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 73894
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Petron-Malaysia2-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 71 KB
72 KB 68ms
67ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Petron-Malaysia2-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 9e3a705dca5d86993ba0382f8670c3755f9398d82c1fb980fa28242a9bb61da1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 15:31:03 GMT
server: nginx-reuseport/1.21.1
etag: "6575d9b7-11dfa"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 73210
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Emaar-group-6-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 56 KB
56 KB 68ms
67ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Emaar-group-6-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: dcb9644014045b8bb2f2e5431d5a4b6daa7b249a1c86f6b0e6ec108fd857314f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 10:08:51 GMT
server: nginx-reuseport/1.21.1
etag: "65758e33-e08d"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 57485
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Tesla-Jobs-UAE-Qatar-USA-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 60 KB
60 KB 68ms
67ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Tesla-Jobs-UAE-Qatar-USA-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 3ed4f005d017269daae648a345d69de32a82073817aa68719c1738eb41a078dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 06:39:11 GMT
server: nginx-reuseport/1.21.1
etag: "65755d0f-efae"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 61358
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Borr-driling-jobs-1-780x450.jpg
painthy.com/wp-content/uploads/2023/12/ 71 KB
72 KB 68ms
68ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/12/Borr-driling-jobs-1-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 662427ed34db05e4f8689ef317119113c1091438bcde0d9927d72766f24cecd2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sat, 09 Dec 2023 20:26:47 GMT
server: nginx-reuseport/1.21.1
etag: "6574cd87-11dc1"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 73153
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 Qatar-energy3-780x450.jpg
painthy.com/wp-content/uploads/2023/05/ 34 KB
34 KB 68ms
68ms Image
image/jpeg 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://painthy.com/wp-content/uploads/2023/05/Qatar-energy3-780x450.jpg
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 962c6f934340fc6195fd8ee2597996ef967fa2c1ea8b76b22dfbff4d6657018f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:40 GMT
last-modified: Sun, 10 Dec 2023 12:34:02 GMT
server: nginx-reuseport/1.21.1
etag: "6575b03a-8861"
content-type: image/jpeg
cache-control: max-age=2592000
accept-ranges: bytes
content-length: 34913
expires: Wed, 10 Jan 2024 10:44:40 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
153 B 28ms
20ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=205086879&post=0&tz=3&srv=painthy.com&j=1%3A12.7&host=painthy.com&ref=&fcp=820&rand=0.6693418126082162
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 11 Dec 2023 10:44:41 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
painthy.com/wp-includes/js/ 18 KB
5 KB 70ms
70ms Script
application/x-javascript 45.130.41.84
BEGET-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://painthy.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 45.130.41.84 St Petersburg, Russian Federation, ASN198610 (BEGET-AS, RU),
Reverse DNS: ssl.codia2.beget.com
Software: nginx-reuseport/1.21.1 /
Resource Hash: 4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:41 GMT
content-encoding: gzip
last-modified: Wed, 29 Mar 2023 19:30:09 GMT
server: nginx-reuseport/1.21.1
etag: W/"642491c1-4904"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=604800
expires: Mon, 18 Dec 2023 10:44:41 GMT

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 398 KB
135 KB 126ms
86ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9779134835489781&plah=painthy.com&bust=31080036

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9779134835489781

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9d0edc5d2a5b64fe3bc08b0b7d7e8d39dad3355c0f805bd707aedfb717fc3a22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 137723
x-xss-protection: 0
server: cafe
etag: 1667401761520699527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:41 GMT

GET
H2 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/ Frame 6B32 9 KB
4 KB 80ms
19ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20190131/zrt_lookup_fy2021.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-9779134835489781

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1546
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:18:55 GMT
etag: 5585625838579639069
expires: Mon, 25 Dec 2023 10:18:55 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 rum_fy2021.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/ 56 KB
21 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/rum_fy2021.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-9779134835489781&plah=painthy.com&bust=31080036

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0ed2fbe2d2b97abe16e2599f15bff066e4b0600c00b5865b68e61bd95611ffc6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 21:53:21 GMT
content-encoding: br
x-content-type-options: nosniff
age: 46280
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21968
x-xss-protection: 0
server: cafe
etag: 7244557756326998247
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 21:53:21 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame DEB2 454 KB
104 KB 2381ms
2381ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&adk=1812271804&adf=3025194257&lmt=1702291481&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fpainthy.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481149&bpp=4&bdt=478&idt=306&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5815262515655&rume=1&frm=20&pv=2&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=325

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

93cffeb6d38ee782b57bc55792f291330dfa6bf340856e4707cdcc6c2db0445b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 105778
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:43 GMT
expires: Mon, 11 Dec 2023 10:44:43 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 54ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&tn=HEADER&cls=header-wraper%20header_magazine_full_screen%20header_magazine_full_screen%20jl_topa_menu_sticky%20options_dark_header%20jl_cus_sihead&ign=false&pw=1600&ph=1200&x=0&y=0

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 4A6D 31 KB
12 KB 1027ms
1027ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d5210ae9cf05965f10dc94e13be8495b8c0aea66e4b2ffb4c6ce5ad3911d0a0f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 12182
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:42 GMT
expires: Mon, 11 Dec 2023 10:44:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 8B61 248 KB
46 KB 804ms
804ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=1118&slotname=9671647671&adk=103722881&adf=596777495&pi=t.ma~as.9671647671&w=325&cr_col=1&cr_row=13&fwrn=2&lmt=1702291481&rafmt=9&format=325x1118&url=https%3A%2F%2Fpainthy.com%2F&ea=0&crui=image_sidebyside&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481155&bpp=1&bdt=485&idt=330&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C325x250&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=332

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

13e73245838f4910c698a39fbfaeb10a6de7fd43cd461ef408714a01cf9b8f2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 47057
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:42 GMT
expires: Mon, 11 Dec 2023 10:44:42 GMT
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame 8B61 9 KB
4 KB 69ms
20ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=1118&slotname=9671647671&adk=103722881&adf=596777495&pi=t.ma~as.9671647671&w=325&cr_col=1&cr_row=13&fwrn=2&lmt=1702291481&rafmt=9&format=325x1118&url=https%3A%2F%2Fpainthy.com%2F&ea=0&crui=image_sidebyside&fwr=0&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481155&bpp=1&bdt=485&idt=330&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0%2C325x250&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=410&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=3&uci=a!3&fsb=1&dtd=332

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 03:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199883
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 03:13:19 GMT

GET
H2 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 8B61 2 KB
903 B 66ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54070
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 19:43:32 GMT

GET
H2 200 50459845d1cbd526a76ea757de42d266.js Show response
www.gstatic.com/mysidia/ Frame 8B61 23 KB
10 KB 60ms
22ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/50459845d1cbd526a76ea757de42d266.js?tag=exit_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136939
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9842
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 20:42:23 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 8B61 24 KB
9 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:42:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 20:42:23 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 8B61 3 KB
1 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:21:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 09:21:43 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 8B61 20 KB
9 KB 64ms
18ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39662
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 23:43:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 8B61 204 KB
65 KB 107ms
52ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3470dc8af1dd6fc8b6c59a0a3d3632969c68fe410cf5c9530e253a3b7327e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65597
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1702058669129730"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:42 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/4907481198715232580/ Frame 8B61 149 KB
150 KB 22ms
20ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4907481198715232580/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf16672386c3480d9a4c788cf864af46cd7e8957387961ef905fd590b9598f3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:49:43 GMT
x-content-type-options: nosniff
age: 39299
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 152753
x-xss-protection: 0
last-modified: Sun, 10 Dec 2023 13:04:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 09 Dec 2024 23:49:43 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/9842540274563299475/ Frame 8B61 56 KB
57 KB 36ms
34ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/9842540274563299475/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

323b389d8458f7dc707e2f119c0cffbbc29f465d5e5145663ed2843d0c58ab72

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 04:06:58 GMT
x-content-type-options: nosniff
age: 110264
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57761
x-xss-protection: 0
last-modified: Wed, 01 Mar 2023 09:48:13 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 09 Dec 2024 04:06:58 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/18318405616999817694/ Frame 8B61 183 KB
183 KB 86ms
83ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/18318405616999817694/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e6fc61fe295b484ffb97e65827967af6e50a70ab5dbb2db8df8f254bb3baf6a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:49:00 GMT
x-content-type-options: nosniff
age: 39342
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 187325
x-xss-protection: 0
last-modified: Mon, 06 Nov 2023 09:05:37 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Mon, 09 Dec 2024 23:49:00 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/106600464742706586/ Frame 8B61 168 KB
168 KB 85ms
83ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/106600464742706586/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dddb1dd2e3b9741198706af9aaca0db8a92af319bc0a052cd211628aed8959a2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 08:20:44 GMT
x-content-type-options: nosniff
age: 181438
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 172223
x-xss-protection: 0
last-modified: Wed, 05 Oct 2022 05:56:00 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 08 Dec 2024 08:20:44 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/7298091241069878391/ Frame 8B61 104 KB
104 KB 81ms
79ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7298091241069878391/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ee21d2fee0e71b3c027db61b46cb52e75a55e57e8e0158683c2f63b1948e900

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 23:01:43 GMT
x-content-type-options: nosniff
age: 214979
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 106141
x-xss-protection: 0
last-modified: Thu, 02 Mar 2023 14:35:54 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 23:01:43 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/4600273341163038996/ Frame 8B61 69 KB
69 KB 78ms
76ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/4600273341163038996/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3fa868c32233943b85f9dd5a56505d191a95a8aa225a5077ae6bbd73063944c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 10:45:52 GMT
x-content-type-options: nosniff
age: 259130
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70754
x-xss-protection: 0
last-modified: Mon, 28 Nov 2022 08:20:26 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 10:45:52 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/7090430617599535673/ Frame 8B61 180 KB
180 KB 92ms
90ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/7090430617599535673/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dec757dd01ad8eccc7e208f0371954d9ba4e60631492e5d104d24568c612483a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 17:39:21 GMT
x-content-type-options: nosniff
age: 234321
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 184272
x-xss-protection: 0
last-modified: Thu, 05 Oct 2023 21:43:25 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 17:39:21 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 8B61 22 KB
22 KB 87ms
22ms Image
image/jpeg 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcRSDmUql08SJCFXeY_EgxCQY4AAoQASJgKFdUSyy8lCGeClB1Nfa_4X-Nmsmg&usqp=CAI

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fbe403c6402f83e4e4d8fb4f87bf3326797010c07b5f93276b6a718854eb504e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:49:18 GMT
x-content-type-options: nosniff
age: 39324
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22143
x-xss-protection: 0
last-modified: Wed, 02 Feb 2022 12:37:22 GMT
server: sffe
report-to: {"group":"images-tbn","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/images-tbn"}]}
content-type: image/jpeg
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="images-tbn"
expires: Mon, 09 Dec 2024 23:49:18 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/5751346793053327279/ Frame 8B61 65 KB
65 KB 97ms
96ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/5751346793053327279/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f51c2ea8be90351c31c2eaf325eb98d4495c2fa17dbf45ece1405e3f4d62a747

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 14:02:55 GMT
x-content-type-options: nosniff
age: 247307
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66765
x-xss-protection: 0
last-modified: Thu, 04 May 2023 14:10:44 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 14:02:55 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/11599255582175383611/ Frame 8B61 180 KB
180 KB 106ms
105ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11599255582175383611/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b0f50d56487c75208623dbfb545f5fb219bb14cf084dbfa43a8a0a88b367373

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 21:12:35 GMT
x-content-type-options: nosniff
age: 135127
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 183948
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 01:02:04 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 08 Dec 2024 21:12:35 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/17878294055922960983/ Frame 8B61 151 KB
151 KB 103ms
102ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17878294055922960983/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b8f0c95d61d2f7f7e032614835b050941c0cdd9cb9914f50f4b107e31dd6096

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 12:59:03 GMT
x-content-type-options: nosniff
age: 251139
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 154665
x-xss-protection: 0
last-modified: Fri, 31 Mar 2023 12:44:01 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sat, 07 Dec 2024 12:59:03 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/17372156498418940520/ Frame 8B61 38 KB
38 KB 108ms
107ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/17372156498418940520/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae585b5e68040f400b56107084d04ab1c8b7eed9025db0e8f49a0ff019e058cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 16:46:06 GMT
x-content-type-options: nosniff
age: 151116
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39036
x-xss-protection: 0
last-modified: Mon, 27 Jun 2022 21:52:32 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 08 Dec 2024 16:46:06 GMT

GET
H2 200 14763004658117789537
tpc.googlesyndication.com/simgad/1438717160722506272/ Frame 8B61 225 KB
225 KB 90ms
90ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/1438717160722506272/14763004658117789537

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

038b275f38d04b75d7182414be819e2ac78ec03d33656d9ed3731ec81c020c1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 07:22:30 GMT
x-content-type-options: nosniff
age: 184932
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 230197
x-xss-protection: 0
last-modified: Thu, 30 Nov 2023 09:02:21 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Sun, 08 Dec 2024 07:22:30 GMT

GET
DATA 200
OK truncated
/ Frame 8B61 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b39123d9447a82a3d9a9754c068dd9962c8ef71d82787686518d89d0f2adc0ec

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 204 csi
csi.gstatic.com/ 0
234 B 169ms
67ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=1~lq0se9hv&c=2462913498881428&e=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C31061691%2C31061693&ctx=1&met.6=6.1_Cg4Y_BEgrQEqBggGEgIQAQ
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/rum_fy2021.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A57C 624 B
246 B 67ms
65ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGPKT3_QBMAE&v=APEucNXI3pi1o39g3AM67SgHZPxTC1EA3koMe2nAE08ZSzC5RlAc1jkaugkGVh0iI7_nrDkdDLLupahOJpOreviKctpAAeqWA0B_AmEof9WNccyF7Gavff6535CyUD1kCLPrDgU5RujcX-MkNmUlorxCvl0yBbkAvKC_5IIJj2IjhPBjZKKYK8Q

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:42 GMT
expires: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame CD8E 89 KB
31 KB 88ms
87ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:42 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame CD8E 3 KB
1 KB 33ms
31ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:21:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 09:21:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame CD8E 20 KB
8 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39662
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 23:43:40 GMT

GET
H2 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame CD8E 202 KB
64 KB 42ms
40ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:42 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD8E 42 B
63 B 63ms
62ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AUYyZdBZdAJKSfAjipzE-BLA-_YqTKQ_GlGUGHNJ4qX9n5ovZKLOaRDVpkAig66YrHsheBNp3w_G-BSOseCR-4s7Dz1lTTgokUDXl5Tsgg2XKVu64

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C6rwkGeh2ZbCjIKe578EP98WDIPDbgd90mv_T_bcShtLmrYkCEAEgtq6xkAEoDWCVgoCAsAegAZroq8IpyAEGqQJiLYh_9w6yPqgDAcgDAqoE5gFP0MVjOreeozQ0kwrvRBSd26v3Wc7doWi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222492744730336515905%22,%22debug_reporting%22:true,%22destination%22:%22https://jobmesh.de%22,%22event_report_window%22:%22...

0
0

115ms
74ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222492744730336515905%22,%22debug_reporting%22:true,%22destination%22:%22https://jobmesh.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211144983578%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2217344830558226227153%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"2492744730336515905","debug_reporting":true,"destination":"https://jobmesh.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11144983578"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"17344830558226227153"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"2492744730336515905","debug_reporting":true,"destination":"https://jobmesh.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11144983578"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"17344830558226227153"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CpPpRGeh2ZbCjIKe578EP98WDIKWjv7B0r-im2JER2tkeEAIgtq6xkAEoDWCVgoCAsAegAdbRrMADyAEGqQJiLYh_9w6yPqgDAcgDAqoE2AFP0IJrG7eZozQ0kwrvRBSd26v3Wc7doWitsDb...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226644071119630907920%22,%22debug_reporting%22:true,%22destination%22:%22https://aida-whirlpools.de%22,%22event_report_windo...

0
0

117ms
77ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%226644071119630907920%22,%22debug_reporting%22:true,%22destination%22:%22https://aida-whirlpools.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22940255446%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228978932373045830145%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"6644071119630907920","debug_reporting":true,"destination":"https://aida-whirlpools.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["940255446"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"8978932373045830145"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"6644071119630907920","debug_reporting":true,"destination":"https://aida-whirlpools.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["940255446"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"8978932373045830145"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CYDcDGeh2ZbCjIKe578EP98WDINvHyuhz7ta_7_QR-rjh-e1AEAMgtq6xkAEoDWCVgoCAsAegAZGYlrgCyAEGqQJiLYh_9w6yPqgDAcgDAqoE1gFP0KcSL7eVozQ0kwrvRBSd26v3Wc7doWi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217209372598306579560%22,%22debug_reporting%22:true,%22destination%22:%22https://aldi-gruene-energie.de%22,%22event_report_...

0
0

115ms
74ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2217209372598306579560%22,%22debug_reporting%22:true,%22destination%22:%22https://aldi-gruene-energie.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22654674961%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2216646425511006459617%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"17209372598306579560","debug_reporting":true,"destination":"https://aldi-gruene-energie.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["654674961"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"16646425511006459617"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"17209372598306579560","debug_reporting":true,"destination":"https://aldi-gruene-energie.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["654674961"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"16646425511006459617"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CZjmgGeh2ZbCjIKe578EP98WDIJy_nIZ0nYCp__cP_Irsmf4OEAQgtq6xkAEoDWCVgoCAsAegAbjpieUDyAEGqQJiLYh_9w6yPqgDAcgDAqoE1wFP0J8fI7eUozQ0kwrvRBSd26v3Wc7doWi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212933278080046887236%22,%22debug_reporting%22:true,%22destination%22:%22https://goin.de%22,%22event_report_window%22:%2225...

0
0

114ms
75ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2212933278080046887236%22,%22debug_reporting%22:true,%22destination%22:%22https://goin.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221017279672%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%2211745036043852588609%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"12933278080046887236","debug_reporting":true,"destination":"https://goin.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1017279672"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"11745036043852588609"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"12933278080046887236","debug_reporting":true,"destination":"https://goin.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1017279672"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"11745036043852588609"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CaXXJGeh2ZbCjIKe578EP98WDIMTs09RzpcnazYURZBAFILausZABKA1glYKAgLAHoAHg6uvCA8gBBqkCYi2If_cOsj6oAwHIAwKqBOcBT9C4aCS3lqM0NJMK70QUndur91nO3aForbA27uG...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%221902607541520538014%22,%22debug_reporting%22:true,%22destination%22:%22https://aco-showerdrain.de%22,%22event_report_windo...

0
0

97ms
57ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%221902607541520538014%22,%22debug_reporting%22:true,%22destination%22:%22https://aco-showerdrain.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22945485152%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%229419734410118565649%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"1902607541520538014","debug_reporting":true,"destination":"https://aco-showerdrain.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["945485152"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"9419734410118565649"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"1902607541520538014","debug_reporting":true,"destination":"https://aco-showerdrain.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["945485152"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"9419734410118565649"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CeT6tGeh2ZbCjIKe578EP98WDIK--xIV0kZCSyKwSwM3a_IoqEAYgtq6xkAEoDWCVgoCAsAegAbT7rbgCyAEGqQKKS7qLS0aSPqgDAcgDAqoE2QFP0LpHBreXozQ0kwrvRBSd26v3Wc7doWi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213405643983492057765%22,%22debug_reporting%22:true,%22destination%22:%22https://dynamicfreelancer.ae%22,%22event_report_wi...

0
0

97ms
56ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2213405643983492057765%22,%22debug_reporting%22:true,%22destination%22:%22https://dynamicfreelancer.ae%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22655064500%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%222608816485311594705%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"13405643983492057765","debug_reporting":true,"destination":"https://dynamicfreelancer.ae","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["655064500"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"2608816485311594705"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"13405643983492057765","debug_reporting":true,"destination":"https://dynamicfreelancer.ae","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["655064500"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"2608816485311594705"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=C9kMRGeh2ZbCjIKe578EP98WDIJHS19JzgJfF56sSwI23ARAHILausZABKA1glYKAgLAHoAH2sabPA8gBBqkCYi2If_cOsj6oAwHIAwKqBNEBT9COPCy3mKM0NJMK70QUndur91nO3aForbA...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222043480426039352713%22,%22debug_reporting%22:true,%22destination%22:%22https://ib-kress.de%22,%22event_report_window%22:%2...

0
0

115ms
75ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%222043480426039352713%22,%22debug_reporting%22:true,%22destination%22:%22https://ib-kress.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22971610358%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226952136800700670529%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"2043480426039352713","debug_reporting":true,"destination":"https://ib-kress.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["971610358"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"6952136800700670529"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"2043480426039352713","debug_reporting":true,"destination":"https://ib-kress.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["971610358"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"6952136800700670529"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CaDTDGeh2ZbCjIKe578EP98WDINnx9Nx02bv-kskR5ub_q5wyEAggtq6xkAEoDWCVgoCAsAegAfC9xvYDyAEGqQJiLYh_9w6yPqgDAcgDAqoE2AFP0PhIL7eaozQ0kwrvRBSd26v3Wc7doWi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22819981611205273990%22,%22debug_reporting%22:true,%22destination%22:%22https://giesswein.com%22,%22event_report_window%22:%...

0
0

116ms
76ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%22819981611205273990%22,%22debug_reporting%22:true,%22destination%22:%22https://giesswein.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221053925104%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228300229079040952561%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"819981611205273990","debug_reporting":true,"destination":"https://giesswein.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1053925104"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"8300229079040952561"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"819981611205273990","debug_reporting":true,"destination":"https://giesswein.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1053925104"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"8300229079040952561"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CYA5qGeh2ZbCjIKe578EP98WDILuioNt057TRoZESsr79zIsOEAkgtq6xkAEoDWCVgoCAsAegAaC656cpyAEGqQK6DwMDmA21PqgDAcgDAqoE5QFP0JLzJaynmoeHmXH-TBOHx7qgFMLfdtO...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214807382156384512548%22,%22debug_reporting%22:true,%22destination%22:%22https://otailande.com%22,%22event_report_window%22...

0
0

102ms
74ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214807382156384512548%22,%22debug_reporting%22:true,%22destination%22:%22https://otailande.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211089337632%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%227509856445670617825%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"14807382156384512548","debug_reporting":true,"destination":"https://otailande.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11089337632"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"7509856445670617825"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"14807382156384512548","debug_reporting":true,"destination":"https://otailande.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11089337632"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"7509856445670617825"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CgpI6Geh2ZbCjIKe578EP98WDIIb0zs90yteT3v8R2tkeEAogtq6xkAEoDWCVgoCAsAegAfSdlNYDyAEGqQJiLYh_9w6yPqgDAcgDAqoE0gFP0OUWN7edozQ0kwrvRBSd26v3Wc7doWitsDb...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214772958049271622596%22,%22debug_reporting%22:true,%22destination%22:%22https://jobsinnetwork.com%22,%22event_report_windo...

0
0

114ms
75ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2214772958049271622596%22,%22debug_reporting%22:true,%22destination%22:%22https://jobsinnetwork.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22985992948%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%221352604594412554017%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"14772958049271622596","debug_reporting":true,"destination":"https://jobsinnetwork.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["985992948"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"1352604594412554017"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"14772958049271622596","debug_reporting":true,"destination":"https://jobsinnetwork.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["985992948"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"1352604594412554017"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=Cn_rAGeh2ZbCjIKe578EP98WDIPajit100p2w__UQZBALILausZABKA1glYKAgLAHoAHVlP7HA8gBBqkCYi2If_cOsj6oAwHIAwKqBNgBT9CoZzK3m6M0NJMK70QUndur91nO3aForbA27uG...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229418751400450968574%22,%22debug_reporting%22:true,%22destination%22:%22https://stepstone.de%22,%22event_report_window%22:%...

0
0

115ms
76ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%229418751400450968574%22,%22debug_reporting%22:true,%22destination%22:%22https://stepstone.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22956271189%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%228670972857201271889%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"9418751400450968574","debug_reporting":true,"destination":"https://stepstone.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["956271189"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"8670972857201271889"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"9418751400450968574","debug_reporting":true,"destination":"https://stepstone.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["956271189"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"8670972857201271889"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CXmF7Geh2ZbCjIKe578EP98WDIMjd5eBenvefkZYK_e2l_Z4YEAwgtq6xkAEoDWCVgoCAsAegAbPIotwDyAEGqQJiLYh_9w6yPqgDAcgDAqoE1QFP0Mg7F7eTozQ0kwrvRBSd26v3Wc7doWi...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215029706786777272338%22,%22debug_reporting%22:true,%22destination%22:%22https://tewipack.de%22,%22event_report_window%22:%...

0
0

116ms
77ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2215029706786777272338%22,%22debug_reporting%22:true,%22destination%22:%22https://tewipack.de%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%22998810675%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%223258735801741691217%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"15029706786777272338","debug_reporting":true,"destination":"https://tewipack.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["998810675"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"3258735801741691217"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"15029706786777272338","debug_reporting":true,"destination":"https://tewipack.de","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["998810675"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"3258735801741691217"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame 8B61
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CSd9LGeh2ZbCjIKe578EP98WDINiMh8508Yeo46IS2tkeEA0gtq6xkAEoDWCVgoCAsAegAfXxo7cqyAEGqAMByAMCqgTWAU_QsSknt5KjNDSTCu9EFJ3bq_dZzt2haK2wNu7hoN4-J_CmTrT...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211952824550364225982%22,%22debug_reporting%22:true,%22destination%22:%22https://globallabormarketconference.com%22,%22even...

0
0

81ms
55ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2211952824550364225982%22,%22debug_reporting%22:true,%22destination%22:%22https://globallabormarketconference.com%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%2211390220533%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%226313502304488864049%22}&andc=true

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"11952824550364225982","debug_reporting":true,"destination":"https://globallabormarketconference.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11390220533"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"6313502304488864049"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:43 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"11952824550364225982","debug_reporting":true,"destination":"https://globallabormarketconference.com","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["11390220533"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"6313502304488864049"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 8B61 64 KB
24 KB 90ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3488
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24482
x-xss-protection: 0
server: cafe
etag: 10022724608466387392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:46:34 GMT

GET
H2

200

rum
dsum-sec.casalemedia.com/ Frame A57C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPqBVBooT_v6Dtc6ZQpYHkA&google_cver=1
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPqBVBooT_v6Dtc6ZQpYHkA&google_cver=1&C=1

43 B
338 B

80ms
80ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEPqBVBooT_v6Dtc6ZQpYHkA&google_cver=1&C=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGPKT3_QBMAE&v=APEucNXI3pi1o39g3AM67SgHZPxTC1EA3koMe2nAE08ZSzC5RlAc1jkaugkGVh0iI7_nrDkdDLLupahOJpOreviKctpAAeqWA0B_AmEof9WNccyF7Gavff6535CyUD1kCLPrDgU5RujcX-MkNmUlorxCvl0yBbkAvKC_5IIJj2IjhPBjZKKYK8Q
Protocol: H2
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BfFSZRPRb85TMcutO61ewpu%2FWRPeHMqBZhJB0p0Awzvj7XwboKDXuxjWpR79AznTISprPBZwnC03rVl7yWMDhZRJzWAPGZwmvgs2f5xNHlNWDkOZP3pglOhXj77IqxKc5ebUwHfA4hU6vQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 833d2248cf5c3576-WAW
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2Bd7bE6C6jA%2FucKyfaKQraN2Y1P2RYQRr6tAAv3MfMUuWQHXRKLuSwirv2VBgJvPXtY3Lza%2B02NJtr5uQDkgaSqdOr6%2FwQey%2F2gZHVNYTXg%2B9G1S4dsbkMh4IsXYbddVcDV%2F%2FU9CvLq%2FfA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
location: /rum?cm_dsp_id=45&external_user_id=CAESEPqBVBooT_v6Dtc6ZQpYHkA&google_cver=1&C=1
cache-control: no-cache
cf-ray: 833d22484e713576-WAW
alt-svc: h3=":443"; ma=86400
content-length: 0
expires: 0

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame A57C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXboGr6e9LJ9mATf4BcIcwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

43 B
772 B

58ms
58ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGPKT3_QBMAE&v=APEucNXI3pi1o39g3AM67SgHZPxTC1EA3koMe2nAE08ZSzC5RlAc1jkaugkGVh0iI7_nrDkdDLLupahOJpOreviKctpAAeqWA0B_AmEof9WNccyF7Gavff6535CyUD1kCLPrDgU5RujcX-MkNmUlorxCvl0yBbkAvKC_5IIJj2IjhPBjZKKYK8Q
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JxvUlXfT0fsQA8sk%2FZ1ikmf4RejTNkMLdHv6bKZJ%2B2jRPN71DSI7sW7bsTKyg0BIj7klkG9WWFM3FSqts%2F0l8%2BsiSy%2BHeB7fl7PuVUUF6amW03c3gjmCUMVx9xPyLlWDlNJALGjwM0tFxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 833d224b197c44f8-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame A57C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIMZ2cm0-5IFDg0xl949PPY&google_cver=1

43 B
840 B

120ms
119ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIMZ2cm0-5IFDg0xl949PPY&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGPKT3_QBMAE&v=APEucNXI3pi1o39g3AM67SgHZPxTC1EA3koMe2nAE08ZSzC5RlAc1jkaugkGVh0iI7_nrDkdDLLupahOJpOreviKctpAAeqWA0B_AmEof9WNccyF7Gavff6535CyUD1kCLPrDgU5RujcX-MkNmUlorxCvl0yBbkAvKC_5IIJj2IjhPBjZKKYK8Q

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
an-x-request-uuid: 7f19f703-7d71-47de-ac00-ef5797f2d05c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.24; 217.114.218.24; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIMZ2cm0-5IFDg0xl949PPY&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame A57C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

170 B
243 B

53ms
52ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
an-x-request-uuid: a8d8a515-56b7-48ab-99a6-368bda229bfd
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D
x-proxy-origin: 217.114.218.24; 217.114.218.24; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 152ms
83ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 150ms
82ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 151ms
82ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 151ms
82ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 153ms
85ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 152ms
84ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 152ms
84ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 151ms
84ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 150ms
84ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 149ms
83ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD8E 0
20 B 64ms
64ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=9145499253090&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD8E 0
20 B 64ms
63ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=9145499253090&version=m202309260101&ct=76&x=1&cor=270419256795489440

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame CD8E 109 KB
41 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4r5x4a0woKU7UXNrHYrqJmj1vrQVEXiChSfYTC5fN6ZZ9kCLoTkkDdkBWP5JbXxL-iEh5b3F3HxPGTK_AmmhGFioz9mpXCtry-8ZL9Gnvu5XcL74tdOd4WC6ebL4rnddScmk9c7zYcD-Dx_mja7RGDVmUqRwqpA_dKrjIjQ-kguI0Uzg&dbm_d=AKAmf-CNWFijNmxWYDKkL_dCIwnCNvttAAV_I0LxuNVjyDdS2kwTmaQYIQgoM_mVF8xNFOCQe0_DF_eptqwwMXN-cgTlioDlFe-NJ5UcNOSK6iKA6mrN3o_dCokikEISQt4bsLKSzhK9jzFi5D2zIDgnAUk33venupYjokoZYQJ_X1xj-1LnmGxfcdG6Sw87uYLrsviCwkpCdyWJtbD5-Tn0yC4oE922s_Rbu4C66vFQqDZ0IQi5mWUBGxNsfBtDdU36-RLMIw6Mdecad7L9zXcKy8RdLeOrOqf6XTxOFOIfTlrid2ROn-ddecVHHMcC38DsfRUP9Bj0PItdl3yvcergAfunkzxoxAJGCPzigjN6JnfN2HNs5L1jA8FIqZ18HNTjC7RJXXBZsKtstZu0nEF-ZWS2fKRYQOdhjgB0UvkKL6bF6Aeye6ur9QZNKrZZW1jrIFkG74BoQk48sqAIFhBsd0a2AvkXSoDu-juQj9m-t8lOsJE3yBJoEfQNHPxrvHkkLlIJDgmCT8rbkvkbzb2qPK9ctkyj0ucpLNeFKZrd3o1UAhEw-7UZFizH2fY81jrVaTHHrn_8WMOTzF2xJyFHxfJVbZ99UXi6Bep5ZhgdUuRMOx5keCVRiepIhB3rD9UHxrgEnclRpoFBevQf0mXMCQf85b4r-qHUNJwE0WJ7wuq9M8P-l6N-hV4Hzn1CfFm04w-fBGpgn9X4cwSJ7PlEfkxYwEHCL2ihrh1aVJ_JHdDk3u6BAGrkOz4ZRk8dbrpk4-9vYI7e0NCFn1beSPAffsHZ2KmF5oXtS_KVw4s_7OsCUD1FpEWbsRZWggWoqUhX2tpYdigf7eOgvTMS4Q6GBhCWnhLu_wUoOlZoe9FsW5KR82izsOiixDt8Na_yYPOtFzLczRxRH0UEXmCPzOlVzH-H-W6EnXb56nNXKnujVUtpH_tJQ6wuubuhXKKQkbTTatOUFZJO9wSna8ZibvL4LzwEqO4Vsv3u83PBtm6cTHWUD0GVPQ0U2M0YTHqZTcOmxwomaPBWvTW9N89rM4NPyS--XSn-rRqkNCEBZdgHuXUucbOTEaz6UZePMeilRkWtdqgXG1KOLbaD0jT4Spr8m85x4lDIgRSIUU3AwYnySvjp3Zjuo-PJHSjwdfH4oc6i_ACD2DG25b8Y-Kzn6W2twuuyStzXTVlSMDee_0_Apj-3AB9aWPGUetiv2LgSaS1iminI4ZMcaX_-Tbsf_gZ1Vep8pAGDmNtLbhyMh0hkHXMtPvqI9ECbSnlRDeBZ-0cy5S0xL9I06YrRnOK6bao45KXj3q6npzSOVv8Dm-5Ns7CflpRPzQPtapAmGleDm5tHp5g8EByzxvvRDSMHhi4mwfZXTsoxVrBrOnlLjTllbhn0q8CWfwWtn4w9t-9J6vEW1ZWyT7diibMA-8Ms9D-CT7VXdDtfAmdSor50Muvl_18dHCY16QhWsenEGk7A0FWBu7knQLl7vRlEF6ZEwr_K3F9J38RBuGgG7og7KuK4qhEUphFUs7qagPwptNqe32XCJWdN9rpntioPxo1ov-U-u8uuJTyqLIssRLECjS6hvmkQUNTTkmXiN96ozrpEt3hfabyb-3oDICQq7FiorGTyP5bzeSrA4RgTG2y4Dv4hwkJZmU-wBcIzIeAa4sUhNUFPJWmoPexIdD1gZnvwKA7Qq1MCjaMq2hcQrineaY4MuqjAubyACiq6d3KE-q65sYDydGprlCpmnkzFEmxBqDOaPtj5Nhzx2-lkbjiFVBwEnQ2GsvZdTmwsaz52MUIv3xMoKu797zYDumFj90xztYrKUK82e4VVPLCq06l9B8WUsBxZDl2MrH4h-Vwpypma61xhoMwf45JeILdiR6b_T8-8o8JofIro-MVVLFqV-eWMveg4RDMQmAmX-RhB16bHzwsDdKjzddSw0lH-LPe8a6B9C8cRIYhm843yz6TOXXdHU7xOoYopnXJm6jxeAoILI2WdJG-Duiyv-s0VPDuHhW7gz_owL_sNgKADUWo2w-CGsaHlZSdepQhIeiu86MtHZFnYFcPiBFLRXoBois5OsrHRgwHD7yqPnCq-vEpArrMcDaU6lpko-byelDf1gj8yITVE1ZrUa0kr0EWhgetAzioSh7rKx5aOpoyXoggx-FTxwJ4T3Y-mpg61mvQDmkzXVUTs5j4DcYEsjfcagyHxkIsLASsKVMCliKb5wVUVRMk0jHxoqSCb2VS0FphOKF5gUZwOqYo-1yhg5jR90xAgdxFJ-jBe0aQb2C7SsbUdV54rwM9gB0ov0sm9_KIyUKbRFBOtQoCz81AXk4p73tzIyv2bj7fu_SsApHG_9Ordroatnf9Z0hHseXw6rQ6FvMm7MWoXGB_PCd8RXvzLU-OGzrgYDw5vVKOjvJGeI4QVcLiVwRUVaA9VU7USGDJAKFWf3L0Cy3yPpYWH8W_fGnsjo3I5NfTlOvhvE3E-Js4N7-Zn6sHQMQmlGwU4iccBlmLnjpKDDrv4ULuNaZImTxzeoKvXHYLLsQGx82vbTCM54d8e3fkkoo3eOkhaAiW_dPprIUa4Yl0epWneF8zNtLWsvcWdOXKunooSe0yh2zWB8HYdBturk8lnp8seYCWSvbLU4fcUsnJJ_m8PJGKfhkgw7t3IkTumET06_uhQmlKsZkMbmLEL4KECnMqlKMMojFZsYjO5ZmiBGxyGsNu1YczF-AsL9jWAcFvIQmrM0G4PuRzTSkyfavHtOLH8ehMs5TxxluWQYk4Ie35t_SNANQBok6Rh5UVAGGkWfVrGm-jN8UVcZVLl0MIll7PPxCXONripwldbPKGK88NdiixIoKeQZBVybm1g3GfWkgErT85LqW7VdFV-a9sShroKHn7E7ncnHgz1iZTOCPcOMM82xu5Ejr7H38JdZeFsaYM4z7y9o0pr8HDBURZpdxaWvwG3xsgd1ORCsKjQs_iarzK54-aS8vXl3E4G8qslC7oTmoD4K-HMCH3bFoHfvoddmyxOkypAlAgsUgydnOCZTw1ZQAmAWJ3WV9vQlPYv6WB7xjtx8I_bt5SDzvwQEmgWXC1ZA9uKDe9nJ7mrEzY4zzb6WyelMynCdx5KtevZTXgDDC3GQizZXeJr1BrIpxmluWKMjAkaW4doNKjEejdcMzj2i3VCzLlAOqF4WN2Imr7MzAHgohhhzMlgMA8L1mlaWkRMxTySuM5ttnmEcdqYeQhzS472UsabS8K8TdtdvKMoaB33gaImRlaOWEO410H2jCMXjpMbVAghreVQB8HfHajrViyAmBz_ljBVwWrlzpM6kPVHCQLwaACavcreFaiZNqWGnRhhwhhYT6OQq14Ox8HNjTDh-2u9DhF7Lxw_FWdKZVyJHRtxtlgNXejSeyzAdia2qiJOV-Ql9wBrA16YTCATSLLXu2shUHr8OJTnqMIqjps-uC6qjZ_58hWGwJ53nStoSVRJz6ueOy-Q5pUOcbfvJ7eIwPiy0qIRUUEPoilCQ3DG4SrumqOf7n2tcGl_ffvFYM8iEQxLi-xMo07HVe_3FXq5Xueebv4blGwQSvJZ_9zKfIMZO_RnlPLvA9ASMC5bJh_kkNXXFHbD-WBRklcG5cS0AgD37VL3Mo-jzpXUBqyzbsUQ5H-Ax3JWpsCLXkdWPk2qw3kon1swQoWm&cid=CAQSTwDICaaNIlI-cOFkDgJDR4VhjlWkT-VTv9iu3auJXrOAwMJHxn8QIl9Ucduyz3mCnxpSmq469YCGV0gpbgUAB2fGPKwTfm90xTCEVCa16WEYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpainthy.com%2F&ds=l&xdt=1&iif=1&cor=270419256795489440&adk=2124396031&idt=99&cac=0&dtd=13

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6ff299b6fd35c723dcb6b8f6f3bc566e6a70daf285fc0b348db6d21d13903246

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42168
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 148ms
100ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 148ms
99ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 131ms
83ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:42 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 8B61 0
54 B 74ms
73ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq0seaki&chm=1&ctx=2&gqid=Geh2ZeLBHqWm9u8P14aRWA&qqid=CPCTvviZh4MDFafcOwId9-IABA&met.4=fb.my~lb.pj~ol.za~bdt.-mq~bpp.-98~idt.-3~dtd.-1~dt.-99&met.3=492.pd_1~492.pe~492.pe~492.pe~492.pe~492.pf~492.pf~492.pf~492.pf~492.pf~492.pf~492.pf~492.pf~113.12s_3~112.12q_5&met.1=1.lq0se9hs~6.0~7.0~8.0~9.0~10.0~12.2~13.me~14.n1~15.mh~16.yj~17.yj~18.yk~19.yk~20.yk~21.za~22.pe~23.pe&met.7=CAUQCBgBML0GOPYJaAJwpgZ4_fECgAHR7wKIAdzBD7ABAbgBAw~CBsQBxgBILQGKLQGMPoGOEU~CBwQChgBIL8GKL8GMIIHOENo7QZwgQd4xwiAAZsGiAGIDbABAbgBAw~CBsQChgBIL8GKL8GMP4GOD8~CAkQChgBIL8GKL8GMJgHOFlogwdwlQd4kkuAAeZIiAG1vAGwAQG4AQM~CBwQChgBIL8GKL8GMIEHOEJQwAZY7AZg0QZo7QZw_wZ4sUWAAYVDiAHwogGwAQG4AQM~CB4QChgBIL8GKL8GMJkHOFpogwdwmAd4gAyAAdQJiAGBFbABAbgBAw~CCoQChgBIL8GKL8GMM0HOI4BUMYGWPYGYNkGaPYGcKoHeOmCBIABvYAEiAHv3AywAQG4AQM~CBcQAhgBIIQHKIQHMNIHOE5ohQdwmwd43asJgAGxqQmIAbGpCbABAbgBAw~CBcQAhgBIIQHKIQHMMIHOD5ohwdwqAd4zcUDgAGhwwOIAaHDA7ABAbgBAw~CBcQAhgBIIQHKIQHMIcIOIIBaIcHcNoHeOm5C4ABvbcLiAG9twuwAQG4AQM~CBcQAhgBIIUHKIUHMIYIOIEBaIcHcNoHeOvDCoABv8EKiAG_wQqwAQG4AQM~CBcQAhgBIIUHKIUHMPYHOHFohwdw1Qd4yb8GgAGdvQaIAZ29BrABAbgBAw~CBcQAhgBIIUHKIUHMOwHOGdohwdw0gd4jqsEgAHiqASIAeKoBLABAbgBAw~CBcQAhgBIIUHKIUHMIsIOIYBaIcHcOEHePyhC4AB0J8LiAHQnwuwAQG4AQM~CBsQAhgBIIUHKIUHMO0HOGg~CBcQAhgBIIUHKIUHMPwHOHZohwdw5wd4-YsEgAHNiQSIAc2JBLABAbgBAw~CBcQAhgBIIYHKIYHMIwIOIcBaIcHcPAHeLifC4ABjJ0LiAGMnQuwAQG4AQM~CBcQAhgBIIYHKIYHMIYIOIEBaIcHcO0HeNW6CYABqbgJiAGpuAmwAQG4AQM~CBcQAhgBIIYHKIYHMPsHOHVohwdw8gd4qLMCgAH8sAKIAfywArABAbgBAw~CBcQAhgBIIYHKIYHMI0IOIcBaIcHcOEHeOGIDoABtYYOiAG1hg6wAQG4AQM~CCgQChgBIP4JKP4JMPAKOHJAhgpIhgpQhgpYxApgngpoxQpw2Ap4zsEBgAGivwGIAcWBBLABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:42 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523864/ Frame CD8E 255 KB
77 KB 406ms
46ms Script
application/javascript 52.51.176.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523864/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20492286635&bidurl=https://painthy.com/&ias_dealId=&xsId=ABAjH0hmZdbgBlL2_NQkVGDqOeAz&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0hmZdbgBlL2_NQkVGDqOeAz
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.176.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-176-114.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 440d1b119047b75a6843bc144b60cfb2dc2bf7fe3bf4c3d1aed8dc66950a939a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame CD8E 111 KB
39 KB 81ms
24ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50284
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Dec 2023 20:46:39 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/ Frame CD8E 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-B4r5x4a0woKU7UXNrHYrqJmj1vrQVEXiChSfYTC5fN6ZZ9kCLoTkkDdkBWP5JbXxL-iEh5b3F3HxPGTK_AmmhGFioz9mpXCtry-8ZL9Gnvu5XcL74tdOd4WC6ebL4rnddScmk9c7zYcD-Dx_mja7RGDVmUqRwqpA_dKrjIjQ-kguI0Uzg&dbm_d=AKAmf-CNWFijNmxWYDKkL_dCIwnCNvttAAV_I0LxuNVjyDdS2kwTmaQYIQgoM_mVF8xNFOCQe0_DF_eptqwwMXN-cgTlioDlFe-NJ5UcNOSK6iKA6mrN3o_dCokikEISQt4bsLKSzhK9jzFi5D2zIDgnAUk33venupYjokoZYQJ_X1xj-1LnmGxfcdG6Sw87uYLrsviCwkpCdyWJtbD5-Tn0yC4oE922s_Rbu4C66vFQqDZ0IQi5mWUBGxNsfBtDdU36-RLMIw6Mdecad7L9zXcKy8RdLeOrOqf6XTxOFOIfTlrid2ROn-ddecVHHMcC38DsfRUP9Bj0PItdl3yvcergAfunkzxoxAJGCPzigjN6JnfN2HNs5L1jA8FIqZ18HNTjC7RJXXBZsKtstZu0nEF-ZWS2fKRYQOdhjgB0UvkKL6bF6Aeye6ur9QZNKrZZW1jrIFkG74BoQk48sqAIFhBsd0a2AvkXSoDu-juQj9m-t8lOsJE3yBJoEfQNHPxrvHkkLlIJDgmCT8rbkvkbzb2qPK9ctkyj0ucpLNeFKZrd3o1UAhEw-7UZFizH2fY81jrVaTHHrn_8WMOTzF2xJyFHxfJVbZ99UXi6Bep5ZhgdUuRMOx5keCVRiepIhB3rD9UHxrgEnclRpoFBevQf0mXMCQf85b4r-qHUNJwE0WJ7wuq9M8P-l6N-hV4Hzn1CfFm04w-fBGpgn9X4cwSJ7PlEfkxYwEHCL2ihrh1aVJ_JHdDk3u6BAGrkOz4ZRk8dbrpk4-9vYI7e0NCFn1beSPAffsHZ2KmF5oXtS_KVw4s_7OsCUD1FpEWbsRZWggWoqUhX2tpYdigf7eOgvTMS4Q6GBhCWnhLu_wUoOlZoe9FsW5KR82izsOiixDt8Na_yYPOtFzLczRxRH0UEXmCPzOlVzH-H-W6EnXb56nNXKnujVUtpH_tJQ6wuubuhXKKQkbTTatOUFZJO9wSna8ZibvL4LzwEqO4Vsv3u83PBtm6cTHWUD0GVPQ0U2M0YTHqZTcOmxwomaPBWvTW9N89rM4NPyS--XSn-rRqkNCEBZdgHuXUucbOTEaz6UZePMeilRkWtdqgXG1KOLbaD0jT4Spr8m85x4lDIgRSIUU3AwYnySvjp3Zjuo-PJHSjwdfH4oc6i_ACD2DG25b8Y-Kzn6W2twuuyStzXTVlSMDee_0_Apj-3AB9aWPGUetiv2LgSaS1iminI4ZMcaX_-Tbsf_gZ1Vep8pAGDmNtLbhyMh0hkHXMtPvqI9ECbSnlRDeBZ-0cy5S0xL9I06YrRnOK6bao45KXj3q6npzSOVv8Dm-5Ns7CflpRPzQPtapAmGleDm5tHp5g8EByzxvvRDSMHhi4mwfZXTsoxVrBrOnlLjTllbhn0q8CWfwWtn4w9t-9J6vEW1ZWyT7diibMA-8Ms9D-CT7VXdDtfAmdSor50Muvl_18dHCY16QhWsenEGk7A0FWBu7knQLl7vRlEF6ZEwr_K3F9J38RBuGgG7og7KuK4qhEUphFUs7qagPwptNqe32XCJWdN9rpntioPxo1ov-U-u8uuJTyqLIssRLECjS6hvmkQUNTTkmXiN96ozrpEt3hfabyb-3oDICQq7FiorGTyP5bzeSrA4RgTG2y4Dv4hwkJZmU-wBcIzIeAa4sUhNUFPJWmoPexIdD1gZnvwKA7Qq1MCjaMq2hcQrineaY4MuqjAubyACiq6d3KE-q65sYDydGprlCpmnkzFEmxBqDOaPtj5Nhzx2-lkbjiFVBwEnQ2GsvZdTmwsaz52MUIv3xMoKu797zYDumFj90xztYrKUK82e4VVPLCq06l9B8WUsBxZDl2MrH4h-Vwpypma61xhoMwf45JeILdiR6b_T8-8o8JofIro-MVVLFqV-eWMveg4RDMQmAmX-RhB16bHzwsDdKjzddSw0lH-LPe8a6B9C8cRIYhm843yz6TOXXdHU7xOoYopnXJm6jxeAoILI2WdJG-Duiyv-s0VPDuHhW7gz_owL_sNgKADUWo2w-CGsaHlZSdepQhIeiu86MtHZFnYFcPiBFLRXoBois5OsrHRgwHD7yqPnCq-vEpArrMcDaU6lpko-byelDf1gj8yITVE1ZrUa0kr0EWhgetAzioSh7rKx5aOpoyXoggx-FTxwJ4T3Y-mpg61mvQDmkzXVUTs5j4DcYEsjfcagyHxkIsLASsKVMCliKb5wVUVRMk0jHxoqSCb2VS0FphOKF5gUZwOqYo-1yhg5jR90xAgdxFJ-jBe0aQb2C7SsbUdV54rwM9gB0ov0sm9_KIyUKbRFBOtQoCz81AXk4p73tzIyv2bj7fu_SsApHG_9Ordroatnf9Z0hHseXw6rQ6FvMm7MWoXGB_PCd8RXvzLU-OGzrgYDw5vVKOjvJGeI4QVcLiVwRUVaA9VU7USGDJAKFWf3L0Cy3yPpYWH8W_fGnsjo3I5NfTlOvhvE3E-Js4N7-Zn6sHQMQmlGwU4iccBlmLnjpKDDrv4ULuNaZImTxzeoKvXHYLLsQGx82vbTCM54d8e3fkkoo3eOkhaAiW_dPprIUa4Yl0epWneF8zNtLWsvcWdOXKunooSe0yh2zWB8HYdBturk8lnp8seYCWSvbLU4fcUsnJJ_m8PJGKfhkgw7t3IkTumET06_uhQmlKsZkMbmLEL4KECnMqlKMMojFZsYjO5ZmiBGxyGsNu1YczF-AsL9jWAcFvIQmrM0G4PuRzTSkyfavHtOLH8ehMs5TxxluWQYk4Ie35t_SNANQBok6Rh5UVAGGkWfVrGm-jN8UVcZVLl0MIll7PPxCXONripwldbPKGK88NdiixIoKeQZBVybm1g3GfWkgErT85LqW7VdFV-a9sShroKHn7E7ncnHgz1iZTOCPcOMM82xu5Ejr7H38JdZeFsaYM4z7y9o0pr8HDBURZpdxaWvwG3xsgd1ORCsKjQs_iarzK54-aS8vXl3E4G8qslC7oTmoD4K-HMCH3bFoHfvoddmyxOkypAlAgsUgydnOCZTw1ZQAmAWJ3WV9vQlPYv6WB7xjtx8I_bt5SDzvwQEmgWXC1ZA9uKDe9nJ7mrEzY4zzb6WyelMynCdx5KtevZTXgDDC3GQizZXeJr1BrIpxmluWKMjAkaW4doNKjEejdcMzj2i3VCzLlAOqF4WN2Imr7MzAHgohhhzMlgMA8L1mlaWkRMxTySuM5ttnmEcdqYeQhzS472UsabS8K8TdtdvKMoaB33gaImRlaOWEO410H2jCMXjpMbVAghreVQB8HfHajrViyAmBz_ljBVwWrlzpM6kPVHCQLwaACavcreFaiZNqWGnRhhwhhYT6OQq14Ox8HNjTDh-2u9DhF7Lxw_FWdKZVyJHRtxtlgNXejSeyzAdia2qiJOV-Ql9wBrA16YTCATSLLXu2shUHr8OJTnqMIqjps-uC6qjZ_58hWGwJ53nStoSVRJz6ueOy-Q5pUOcbfvJ7eIwPiy0qIRUUEPoilCQ3DG4SrumqOf7n2tcGl_ffvFYM8iEQxLi-xMo07HVe_3FXq5Xueebv4blGwQSvJZ_9zKfIMZO_RnlPLvA9ASMC5bJh_kkNXXFHbD-WBRklcG5cS0AgD37VL3Mo-jzpXUBqyzbsUQ5H-Ax3JWpsCLXkdWPk2qw3kon1swQoWm&cid=CAQSTwDICaaNIlI-cOFkDgJDR4VhjlWkT-VTv9iu3auJXrOAwMJHxn8QIl9Ucduyz3mCnxpSmq469YCGV0gpbgUAB2fGPKwTfm90xTCEVCa16WEYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpainthy.com%2F&ds=l&xdt=1&iif=1&cor=270419256795489440&adk=2124396031&idt=99&cac=0&dtd=13

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:42:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50539
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 20:42:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame CD8E 31 KB
12 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 11:19:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84324
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 11:19:18 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame CD8E 41 KB
14 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 01:45:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 205129
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 Dec 2024 01:45:53 GMT

GET
DATA 200
OK truncated
/ Frame CD8E 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 82bcd08aa95b042e8fe0df860338532ba8e0200797dfddabbf44c4a754f032e1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 69ms
69ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=2~lq0seaev&c=2462913498881428&e=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C31061691%2C31061693&ctx=1&met.6=6.1_Cg0YshUgQyoGCAYSAhAB
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/rum_fy2021.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame B793 38 KB
13 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 179580
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Dec 2023 08:51:43 GMT
expires: Sun, 08 Dec 2024 08:51:43 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/12786977581332354964/ Frame 85A4 6 KB
2 KB 83ms
19ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

36d2279d6bdfd42765a2b279a36a44b84a1d2d849d0872004fe8c6e3fee1b774

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 392
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1918
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:38:11 GMT
expires: Tue, 10 Dec 2024 10:38:11 GMT
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CD8E 0
0 351ms
83ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYG6FTl7UI6utWwg6ANIBgZkdj2IWzV5w0IqW_cmMuyO5MwO3YBZiQn_YYfmfxPyBN9SIdx09e632C_1XyV230Nq3G6wC3ykekbQin3XnNmTzm00jvUI4IbH5pi3g4l08QSOj7Iw87nkmmOH8Qo4gpIm1vkMfIq_Y-Hvb9vnbbkzdkCJVxW4nZsFfKmfXrGIzEKx4CtMp3wNtUTeQTL2tSlTtoCJYssTWZOjtHKPE0T2lPQR2CDKg_2F7A5mbGZ3JsR5P0DKCYvdGOkCIyMm_9DiOQa1b8W4eybARtBE-yIv4Famgxkhy09cVcd0NyOXOZopuEUuCoWOvTYltKU5FQQjiyywfpnfcOkysIG9lDIoojYoqPD0nsLGjJMzo8ycP6DRAc_2lb1e_iSTnxWZxONJMofwM9Y-TAdv_WIHkp-OdPpeNrDIwKZLHyw6ykkXDCOAwQ316rSOXsRgw1DwdF_I_tyZ7bDXLXWSQA2CMQ9bbL5jk2F1Ive4XQS9EqDlM8jE7qjrh74ycPafgcQi7lcroleyEDGWyaAvAbhvOWuFvK8Cn9L4--Jnn9aZ8w5hij-cmzbjcy_1-krTdvpUl5Gi26Dbb4EacsaeygM0oJTPUXRUvOtF3NgH5wh1b3e49nAMlWleZ9HQJPvm-NoIDIm0Tz_RZxA6V-r9-DMBCV9edkj2ou8ymoWPQUJVjjhcjIEseaDXmMf5_wAJ14ibGN52JK0xWv5NM-DthVIDK-ebqPYgv4MqFGPsuo2ME6hjI1krjVbOPAbgKZVoTBtYwOrFghdXmUphZEQxjXx7-Niom9mmg_hl4ITX4pz46ZKA5HRbz3YpXtMSDPDDKxGwzuvGzdM-oEASY0q5ZNYyfBWBdAqqnyufH69ZjkTHchVJju09WWMKaF9x52Vk7NJLHsNcvlZ-jef9Kf9f3Z-jq0-1QkbWAWuc4oBttvBcOsiO29V8r1ynI4LOsUk_QC3-1IuD_XMOJXrSyKkdT9b-OfdLMJKBw72edtu6GikL5oOp3A-PAx2Z8kS_PKQloMiuSgPQV09ABzvrNNEPrsP9Zcaiagxvzs-x3rwX9r8vV4NooegN7dcBCRTkWf35YlN6ZV9Ckv5MVxTOpsQHVC_BjVjNQTkQCuiKMDPS7pUFVr-a6XzG0Y2Qv-9IVxJDr1Ergjs0D8lUl_xJVzt8_BMTapDONXC5rlBQVK6tN1n6YJVO9zzrNtW07qKjmBM9uH0aBpyjqtzSpLu0i7FAiXTzXUW8IXv5YBpk59EfCwM6jLc83uRB45om9n2VGxIkhRZ20nst8YaDcyPoQq3v6MhuSk0KBpV5BHDQ&sai=AMfl-YTvEMu1OGpse9c0hE4jKoGUCvH0zUe_6lKpt3ZcADCuk6Fk5mBUFlZ-NvuAiTTeEpovtR69benVBR_q3BCsxYoRhm8OxG3MmrnOdDvRK5sP8wVqR6PdgYYRhuykwxKhttCnwX34WLKCEWHEwLUnmiVid2dSnDO-yTmFvFKpRA29VExy3yYar-7QnRNuskGXIQqlE3bLeZUh4V_Qfj3HCoQPnOvZXR_vtuXIPKYrmPeOoSpxC8mceh2YwWo2taqhD7whEfyJVTk_TxSDDq5Omeng4kAWpjHY59gJDfnMMw&sig=Cg0ArKJSzLc9TAhIoQn7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=116&cbvp=1&cstd=113&cisv=r20231206.64013&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame B793 39 KB
15 KB 172ms
171ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:00:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56632
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 09 Dec 2024 19:00:51 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/12786977581332354964/css/ Frame 85A4 6 KB
2 KB 23ms
22ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

507a74eb21e9a16396d226f31f5e25345a8208db821d9fc5798284c38bec5e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 16:40:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 237830
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2009
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 16:40:53 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 85A4 70 KB
25 KB 81ms
30ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2711398
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MSGbxE%2BTJlJXYvmUSk0SAt0lbD1%2B4XbNOcYqV4YsuCx%2FEfGZFTRslOf5G16c29UVeVTKsBaj4WZyQTLXdl9OYt2uC1X1JQ7Iq68TMVEylkrWwlO1WY2rSWSXeDg3ncFAffNcGaXidbdLsd88kXuhclQ0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 833d2249fad63673-FRA
expires: Sat, 30 Nov 2024 10:44:43 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 85A4 7 KB
4 KB 78ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2517198
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7AvnuHL%2BRGgQgCm7fKvNZ9wgOFQftgpKOGHEfaZ1TmTac%2FKX%2BTsYA6cz5U%2B9iEOrkmGgVs9C%2FmImYlrZ0REETMSc%2FlzzzBx9ulBi9xzuR4SM2HDssagkt%2BVl%2BjjDnnub1RS06hs%2BTwxVZ1J3H5ruenhw"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 833d2249fad43673-FRA
expires: Sat, 30 Nov 2024 10:44:43 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 2 KB
1 KB 22ms
22ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 23:46:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 212283
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 23:46:40 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 2 KB
800 B 23ms
23ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:44:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39606
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:44:37 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 9 KB
3 KB 23ms
22ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bb76b6ed760de97f8a40e71c79ce9704e965bb287761bd81fb2fb021b8609c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:47:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39432
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2891
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:47:31 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 26 KB
26 KB 22ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8bb76af1be9c401ef3da16e31401b74f7cb0627154925d8c9fa308fba2e1413c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 01:54:45 GMT
x-content-type-options: nosniff
age: 204598
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26291
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 01:54:45 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 25 KB
25 KB 19ms
18ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372360f6d3fa2133dfbf08ba93b3b55985785cb74106d75839618b7d273dd3c6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:48:13 GMT
x-content-type-options: nosniff
age: 39390
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25258
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:48:13 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 20 KB
20 KB 23ms
22ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca4c3ad9639830e6f8f8e29775549fc24fcab33b4eeec7ae77da27c5c9e6bc80

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 05:10:17 GMT
x-content-type-options: nosniff
age: 192866
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20858
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 05:10:17 GMT

GET
H3 200 gradient.png
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 4 KB
4 KB 20ms
19ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/gradient.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b67702d4e78a4b6d5981a50298b0989dea48fc7d95b5e593dfafbe96cdbb309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:48:46 GMT
x-content-type-options: nosniff
age: 39357
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4218
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:48:46 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 32 KB
32 KB 28ms
27ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

19dc5f765d51f715497f0eadd0dede8eaa5ee17447a22db60538f60ca7c0a01d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 06:27:41 GMT
x-content-type-options: nosniff
age: 188222
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32615
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 06:27:41 GMT

GET
H3 200 overlay.png
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 14 KB
14 KB 21ms
20ms Image
image/png 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/overlay.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a72990ce8413aceedbfbf2f1d7ca2231c726b29a4ab1ddbca32b45ad685b4e26

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:49:34 GMT
x-content-type-options: nosniff
age: 39309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14477
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:49:34 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 192 B
190 B 27ms
26ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 04:49:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 194126
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 04:49:17 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/12786977581332354964/script/ Frame 85A4 4 KB
1011 B 21ms
21ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a55f386367cbcc30390435806075251b8ef4afb086409bc8e301558223398245

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 08:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 524710
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 982
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 08:59:33 GMT

GET
H3 200 dysonfutura-book.woff
s0.2mdn.net/sadbundle/12786977581332354964/assets/ Frame 85A4 8 KB
8 KB 19ms
19ms Font
font/woff 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/12786977581332354964/assets/dysonfutura-book.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/12786977581332354964/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/12786977581332354964/css/style.css
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:44:37 GMT
x-content-type-options: nosniff
age: 39606
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7928
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:11 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:44:37 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CD8E 0
0 102ms
58ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstYG6FTl7UI6utWwg6ANIBgZkdj2IWzV5w0IqW_cmMuyO5MwO3YBZiQn_YYfmfxPyBN9SIdx09e632C_1XyV230Nq3G6wC3ykekbQin3XnNmTzm00jvUI4IbH5pi3g4l08QSOj7Iw87nkmmOH8Qo4gpIm1vkMfIq_Y-Hvb9vnbbkzdkCJVxW4nZsFfKmfXrGIzEKx4CtMp3wNtUTeQTL2tSlTtoCJYssTWZOjtHKPE0T2lPQR2CDKg_2F7A5mbGZ3JsR5P0DKCYvdGOkCIyMm_9DiOQa1b8W4eybARtBE-yIv4Famgxkhy09cVcd0NyOXOZopuEUuCoWOvTYltKU5FQQjiyywfpnfcOkysIG9lDIoojYoqPD0nsLGjJMzo8ycP6DRAc_2lb1e_iSTnxWZxONJMofwM9Y-TAdv_WIHkp-OdPpeNrDIwKZLHyw6ykkXDCOAwQ316rSOXsRgw1DwdF_I_tyZ7bDXLXWSQA2CMQ9bbL5jk2F1Ive4XQS9EqDlM8jE7qjrh74ycPafgcQi7lcroleyEDGWyaAvAbhvOWuFvK8Cn9L4--Jnn9aZ8w5hij-cmzbjcy_1-krTdvpUl5Gi26Dbb4EacsaeygM0oJTPUXRUvOtF3NgH5wh1b3e49nAMlWleZ9HQJPvm-NoIDIm0Tz_RZxA6V-r9-DMBCV9edkj2ou8ymoWPQUJVjjhcjIEseaDXmMf5_wAJ14ibGN52JK0xWv5NM-DthVIDK-ebqPYgv4MqFGPsuo2ME6hjI1krjVbOPAbgKZVoTBtYwOrFghdXmUphZEQxjXx7-Niom9mmg_hl4ITX4pz46ZKA5HRbz3YpXtMSDPDDKxGwzuvGzdM-oEASY0q5ZNYyfBWBdAqqnyufH69ZjkTHchVJju09WWMKaF9x52Vk7NJLHsNcvlZ-jef9Kf9f3Z-jq0-1QkbWAWuc4oBttvBcOsiO29V8r1ynI4LOsUk_QC3-1IuD_XMOJXrSyKkdT9b-OfdLMJKBw72edtu6GikL5oOp3A-PAx2Z8kS_PKQloMiuSgPQV09ABzvrNNEPrsP9Zcaiagxvzs-x3rwX9r8vV4NooegN7dcBCRTkWf35YlN6ZV9Ckv5MVxTOpsQHVC_BjVjNQTkQCuiKMDPS7pUFVr-a6XzG0Y2Qv-9IVxJDr1Ergjs0D8lUl_xJVzt8_BMTapDONXC5rlBQVK6tN1n6YJVO9zzrNtW07qKjmBM9uH0aBpyjqtzSpLu0i7FAiXTzXUW8IXv5YBpk59EfCwM6jLc83uRB45om9n2VGxIkhRZ20nst8YaDcyPoQq3v6MhuSk0KBpV5BHDQ&sai=AMfl-YTvEMu1OGpse9c0hE4jKoGUCvH0zUe_6lKpt3ZcADCuk6Fk5mBUFlZ-NvuAiTTeEpovtR69benVBR_q3BCsxYoRhm8OxG3MmrnOdDvRK5sP8wVqR6PdgYYRhuykwxKhttCnwX34WLKCEWHEwLUnmiVid2dSnDO-yTmFvFKpRA29VExy3yYar-7QnRNuskGXIQqlE3bLeZUh4V_Qfj3HCoQPnOvZXR_vtuXIPKYrmPeOoSpxC8mceh2YwWo2taqhD7whEfyJVTk_TxSDDq5Omeng4kAWpjHY59gJDfnMMw&sig=Cg0ArKJSzLc9TAhIoQn7EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=340&vt=11&dtpt=224&dett=3&cstd=113&cisv=r20231206.64013&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B793 0
20 B 56ms
56ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BxhyQGuh2ZamANZyTjuwPpIaX-AIAAAAAOAHgBAI&bg=!v7ylvPPNAAY3kmNgF5I7ADQBe5WfOGeydhLNBUaEF4lIxKhmd6-IDS5X26yRkfR6fM7zqFiCr8MvzB6DAJOBzPGgUCzhAgAAAFFSAAAAAmgBB5kDLYBkJbOgI3kUI49lvj6agS3H-sFJasNDsWbc_6-9bFiz5ZG0Kc2978yG1FRod4ISvoRVzjy8suOcVMqsZ-OJppSV_JFIzGj4XPms3a_toKiHv_i8ZjQ0Nni3nyyJKEi-yCDAvo7gPqkmscN4QiY6I9BScK8-MAp313-1SSUfEr-jmTVry-nCyTaIkQWfPvJzlFr7ZitnCz6gZHKexYrG7sSozgRCrtWWFZDTBeS67BG6cUcdF2m8LIY_y-MRfyXHNb5bS2X6g3caXil00_BvSMw1nutACC5xuUG5nXPf7EWaUW6l8bfGRj8AYrNNWaCQF2m-9oComA1FokvnJSL97XjNiCuvymWaLFPT6X-I9Yupg-ykwJQSkFC1rZO2p78Jl5GMB7eoS1RXY8Y5S3vcgpbRCnUkXByLNlafagfnxRoc3jAoxkauYUvPh7781ytxB5ivtrD6TpCsw46hPZLMOl5bFTyd0STUFchmYIfYZ9Qu5mLqwZ_Vmmc04b3nMdEfGElJlsDksJMxw5DTsTSkQ39YdTp_9YGt5qjrnTS1otR-3Wb3lLMrHWmfJ1rc8-_7_kp-AdWncPs7LQHqPEci11ux6lCqmwCCwt-20GaLHXwKFBPtOdfKFIpe66Egy1Ktwn_i5Lxhm9mwajC1oNSi5l4DFHQwuN41xVeC_TP1_-Ngza52yNzeFlyoYO0H82M_b2PIkKGY2pCngduitq32FSIajnhFAD9y53dwJCVXGQrAMVq16u3h2IStIvB8-8VeBO3kLRfzIH2x47m_Iq-yIQHX_QJkxmLTFsRn1e3n8UvtRM7QaD-1Jnv6lTvloJ4q3BsBFGwQX1vCTD0gp7F0BYRV5wdo6lobj1noV9aQKsow6kjBY6N8E7r1pNTB9E94RRw9e4m6xM4ulal122mffUgAtlQ1Cxjo-DCV324CKLiCRdQeS2a-wGW7DpXfYdZ90KFt2hyL8vZslxcA-wTCQ7wSiEY9QYPjKVpKeVLZgRW3Vs79f7u5dvrzhDnQDEq-l2aRSm26K_BydxKNkxmeiFmX2pmeaGIWChhbkPEIj5HF6YoJhqH2q6QadQmd4A

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame CD8E
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523864/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20492286635&bidurl=https://painthy.com/&ias...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

74ms
40ms

Script
application/javascript

2600:9000:223f:a400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Protocol: H2
Server: 2600:9000:223f:a400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: ce47Uk_40n7.EHf_5AWPfR6VoMlkrWoX
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 316734
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:47 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: DjkYvzsClt63qDS4rVB0Hw6a2Sg69ajBWv0c5m2-GZvYLP9hplCr3g==

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: nginx
x-server-name: app11.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 65CC 91 KB
23 KB 123ms
37ms Script
application/javascript 2600:9000:223f:a400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:a400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7036533
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: zXMz50QuJJNYH726DkoExPWydbeTNrdXUjlUT0Db20G6zzAAm8gLBA==

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CD8E 43 B
215 B 381ms
111ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7b142224-dd4e-d0c1-69f9-61c68dbfb19d&tv=%7Bc:wuidKD,pingTime:-3,time:42,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:43,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B36~0%5D,as:%5B36~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAcR+11%7C12%7C131*.1627455-73523864%7C1311%7C1312%7C1313%7C14,idMap:131*,rmeas:1,rend:0,renddet:na,siq:18%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CD8E 43 B
215 B 379ms
111ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7b142224-dd4e-d0c1-69f9-61c68dbfb19d&tv=%7Bc:wuidKF,pingTime:-6,time:44,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:44,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B37~0%5D,as:%5B37~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAcR+11%7C12%7C131*.1627455-73523864%7C1311%7C1312%7C1313%7C14,idMap:131*,rmeas:1,rend:0,renddet:na,siq:18%7D&tpiLookup=ao:painthy.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CD8E 43 B
216 B 374ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7b142224-dd4e-d0c1-69f9-61c68dbfb19d&tv=%7Bc:wuidKK,pingTime:-2,time:49,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:709,beZ:710,mfA:712,cmA:713,inA:713,inZ:717,prA:717,prZ:721,si:726,poA:727,poZ:746,cmZ:746,mfZ:746,loA:752,loZ:754,ltA:757,ltZ:757%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:300.250,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:300,h:250,t:17%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:49,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:16,wc:0.0.1600.1200,ac:NaN.NaN.300.250,am:sp,cc:0.0.300.250,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B42~0%5D,as:%5B42~300.250%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAcR+11%7C12%7C131*.1627455-73523864%7C1311%7C1312%7C1313%7C14,idMap:131*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,siq:18,sinceFw:30,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&h=250&slotname=6557565023&adk=1903834021&adf=658209549&pi=t.ma~as.6557565023&w=325&fwrn=4&fwrnh=100&lmt=1702291481&rafmt=1&format=325x250&url=https%3A%2F%2Fpainthy.com%2F&ea=0&fwr=0&fwrattr=true&rpe=1&resp_fmts=3&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481153&bpp=1&bdt=482&idt=326&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=5815262515655&rume=1&frm=20&pv=1&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1045&ady=110&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=2&uci=a!2&fsb=1&dtd=330
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: nginx
x-server-name: dt08.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame CD8E 0
63 B 56ms
55ms Ping
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstguDiMDx7mAlUgojD5Va-BwwT5a5P4N4ehuI2Kmf9mSpd2OafaQKde0bvbq7vg-jlDXXVMYg5sd6nmCMZnYxR6e-lAmrgW2JuOaiSE6q-coN4em-is1vJj2ByBN4ME0x0Hhn3qNJ9RwkqN6sruLE_amWEweq1p6khn&sai=AMfl-YQmLF52n1jJoBmnieiLxb7UP4b7prtifJKuB37krEHOi64Yx-3Gcp9YodjPONEqshvBmvJjt_sOxI47F2y16jf-k7Bdc0VR4Av59NcKfMUjavxgQk6Nz9-y71SKZ-k&sig=Cg0ArKJSzNQZJR7KTSP8EAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 58ms
57ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstz5VYS00U2qTWqPdhH0Eeb6-kfB3x4m-ISdm58MAmUQPn95LEvA5kL48o4a-sR1Li34lDH8P0TaohA_4WJDYCKQh_dIS6aNaZRvfbkjl9K8F-Sbdb0zUxUz1Dzl4dKRZBDYOlD6NgL9vxG&sai=AMfl-YQYn4d4FPoDGkoDn3eX3sQc5tYITZqlLESAYsw8yXjVorpAQRIOhNSd0kWXQIqz0bBAwnJ-Hfmclf0jmuWPz8gi4Jrixe5IzgwosRinV730JoTBdFJsDR8J4KRc4U99XYZP3Mg2j1PanClPu8tSNPb7rXO5Cz2i_6S8&sig=Cg0ArKJSzNAC2qAxLJjJEAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1000&p=529,0,606.296875,325&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1256&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
174 B 56ms
56ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvLWflTsMhCU1bz5ZPT3X6CAGvWBVtv5EROWfdx6qdgI-y0qYH5NkrCWe9J-5mESPQwB93x9uT4OlbBMyzx8i89B02CIIwyUrYqj5hZY4LSpH3XKpuPNgtvYMivQjng4SBMg3HusuAgGf3AFUWiSi7w5O6-isoBhQmZqnL7a9M&sai=AMfl-YQ6Fd8nZAoW67Qo1eQ9i0h3UkhwX5FjYqVNsUoiTWoHJx1grRvQmO_3VTtYGZF51f2-NyPc66RtZWv9WM7Lc1841lAvG4DUR1VE7yEhUvEonlX2X_wwi2rHVkuuP1cPVqzUSty_JWUOAhv3WJ9g9h-KsgBlt0usFyx2&sig=Cg0ArKJSzNZ8hmXd2PBEEAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1002&p=102,0,179.296875,325&mtos=1002,1002,1002,1002,1002&tos=1002,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1248&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 58ms
58ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvfgyqX7j-h1IPlpxIxy6DUdz9B7yFpotpzPlvNRhAtQjn9R58wKfQrMTiSvX_Uf7zwq3_mLj7fAbbYmFI4_9S6wv9f05wxHhNitNswSFwGpRNuyfQGbDJlpFIKQTrIKYDRc8CBmSGvt1YM&sai=AMfl-YQbgFDg3bDq0QgLAvafUKojjEmcgzcQhzGdxlUMd94GLCRzvX1trCbGZ1_5rKs2BEiddsNcri4TuBWzB1tm39Zk3NHreOiQIufFVhKzqrAxYMo7UOXxaIWjOhpI4QlTIH7o2egFMP5jpPS_Cyuq3O3c3U1CWtpDM7Tn&sig=Cg0ArKJSzIPogSjGtOQ4EAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1004&p=17,0,94.296875,325&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1244&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 56ms
56ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsti-ZRya_BprPWFynodrJtUcPPrINdLwoBuNS-j18Etxlq7p_ZMLW876oqnVuFjnnvslEP9LYUT0AJ6ARG-iLKY0KhAJGhqy0wjsGnPiMn3Yk-lbXlOfNollqPiEeLj7RPtzJ1q7f7wm37_&sai=AMfl-YReot5PfWq3FPass5tw7dOpztQdwKq5vJrr3kwSERZDqJYDI-bCpurkMdUS1wdud9GliZOG7tO2a4rzCRmzjs5IdkeCcsWzuvSHN1kxTtR_dXem4uEsqH0sOJTbs5CsZHqBnVYubp2yXjAEDnqb4-hVdCJvdz7ogxYX&sig=Cg0ArKJSzMC2h2FAt2FPEAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1005&p=699,0,776.296875,325&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1259&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 56ms
56ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssu1wWZnlSIkeKmLxDrDYoPZsCCGpeTJigEt2HTwk3ek3sJrDdlbfMcVyJwKEu5Bt852EWdb9ioiAwhFngCGCiVr9jplvoPH_iAaq2GQbh67QynLMBTqCIIujUen0bSRyjQmWTlkI_gaGUS&sai=AMfl-YT0E39eUJGdp4bs6IXmEOSHYPDpPjYPaZrefbyfVU0RW8QYgw3dd9awm57LSevWpLeuLV8-xELirYEc7j1CBp-X8VB2HnIbt2aSS7IEGsJUct2V52gL6hTbChk-ri-XBq87WFI1xIdTuUXJnmfKz4moNExXOppoQPtP&sig=Cg0ArKJSzCR3JA0YPtQREAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1005&p=273,0,350.296875,325&mtos=1005,1005,1005,1005,1005&tos=1005,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1251&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 56ms
55ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstGctV3LPYi51xCUcWLqi3lIq8RCF7H_ohi8ZfLFMvAPviVq95Xu4zPFbDC4UVMn6Lb7tu1xHImtrrDc96BshvATH2gzEmNn2MtuE7YMkXUtDQBDHzbHjvBcVIKTzg8Z8QjWu0jyneq12Fw&sai=AMfl-YRNOsDn9ioVf3b-nUeTNFpri6Ah8XgQRziEODif33PgCI0evpHmclKZDiIGCHIyRt1iJAE5YZ-kOZZo9mHz1C1OkH-cgHyomJJeuP8T_RhX3jW8AZI4rdWuz0gg96Iduz8ojHlG-SSaWxVQdobBLss1F1IAj6V9_EQG&sig=Cg0ArKJSzKB2Eu1WmkMJEAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1006&p=443,0,520.296875,325&mtos=1006,1006,1006,1006,1006&tos=1006,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1254&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstp6cwqVGxFODjJ_AdPDQSrB8DeSJIqwWt0tZl51837lWfVZWW3lIjS5WvVJjCSmLnj65wV3g_TrLc4tiIZw1DJNp_qWZ3vHBNEdnQKZPM-etva-pyRC32XnzkRdXB8A7DxABGXLEabcqJ6&sai=AMfl-YSk05IxUV2bMHqixrctA37hOR59f1t4Rq_285uuz8MQSsQ_QAln0k9aBvbL1SbhQhVNsMQJzcU1OcM6B5xgtZ4uL4S05Ri4PYetF9PeJ9_rVW6gHNgRfbM4yW_e_N2Iqzsq0e5BHQxaFubjLz02ghZdsVkdQVXvp344&sig=Cg0ArKJSzJ-vDvcHVstVEAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1007&p=614,0,691.296875,325&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1257&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssMk4vkjkVEj7YQljYIN1a6KD9yjadSUEdZTjtPwfqSIBs5bteBGXX4ojdbzUtu-qAV_Hx_xgFcuCAgJ0T1LEHluOHuaNSoDfFRzJJyzU1MlpdlAY72W4KPXlqUMVvJfYQK2C0gnIqa-avOIqn41fMrPpMoA2fBMWHEDAHYwZs&sai=AMfl-YTSk6_rBDmJoeBWhwxm0iPQZkAtTVPHoIwA-wOit04jJX0rcOuqqdl-tcEXGQ6d4wCyz50baPmE5SgLI3ky7FGSMJJxG1DtLZZSiLE96_4_NhrAZ08iBWgSme_nVd14Nt6aE86dzUHtvKMKAIFmAqhLEXtDkx8nLnWF&sig=Cg0ArKJSzIgFAeR7M7T6EAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1008&p=188,0,265.296875,325&mtos=1008,1008,1008,1008,1008&tos=1008,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1250&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 8B61 42 B
108 B 55ms
55ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssDqVfUKVzMOUAYIyWARNODEeTJlAuUqkZxrpG8le1_X1uiKMmfnAMTD9mXT0CXCnRSZk0sjYUFD4m6Z8hCSoJhZO6eEl9KccTHmuBsDALNjQlfK1VVT4ZyhJX6wuL_gKrFE3XrPNvssCW9&sai=AMfl-YRt5MrcMFEx3tsrPLVWl4f-Cs_IhxmHeUSyXr2gdWO1jwUTGnhDInx9Aik_BlawJgMJGgGDzlUqz8S1o18ke0cFn1vP_FFy8BLL2WsTlKXyurg6A7WFY-ZKEALeKMWCzADx1l049RzSPjt-FERm8rqBYjPVIGNeRaTo&sig=Cg0ArKJSzANE25SugCTSEAE&cid=CAQSTwDICaaNirSww5ffxU6ZYDix81vt9w0ZZg-fK29QS3y91aJbCBy_8cTLCU2pXZqk-TfoV_ARuWWzC8VJyu4n2Mv6t3jqglgM_Aeq7HRouM8YAQ&id=lidar2&mcvt=1009&p=358,0,435.296875,325&mtos=1009,1009,1009,1009,1009&tos=1009,0,0,0,0&v=20231208&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=103722881&rs=2&la=1&cr=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291481488&rpt=1253&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame CD8E 43 B
215 B 110ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=7b142224-dd4e-d0c1-69f9-61c68dbfb19d&tv=%7Bc:wuidRy,pingTime:-10,time:471,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjcxIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702291483899%7C%7Cb398f9360835d63dfff3bf94067ebfea%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7C9dd30a18f901da93f428000701ddd5cb%7C%7Cb70a0eda5db7db7cd95ca9dba17818fb%7C%7C0108b395066d2b4f8f295d8510a18108%7C%7Cba34e167518ad94b0023511cedc42706%7C%7C233292dcec144fbe693191d1c14f5252%7C%7C1663701684,im:%7Bpci:%7Btdr:443%7D%7D%7D
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
server: nginx
x-server-name: dt07.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame CD8E 64 KB
24 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3489
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24482
x-xss-protection: 0
server: cafe
etag: 10022724608466387392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:46:34 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame DEB2 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=jca&jc=39&version=r20231206&sample=0.01

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9779134835489781&output=html&adk=1812271804&adf=3025194257&lmt=1702291481&plat=2%3A16777216%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A34635776%2C32%3A32%2C41%3A32%2C42%3A32&plas=212x945_l%7C212x945_r&format=0x0&url=https%3A%2F%2Fpainthy.com%2F&ea=0&pra=5&wgl=1&easpi=0&asro=0&asiscm=1&aslmt=0.4&asamt=-1&asedf=0&asefa=1&aseiel=1~2~4~6&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&dt=1702291481149&bpp=4&bdt=478&idt=306&shv=r20231206&mjsv=m202312050101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=5815262515655&rume=1&frm=20&pv=2&ga_vid=1141759930.1702291481&ga_sid=1702291481&ga_hid=1597768592&ga_fc=0&u_tz=60&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C95320885%2C31061691%2C31061693&oid=2&pvsid=2462913498881428&tmod=1858147498&uas=0&nvt=1&fsapi=1&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&cms=2&fu=32768&bc=31&psd=W251bGwsbnVsbCxudWxsLDNd&ifi=1&uci=a!1&fsb=1&dtd=325

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 16 KB
12 KB 68ms
68ms XHR
application/json 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20231206&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9fad5d7b813e41a8cfe0debb0a718c8e4fc5e7e1c898642bdc67d3870b15ad4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12219
x-xss-protection: 0

GET
H3 200 reactive_library_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/ 160 KB
55 KB 69ms
68ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202312050101/reactive_library_fy2021.js?bust=31080036

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d68f7694086a771004216eb24979a57640fd9140f365ec4c404a170181e30064

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 55997
x-xss-protection: 0
server: cafe
etag: 16852310439701706276
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=1209600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:43 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame CD8E 0
17 B 65ms
65ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq0sebdx&chm=1&ctx=2&gqid=Geh2Za2XHoe69u8PqO2EqAc&qqid=CKLivfiZh4MDFfXLOwIdoksD5g&met.4=fb.7~lb.67~ol.wc~bdt.-1ky~bpp.-17j~idt.-yi~dtd.-ye~dt.-17k&met.3=374.84~113.xw_1~113.xy~112.xw_2&met.1=1.lq0seag1~14.0~15.0~16.0~17.0~18.0~19.1~20.1~21.1~22.7r~23.7r~1.lq0se9ho~6.0~7.0~8.0~9.0~10.0~12.1~13.sj~14.sl~15.wz~16.zl~17.zl~18.zl~19.1up~20.1up~21.1up&met.7=CAUQCBgBMAE4AQ~CCgQBRgBIAgoCDBNOEVoC3BMeIoEgAHeAYgB8ASwAQG4AQM~CBwQChgBIAkoCTBsOGNoCXBheKn4AYAB_fUBiAGFxwWwAQG4AQM~CB4QChgBIAkoCTAsOCNoC3AqeIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAkoCTAsOCNoC3AreLFFgAGFQ4gB8KIBsAEBuAED~CCoQChgBIAkoCTBVOExoC3A0eKX_A4AB-fwDiAGD0wywAQG4AQM~CBwQBhgBIAooCjBJOEBoC3BJeNYCgAEqiAEqsAEBuAED~CBwQARgBIHMoczC0AThBaHNwswF4rAKwAQG4AQM~CBwQARgBIHcodzC4AThBaHhwuAF4rAKwAQG4AQM~CCgQChgBIIABKIABMM8BOE9ogQFwwgF45MsCgAG4yQKIAcnrBrABAbgBAw~CBsQCiDUATjsAw~CCkQChgBINYBKNYBML8COGlQ3QFYjwJg8QFojwJwpwJ4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBINcBKNcBMOoBOBNo1wFw6QF4miOAAe4giAGAWLABAbgBAw~CAkQChgBINsBKNsBMPIBOBZo3AFw7wF401-AAaddiAHZ-wGwAQG4AQM~CCcQChgBINwBKNwBMPMBOBdo3AFw8gF4nW-AAfFsiAHpyQKwAQG4AQM~CCcQBRgBIKMCKKMCMLsCOBhopQJwuQJ4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIMwCKMwCMKADOFRQzQJYjANgzQJojANwnwN4qhGAAf4OiAHBL7ABAbgBAw~CCIQBBgBIM4CKM4CMK4FOOECUK4EWNoEYMAEaNoEcK0FeKwCsAEBuAED~CCIQBBgBIK4EKK4EMJUFOGdo2gRwlAV4rAKwAQG4AQM~CBsQCiDWBTiRAQ~CBsQBiDwBTj-Ag~CBsQBiDyBTj7Ag~CBsQBiD2BTj3Ag~CCIQARgBIOoGKOoGMKMHODlo6gZwoQd4rAKwAQG4AQM~CCgQChgBIKUJKKUJMMEJOBxopQlwuAl4zsEBgAGivwGIAcWBBLABAbgBAw~CAUQCBgBMIUIOOESaAFwhAh4wmGAAZZfiAHi-wGgAav2_________wGwAQG4AQM
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:43 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 86ms
86ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/ Frame 4D0C 9 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 50541
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Dec 2023 20:42:23 GMT
etag: 5585625838579639069
expires: Sun, 24 Dec 2023 20:42:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/ Frame 57E0 9 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 50541
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Dec 2023 20:42:23 GMT
etag: 5585625838579639069
expires: Sun, 24 Dec 2023 20:42:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/ Frame 0B23 9 KB
4 KB 18ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 50541
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Dec 2023 20:42:23 GMT
etag: 5585625838579639069
expires: Sun, 24 Dec 2023 20:42:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 zrt_lookup_fy2021.html Show response
googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/ Frame BEB2 9 KB
4 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 50541
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4130
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 10 Dec 2023 20:42:23 GMT
etag: 5585625838579639069
expires: Sun, 24 Dec 2023 20:42:23 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css2
fonts.googleapis.com/ Frame 4D0C 4 KB
767 B 33ms
32ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 09:22:02 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H2 200 feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D0C 205 B
519 B 22ms
20ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:31 GMT
x-content-type-options: nosniff
age: 39673
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 205
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Mon, 09 Dec 2024 23:43:31 GMT

GET
H2 200 settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 4D0C 604 B
696 B 22ms
21ms Image
image/png 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 00:12:31 GMT
x-content-type-options: nosniff
age: 210733
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 604
x-xss-protection: 0
last-modified: Thu, 20 Jul 2023 22:48:00 GMT
server: sffe
vary: Origin
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 08 Dec 2024 00:12:31 GMT

GET
H3 200 fullscreen_api_adapter_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/ Frame 4D0C 16 KB
7 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/fullscreen_api_adapter_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b8d99191997f9c3e6794142cba8b2959a673c7cd044871697b0e969620a584ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:32:58 GMT
content-encoding: br
x-content-type-options: nosniff
age: 706
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6784
x-xss-protection: 0
server: cafe
etag: 2582286893585073394
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 10:32:58 GMT

GET
H3 200 interstitial_ad_frame_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/ Frame 4D0C 22 KB
9 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/interstitial_ad_frame_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7612ff33976166c9617f119403de9d0eae9e553ce8e06a265f5a02039cb05fc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 18:57:47 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56817
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9231
x-xss-protection: 0
server: cafe
etag: 9385233705467680479
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 18:57:47 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B749 624 B
245 B 63ms
61ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNVbItSL6gShXexb4J9IBGvnRziGlrc168hGLa4RnNC_jdYRvVGchfGEBwDasCJKnzgBnWCQEm0m7bTrHrmncVvoywiWZ77iL6we7uKO0UPlNN2QHY8bNYc0qjb76D9jiNe1i2OUnjLS6hN-bUpYgSERQyJ8vkzRenlvgkml56elPb13k3g

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:44 GMT
expires: Mon, 11 Dec 2023 10:44:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 4B40 89 KB
31 KB 97ms
96ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 4B40 3 KB
1 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:21:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 09:21:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 4B40 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 23:43:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 4B40 202 KB
64 KB 59ms
58ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B40 42 B
63 B 53ms
52ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BLTtmOyG5ejW8gT_IscVCGKMPQfz8IAz4r0PatIVM3JDMbIysLyOHnOmLRtqv5iIucgv_kfO9qUfz2AEWbLzD9C9eky_l8hjWwtxn4xKY6xB-4ZY8

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame C2D3 624 B
245 B 60ms
58ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWmox68tIcBY20DmO7oPO82lC9LZEeW-9NReSgowraU0MTexjm7nEQj6zgh3zfsWHHZCbd8cYLk2VTuwmiZ_kK3bcxA4EwfbGAZpzUGQyX6G4T1Q-VuE7och2cE5w5s7hAnkDGdtqxAypb0I03vYsK5baveFLZU1derlGoYEhf0tuEuEXI

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:44 GMT
expires: Mon, 11 Dec 2023 10:44:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 5A9E 89 KB
31 KB 136ms
134ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31485
x-xss-protection: 0
server: cafe
etag: 7119415641918660631
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 5A9E 3 KB
1 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:21:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 09:21:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 5A9E 20 KB
8 KB 22ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 23:43:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 5A9E 202 KB
64 KB 57ms
56ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5A9E 42 B
63 B 54ms
53ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BNIvyiJ7n5pUj2ZLo1gAxS6pvv0CeQcRNLwrxFyU4d1fxc8VLBxvlr6DgbH3l2DuHpuaE66zIH5exRvY36kGwk_NcSa0yMPeLlvYAxm_36pBLwHa4

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e21910fd923a6283b5d44b2382eabc86.js Show response
www.gstatic.com/mysidia/ Frame BEB2 9 KB
4 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/e21910fd923a6283b5d44b2382eabc86.js?tag=client_fast_engine_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 03:13:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 199885
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4064
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 03:13:19 GMT

GET
H2 200 eca8f43f04ace2cb887c6c133446ca43.js Show response
www.gstatic.com/mysidia/ Frame BEB2 11 KB
5 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/eca8f43f04ace2cb887c6c133446ca43.js?tag=text/vanilla_highlight_ms

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a2366f8ceefa49f15dbf946bb02a4cf52b6d2999f71712d3f52e8bd5f56e1988

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4745
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 20:42:23 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame BEB2 14 KB
1 KB 30ms
28ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 09:23:32 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame BEB2 2 KB
822 B 21ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 19:43:32 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame BEB2 24 KB
9 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:42:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 20:42:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame BEB2 3 KB
1 KB 27ms
26ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:21:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 09:21:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame BEB2 20 KB
8 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 23:43:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame BEB2 202 KB
64 KB 64ms
63ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H2 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame BEB2 37 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 20:42:23 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame BA2B 13 KB
5 KB 21ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 167
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:41:57 GMT
expires: Tue, 10 Dec 2024 10:41:57 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 aframe Show response
www.google.com/recaptcha/api2/ Frame AC19 829 B
1 KB 78ms
29ms Document
text/html 2a00:1450:4001:828::2004

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 -, , ASN (),

Reverse DNS

Software

GSE /

Resource Hash

7c5d5590ee9293cfca711c17bd6297dc1be2fe94115b4c506697a1e61ee3d3bf

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-8Slacz31qpxsRUptZCWtmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://painthy.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-8Slacz31qpxsRUptZCWtmQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:44 GMT
expires: Mon, 11 Dec 2023 10:44:44 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 css
fonts.googleapis.com/ Frame 7158 6 KB
706 B 30ms
30ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 11 Dec 2023 10:25:49 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 load_preloaded_resource_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 7158 2 KB
822 B 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/load_preloaded_resource_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:43:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 54072
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 795
x-xss-protection: 0
server: cafe
etag: 4925184154378345226
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 19:43:32 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 7158 24 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:42:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 9318
x-xss-protection: 0
server: cafe
etag: 3562968281324141506
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 20:42:23 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 7158 3 KB
1 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/window_focus_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:21:43 GMT
content-encoding: br
x-content-type-options: nosniff
age: 4981
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 25 Dec 2023 09:21:43 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/ Frame 7158 20 KB
8 KB 22ms
22ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20231206/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:43:40 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39664
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8581
x-xss-protection: 0
server: cafe
etag: 5638635208567908330
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 23:43:40 GMT

GET
H3 200 ufs_web_display.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7158 202 KB
64 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65145
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1701866768669483"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:44:44 GMT

GET
H3 200 f9d9b65dbd646119ce96bad0f484d579.js Show response
www.gstatic.com/mysidia/ Frame 7158 37 KB
15 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/f9d9b65dbd646119ce96bad0f484d579.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:42:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136941
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15460
x-xss-protection: 0
last-modified: Thu, 07 Dec 2023 22:13:01 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Fri, 08 Mar 2024 20:42:23 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B749
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

43 B
732 B

57ms
56ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNVbItSL6gShXexb4J9IBGvnRziGlrc168hGLa4RnNC_jdYRvVGchfGEBwDasCJKnzgBnWCQEm0m7bTrHrmncVvoywiWZ77iL6we7uKO0UPlNN2QHY8bNYc0qjb76D9jiNe1i2OUnjLS6hN-bUpYgSERQyJ8vkzRenlvgkml56elPb13k3g
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1merxUjtM2PwaYuMdKaCX5TB8ZMehfQb6EGbF7jGwXdjnMLOBBTrlYrcznbdKzGkex2x7xoR2s6gwBa5TkkyCJp4NPqFxDcNNrkESqsFpEnVEhLE%2Bp6z6AL1NE8oaYerPiP9FzVKFaTh%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 833d22503a0e44f8-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame B749
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXboGr6e9LJ9mATf4BcIcwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

43 B
737 B

57ms
55ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNVbItSL6gShXexb4J9IBGvnRziGlrc168hGLa4RnNC_jdYRvVGchfGEBwDasCJKnzgBnWCQEm0m7bTrHrmncVvoywiWZ77iL6we7uKO0UPlNN2QHY8bNYc0qjb76D9jiNe1i2OUnjLS6hN-bUpYgSERQyJ8vkzRenlvgkml56elPb13k3g
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tMKlBsJ6waREXZCDS%2FvvsJAJiEsVJ3aWBS0%2B8N5wzltLF7CHh3%2Bx5x7SCmnDgdhryT1JIPJiVRARqxUlQaj3EHoY0I8%2FBCtsnjsqDSh1TiY5JLQiQ%2BcJsk2grLVyJJcPmeR%2Fl7T9V7tkA%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 833d2250cadd44f8-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame B749
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1

43 B
840 B

25ms
24ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGLuR3_QBMAE&v=APEucNVbItSL6gShXexb4J9IBGvnRziGlrc168hGLa4RnNC_jdYRvVGchfGEBwDasCJKnzgBnWCQEm0m7bTrHrmncVvoywiWZ77iL6we7uKO0UPlNN2QHY8bNYc0qjb76D9jiNe1i2OUnjLS6hN-bUpYgSERQyJ8vkzRenlvgkml56elPb13k3g

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
an-x-request-uuid: f547186c-0408-4df0-a21b-482fccc6ab4f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.24; 217.114.218.24; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame B749
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

170 B
188 B

31ms
31ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
an-x-request-uuid: 7cfbe84d-d05e-48e2-a98e-0fc91d5435a3
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D
x-proxy-origin: 217.114.218.24; 217.114.218.24; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C2D3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

43 B
733 B

61ms
60ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWmox68tIcBY20DmO7oPO82lC9LZEeW-9NReSgowraU0MTexjm7nEQj6zgh3zfsWHHZCbd8cYLk2VTuwmiZ_kK3bcxA4EwfbGAZpzUGQyX6G4T1Q-VuE7och2cE5w5s7hAnkDGdtqxAypb0I03vYsK5baveFLZU1derlGoYEhf0tuEuEXI
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=anvqlAnvP0QLqxwgOQGgNIy6PlTifQY6TgUPw%2BH8gaP6AxK6ub3wK0U3riUtDRz6FJiHOpW%2FnThPWW0RYxFtxUgRkfPiy7q8lxV0D2e6n%2BLhozygmEcqI3ouzrUBFuEOYLfDVAy305pWwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 833d22506a4444f8-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

rum
dsum-sec.casalemedia.com/ Frame C2D3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZXboGr6e9LJ9mATf4BcIcwAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1

43 B
735 B

58ms
58ms

Image
image/gif

172.64.151.101
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWmox68tIcBY20DmO7oPO82lC9LZEeW-9NReSgowraU0MTexjm7nEQj6zgh3zfsWHHZCbd8cYLk2VTuwmiZ_kK3bcxA4EwfbGAZpzUGQyX6G4T1Q-VuE7och2cE5w5s7hAnkDGdtqxAypb0I03vYsK5baveFLZU1derlGoYEhf0tuEuEXI
Protocol: H3
Server: 172.64.151.101 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rjBFuZOAkip8MzlqJE1mR3lK6lxqf%2FW%2FCwRYkpXSxlCemRlEE1qT66MIsb5Iz40dBP9uwQRr1zjLHO%2FohmTObgX%2F8EkQBhVHAW2a3Dw49cvoAls083Fz08tHffqh3YRyqwDcBOG2SqkmyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
content-type: image/gif
cache-control: no-cache
cf-ray: 833d2250cadf44f8-TXL
alt-svc: h3=":443"; ma=86400
content-length: 43
expires: 0

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEK8P_mpKRzW0A5rzNnzTv9E&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame C2D3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1

43 B
840 B

27ms
27ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJCTupUDEPK-3ZgDGJaO3_QBMAE&v=APEucNWmox68tIcBY20DmO7oPO82lC9LZEeW-9NReSgowraU0MTexjm7nEQj6zgh3zfsWHHZCbd8cYLk2VTuwmiZ_kK3bcxA4EwfbGAZpzUGQyX6G4T1Q-VuE7och2cE5w5s7hAnkDGdtqxAypb0I03vYsK5baveFLZU1derlGoYEhf0tuEuEXI

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
an-x-request-uuid: 5bfa92c0-97b8-4daa-871e-4d68f47adcf1
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 217.114.218.24; 217.114.218.24; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEIgcUig2db7l1IbOzWhBZsc&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame C2D3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

170 B
188 B

36ms
36ms

Image
image/png

142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D

Requested by

Protocol

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
an-x-request-uuid: c289a80e-271f-4431-b6ac-edf98a77ceb6
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Njk0MDM4NjczMjY3Njg1MjE2Ng%3D%3D
x-proxy-origin: 217.114.218.24; 217.114.218.24; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8EA5 143 B
166 B 20ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 380
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:38:24 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame BEB2 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c7c68fe3304171df26a809ccd41041e19127481c406d18b3c7930e6058a81293

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B40 0
20 B 53ms
52ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1430313210631&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B40 0
20 B 52ms
52ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1430313210631&version=m202309260101&ct=76&x=1&cor=13842133622287376000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 4B40 110 KB
41 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DffsUY-_-pgwDSAcxcnG8aJl47XUa44kdqt1rapYGUg1P4fCyy1peru612SlTY3CSntpR8SES7otzSrQZg2y_hDcX15pSHHaDoIhzmLmEE23XqfVzT71dZCXPeAIuIvSp1bpVk-c2cyjamg5rC29L4YaXwrlVBc1YjsdDSFE-ZqaukZ9A&dbm_d=AKAmf-C4YXiA-PThzYqSZq4J3kd-eDtcusNKK664Bx_jqBqEMpBbSLb2XvNDDNoTxzFOt8eqluwvq6wvNBgcPiSRr6Y_xlCGDZQhy_vDWxmbocNVWzcVvWiOj8EpWa3Z8BwtLdqQbV2bHwbPZQe0jEMWZUxbu4KuFOhOnNJnmhV8pmU6vuAxuntJNefijrEnNTQmvrFXl8cUfcJTQf1Mud9xFmD-kwKbzwLAUu_RdyXe5URUj3oXewCu83G66Z1WpN03CBeqlqzcgsVVxyY7-kRne5Xxk-ZdF78sBYk6_RTUcdzzd6wYG6rGAtBYsXf_V9tJkVCTmbKsygFQp3RthlzqsgiouRulwZrZY-U4UU6HMPRvwdJs2mfGPZp3fIzfXcbpA7HoLMpD2ynLCcFBTBGv8iHWy8uySgTN1gpUsRC44Zzsjuch7ThFIS5hdTyR4L9NaYRFBUiF2CIWVI7rin_98iEeZhEiG-RsxBo0dn-PDaz5xgbJ8hWbQe6Wx5ySPfODLKvDGBlhR5xd7qwwaabaLZvowxkmqzc-LxesRaZAY2rLlsTyjf84Wu67nsCQ41vLhwwksnrsKPmUVDfzGJa4JUXI7TupwV-vRPWTelVGFuq2ycLCw3vAR5tBjlrti8XF_pGC26G8MK58qteY8QfQ5TjBouPH1nNcjcd5ReNajrpYy9rpyTjPA2_KmWJ9Lg7AcuiJGMl2-S2m5YtL2TmSyO6Fup3qbXS-I2gY3t0O3136cfaJT6f7pmigNURhM_ukhYO71PMIaaMhcjvOJia8mSZd7Zf2yFRAnV8B3xbZ1KzCWt-llyRQoHdcehRpHvkIpOI6Brcz4-QLlzEfbgdHm_FWD1Q_ZpgFTwrcNZwN67P9pXiHG_z_d4linaXVwdmqILTPgN31XlTR4SbDfAF5whoyRhLaedEz8vygAyxVMPkyA00mVpg_E6m1FLbHtHr6ap-2Xrg43ggOGMkVf2APJznyTSAUYiDIfTKO348xFpFRjY6hadEnToLN3Lstm_S5QdepbGMcUtjLVjNjYUhsrbSjjYGnSz5jpO1akFv5rLGuQFpk7bgEsMONkR_lcTaxP3ntSzID9EpQoK170IHT4N_WpvTPFH0ZlfXPo_9lXf64lyjhD0-LPu-o3sYJW9EM2KIfQhlNu-fHi7-S1W05_i5Da7_2sHgfZTzuAYwiRhr0mVs3vgvGrSJSeehNkXzFxXoTEnDHY7ShILuY1FZa0D1QbWRnyFboZPSqrAA5r2t_JWe37nKK8HwxKzIPePOzKJv8g9Vau6VGYgFa3t8xjtVtLywr0j9BmTS-ylgyINXtC3verZ_amsO4Uew8WkSjpDw1Mo9K1eu5RMumwmWiIIPZAcLEb8fh1n8D0T2OKC1yDPe7M_uOY8Cy9oPEKX83D0QXHcSkf2IANpWufxJWCCMO8vJ0ZYNjLBTFy4mexV1NGhAgfuwCZCKnHH0Q84IKAotAa7uIdzyjC_aYLvdzFt3AhbzR1mYmAl8olFKvjZYcRfRDzUBriRF59I9RTX6SQDfBVD0gKdqWCioqn1RPZggdTal9UH_g3YXrhklUOnDrZOkeyg94yRCMKjG1ywDMyU7Jnlaj7PtZOWeunYncr4pTZ_z1meDwu3Sl7_RW0xdfaR2XnWyhtWdRzqvc9RJfmjAcFzhsq100kDg6NdOKshsx8ARFbgcTwlepxeyIOsB9IMUdz5mbv1eJvptXdsIp_4MfHHHjgp5oqfA6BLzBrCAFm6CgfGvYfXoGD-qke8EJngn77rXLtJlWINr3BgEXF0hhT2y2Pfy8Cu-HyDQNv4B2dkmpqWctegkjas3Dn6EqqEQJWeMTkapCwTi2jTgGbwmcNI5M8Q6Y8prcDgBYZP0eSPRXtlD9QclpK6dfg1gmGg9goT7PV9DWACZTHzgYXkvR7NcEuyXw_ktGNT0Y27EksIQCPRWydzmxtE8I5TAAoEPaBne-_5pXkzZDgaQmSrNIs4Us0nyL5WxQdyCwLkprt03vbSQ7NcO1eYet-QWRHYCbtP5k7dkC4Pcb5BGBbzhd2tkMnaJSMe_A6fh1z1KaAsMDUeajRIMiDnLjrzbVxZ-s2Z-ygulm1llQX9XsyNoLKSofZJWikKT_BBlun9DxPv1albl2NC1RaIUabXSHD0y-BE4_5kNnDOIWKkfE9RcwVvq5CzNfB_emzjydzPjDck9aK0_XxvJKVAFzglzk8Mbt83t_3Isj8GIzfRuCdPrbqXY81J24Hb3W8u1Ve-raapsplGzmlrqLZKymWRsbxzM06u7tkge_WmGloCBwEQ6TrnkH0IsW3lgWmkPF7OowJdI53JRuMycOSmZ7SgxoEJojAcBvz4J7sjMfxBgCnxQpGAojN3cjEUv_WduQR7-p5ge__bp6cCsLGV-r7R3tiiBNYKbrndM65L9VuVGKgBE1NhTBBdrv8AQk7ahpHWA_37iq9UXXiZ4eeAtWgZ3Vv06PoYO2hKvYuKUgnU3EWsL85GeWcoOFc0nBuV9dknb6YUWJjAMs_xKXJrGBcRWeDVD2_gzI_vLC8HAvvcqE8td9ld0eG51bXjf3p1GTrGXwskczJ-n2Ad7sAX_UVDA4C8fotTx9N2xM9yvphQqunlRSIeMLsJAoiwIZQOIfnpezAF5bBdPJSXYBrgXH4CqwJMsTCvI0asiOIN2ZJ1mqp8kx2J32764iADHazqKkUL0oQe6cAUU5AsodWuZu4MUm9-5ft4yzCDw6EDpvjyh3mT7--OK0x2eGxulxtgO5szedpybJGtcwNvBf9vBuk4DrwO5DYulaECWjJ4dLfajy6wutBjZn2UC-e51lhSso_QLtXv10K5vH3_1ypWpPSoDzCZhsEyql9_1B_WiQxCDA2hwriAezlpTxTOIHxpeJKXr6e6us99Kc2czEv_FeerDoxC2psEliUfyJDI0aLPs6mB2adUlwPXT8P_AGzb9EuN033njsqMMLua6Sm5aOlBE4Yx1arTaMPYRfCoArl6Ar9epfABFDJAAZOTvKOLd3uM1NI_HBs44TFzr-C8D1X0HsovEWAJCuZ-HsMC4ONpDt1AAfOXF9JKggpfQylhkeKzFYyrQ-FuhtTbHK0zJnrmCPYQ-zj0ZWZON4ueOcBlk7NRzwvrLX36_GLVorcECUNyUtyRwFYHAkgbCf7cSB2A0jwSHRieSoolgBfu4yXIie3urRhfBccEdhi7QXQorAkuD2AetV5LIBzybjFlmisjUtJVzo2OCVEYwcblMOLCPJfCJTopoF14NwancxP8MmqkeYzbZYVLL4w6Ia3KBvlAra3ctvt4eaNF0XbN5LQlaJVh4jXfUlOHIgReklpOHWbO_ZzFtpT9ynI-preeoswMJvfmc2w3VcCAyxuTRCL3syfrbKEtcuDGA7TyxjKDVAQq8AWRT3SSmfU6vJoEJXKopQH-IlFOvuOuR5KUi-1WdbqA79o041Z2besBO-EXmEW7R4wPviNnD7Bed6MPanQqiXIl_9yuGTxkTDgWI71pt5ps8CYjupMU71q0J9Bzo039kdhPBLvwhZbw4NjVoPnOndyuSRtvu6kSqZnbIOT5G3w2xl69XHAcdy3rT-NI9ioCbnrDPo9wnSwOyb60q5YrfEP9CbOXfdUGKwOWMOHT3L3Nnf1IQGWjt4QuhNkm4LAAwnplMrWotm5nN1G0aLOX9UqtEMcevUHl0T8OIyiFT06vSwACMzwCWiEpKvI3ORC0popfo4IuZoY2VOst3wobPDiP8xiAV08yspPZ1UzcO8ZFth94BN&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpainthy.com%2F&ds=l&xdt=1&iif=1&cor=13842133622287376000&adk=1726166463&idt=105&cac=0&dtd=12

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bc9d065c517156a79b4bd381dc9cb1f6ec20e861ed1ca802c6f9816274c820b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42406
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame BA2B 39 KB
15 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:00:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 09 Dec 2024 19:00:51 GMT

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v58/ Frame BEB2 33 KB
33 KB 20ms
20ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v58/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Wed, 06 Dec 2023 21:01:51 GMT
x-content-type-options: nosniff
age: 394973
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 34108
x-xss-protection: 0
last-modified: Tue, 23 May 2023 16:35:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 05 Dec 2024 21:01:51 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5A9E 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=423644649410&version=m202309260101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5A9E 0
20 B 55ms
54ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=423644649410&version=m202309260101&ct=76&x=1&cor=12768063389828585000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 5A9E 109 KB
41 KB 66ms
65ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CpiApIYYyOPsvlg3pg-u6d-gNaBKTPcwgwKmlxCI0mBabbRoWZ2ZDBrknEnitIbvxta1jldWHa-r-X8MOTNAbMBPYm5SC9zSvxili1jq3BPS2YIS7j6QAITK1IlsnArGUeqWD5jNseL9G8LXpZdD0CLSpBgikcAE7Ec0fblVO2ekS2KZ8&dbm_d=AKAmf-D5SQHUFNcOrG5gM6jV_e3AOFDj3Ttg8bFukocFntP6iRUuujSi3H90h6v--H9QzFPB2tpuGP8CePx-_ANlaUoqH1dqOZhVSsjSMrUCVTJnjyvcHs9bkAZ_-P9S2UyWex_q-DUv0zNkcGuyGDsw0p2elxL194L3fJSiMuNzEOygrAj4Uuwhk157eJG9rvL-wg4TBduUOhjDRjctHuQZI4Kfse0GAv7Adc3jCPfSk5OIj5Q2cvzvKGCL24VWZfv_VYsLB9XhhNwchwcFVYaUP2YHXgjwY8ihhvQqCbZ2Zj84vsptiaVWsIVBXGYe1pvv58KJFrFWkaqO-umsg-VvzEfNEDgTKskeKn8oLbTl383c7F_DN3fJs4hvfOa7acC5H5IG-y9w9YYxi03PIieyc0h-FaGxI2ShRHhhGbSQihOWFB4wSo0fjA0iu9cSBSE9cNwIyJY1nXpMWOtNpxXNmA3emwLLUMDsGrtk0nrF-U4ATd_s6-RhwQpb0QPou2y2heqROqXrHiZcNPa61eUddFMw790O6QA79xqIVnOzEe7i7Fuj1I9ExGmii7Ks891Qc3SSw7UeffX94Te7ljEmjuj8aPsO4znKD2Wf2kap0i2CidYbn_qeAJ-X0aPTWlta1k90aaDDRzO6IcCoGqwb1HDE9cISV22w--VvVSe_ZZftxYpe9w6Bml5UiFu6UeLRI5VsNXrhDCPApz-a2ruYfabasxNRf4e2TxMsCOIDGc7_rjTJI2ZAgyIVWWVSzpgAHu9Zd_xIabwjKrrjh5VTb08TYwZ_-TynpZKjuCJZdTx8oiYNmryxxOMvI6Nc4D9_fwd_PNKpl7-ENgWUISYfMXgbrOihJ8ypfRMmlWroW2IlUMxgcb64KzrlU4eje5xs409vAddW4oNEATPOz0d3XCmtF5dPeRXwSEXx0Ijrbk10tAMWzf-y-b58xMzy1n5W0fpxY38AFe5Qk9NYukjsX01qwr_5LP_xn4vIGoMDcFSBAK8aR-h0NzdCJE_O3I6k_JwFXA9MzGf4R2I7qPd5Nuu9gJTTt-OvRWFbtVpbClcWl1h2457migLN2WV7jfAPdo1p9n3m7dH0Gmp8EFNKkSCsiOcs3vzbkpL-4xpKdxw7cTzx3UzlleD5v7KIG4-8nnAYsnWS7K4Aqm5E-P5vNSmLfL37m9dsj0ZSzgjhlN-VyKqD6QqcJsNVB92tDlzcBxCavP7dPCBMsu2m4b1EBLUtv79DAR09MQe7UZczM9dQsH5eAWSKvSQO_G9VTwKIO3Y4BJqV10NOi0iYnjm48RAj2Xgn5uUJ1JCS7lders_aVQRAX8R3T-sGLEXOScsukLjRqZKImR-ezhx4DLsSO_LrWxXaJhPQ8JK_wmMUjt1N1OsP8NxjAQUwaCAU-T8vSAJ3qiXSmM1gXJa5qQA1mFQ2fnS5CRpqjFWlklfp_n077sJw3WZ-EDTYU5ums3Mc348VfeqrS1t-OsE4_N4pxC9KExQC31eTrc4qEIq6KQP5CXs3Ag8wKOTYhlb2Z3e36Hz-e5xl_CU8eWq1n5XaYy1wbGMdbtsTz7Gzg3_3OWrVap2ueX_7F4Pkzaw2M5V5LDecoYpQlgHTT5QxCfxVYigVUi0wlEv0i9C2KyUsvpqfIh-NTgrVZkVymMqFOfL_P1KDr_DrLBVVzHvGnSMwPVB-LR-2jQ3mfqtRCoK6JlylJG2CinZC3bcPU7pdg92J4ZgUx25IkJRFqoLr_Neirnx-GAFjb4hFv8IuyETmn8eij9FvOBzA0l0TqRIKVJUTKgQW0DDhRFReGep49SebhsmbubrZOMaiaEEMH0SEFGEDc3Xllw8StwOjSXdf-xvXens2qbf6tqJeaZ2rwigIf8te_mik-vT_onuRpheOlrSVcJnNlmQhHiw1UU5mSwDmqVa2oXVCGd4r3xMGChKDCdPHcow7BtZVH1NYbyCQuo-D26MODW3tN4DGLw8RVnUmqq28CBv-D2BPV5Yt4H9NVLcmkgYi1dLizLcoWXzCpidSuBGtOYs1RhplJUxvldivxIXZEsX04i_e3AgkkDGeFHXoJAV1xeXdjVMe8uJtFZZlQ5azKME6uAHAZwrFd95omaCIrbYsvNdkkbkJnTom6RDvTWNr7SEFBaMZQRaJ0Ay4XAR2uqm8cfGeYTC72Ki74L8KIqqaNmEBfMOUEIfuSLd8ZkdVXXCzqjmtBrbiXDuD6ULH0puKvjJboxaijy-I8y9PhCOGvuG01VPgt_wIfdMrmhH-Yiyw5Jk3Br_rPZz-VtTeMFXFG0-5rC4uQPizsCUSbegS0Uvh2xs3iBzvAPnj0TfFoqUTeMVZyItZpdCsI2Nhd6XdX-PcsnvrkjWQvE2Kml8s-W81NheLIZtkKUj94HjnoLQQTUqA5nCr2Jq9hpeWVSva-pNRIzPtCqpnpjR24HJ4EHEdHmmerrvsxmbLaY5IhOxJJm1VcRrqVBceDPgu0MZpMbRy0cyOds0cgeyvsWyartch-X8ltZl4bHH6euWMbxvhaYgOkVkjuiPsT41TP_opd4xlz5b87cDPYvIXTWuwSatfC6W6OKR1QyCYggKlDr7gKFKbhN5kcT6zuC68RYmNvT9zavQ7cW2czU4ldEXhgGnKwlqMzRljIEzJNKx3yJl7jwzCkvH5oGOSAQQ1xBeX2F09xf_DDwGFuwlUmyAYO6ZsXTLuNfKF5xeVZRG2PPE9h5RzkxtsRs2GW-zecxgsgQSGIsEwgibLB_1mHjrqc-3tqrTCl2rx8NbaCFs8JGZYFlZci8zGm3ke6H_JXjnubAfmqaNHi0FAuscqTlb3nOF23uFcKAoZCOYO7tdWQMLLEq7hMMqIKJExMvLIZtVAQ5FcUozF-ls-CpbtB2WtypEgmowIcm9NEYj4KwRFnZk8JdBhql3f9dRUqAWArCKfPEVPKoV7fQvYB8D8dxH7O9wTcGIFI22yxYUNCCF6LxuBIEqu1feWcVDBVtioEqHsjwhkhyeu2ug2NDhPavO1kkR8J68nBaWv_fTPkN2Z2LVbgH7zohUPI4POtQnBBfyWQrfWeR-RpvQJdaxuxzsRm5ivGN-tEIDh4Ob89XgUik640HnMEsRGPkQgPqJo5vrmrlF3KcFe8_1PM9DKo_0kfd4_qlp7AkOn07_OyFHitWKSc3I6z3jwY9Tm4X5108OGtREflBvFIhfFaB-zOMnNs0WCxdMIAvCdLIe77Lrzk-OnHoeTW6YicP8XkdBYhjiIylruaKhw8zTvAm2kbsQl7n_DLi97vTb38UbZXmTmNTFGhjnDDyQAHk11zOtJM8_T7gc2axU1HO1UyW6AUsZh2r9nGYpPHqptAUEKhWjMOzZ05qImwY7jk2223S23CsWY5gyjhX35_Wm34tIE13KUYaI4bnmD7dfMz1w77blV73ZMXVQHywS0gyIcZpQOMBF9eZzlVn27FGfg4H6RZGnVCTBAyJ6VMgMj52b61S4zTYX6u8EjQpj6NlNoVY4APDNvJwM-ErBCiCHTCA4Ezonex6_YB-38n-yhM2SglYWXQSGP7d5a3PqzKzxNpIig83Q&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpainthy.com%2F&ds=l&xdt=1&iif=1&cor=12768063389828585000&adk=521587873&idt=143&cac=0&dtd=3

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d58f34174aa0c71cbef9ce43c8594d3586ffd00dae97e0a22a10f205a22d3569

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42070
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js Show response
pagead2.googlesyndication.com/bg/ Frame 9112 50 KB
19 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:47:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19601
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 09 Dec 2024 23:47:32 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 7158 64 KB
24 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3490
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24482
x-xss-protection: 0
server: cafe
etag: 10022724608466387392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:46:34 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame AC19 0
0 53ms
53ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20231206&jk=2462913498881428&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 8EA5
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

29ms
28ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:44 GMT
expires: Mon, 11 Dec 2023 10:44:44 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 11 Dec 2023 10:44:44 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523873/ Frame 4B40 255 KB
77 KB 46ms
45ms Script
application/javascript 52.51.176.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523873/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20487174429&bidurl=https://painthy.com/&ias_dealId=&xsId=ABAjH0jyNOxkmhPLCJYds3zjlpnw&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0jyNOxkmhPLCJYds3zjlpnw
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.176.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-176-114.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 89a8fda9646735467bb9cbebff33ace574801fe553aa4cfb69abea572fa1a066

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 4B40 111 KB
39 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50285
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Dec 2023 20:46:39 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/ Frame 4B40 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DffsUY-_-pgwDSAcxcnG8aJl47XUa44kdqt1rapYGUg1P4fCyy1peru612SlTY3CSntpR8SES7otzSrQZg2y_hDcX15pSHHaDoIhzmLmEE23XqfVzT71dZCXPeAIuIvSp1bpVk-c2cyjamg5rC29L4YaXwrlVBc1YjsdDSFE-ZqaukZ9A&dbm_d=AKAmf-C4YXiA-PThzYqSZq4J3kd-eDtcusNKK664Bx_jqBqEMpBbSLb2XvNDDNoTxzFOt8eqluwvq6wvNBgcPiSRr6Y_xlCGDZQhy_vDWxmbocNVWzcVvWiOj8EpWa3Z8BwtLdqQbV2bHwbPZQe0jEMWZUxbu4KuFOhOnNJnmhV8pmU6vuAxuntJNefijrEnNTQmvrFXl8cUfcJTQf1Mud9xFmD-kwKbzwLAUu_RdyXe5URUj3oXewCu83G66Z1WpN03CBeqlqzcgsVVxyY7-kRne5Xxk-ZdF78sBYk6_RTUcdzzd6wYG6rGAtBYsXf_V9tJkVCTmbKsygFQp3RthlzqsgiouRulwZrZY-U4UU6HMPRvwdJs2mfGPZp3fIzfXcbpA7HoLMpD2ynLCcFBTBGv8iHWy8uySgTN1gpUsRC44Zzsjuch7ThFIS5hdTyR4L9NaYRFBUiF2CIWVI7rin_98iEeZhEiG-RsxBo0dn-PDaz5xgbJ8hWbQe6Wx5ySPfODLKvDGBlhR5xd7qwwaabaLZvowxkmqzc-LxesRaZAY2rLlsTyjf84Wu67nsCQ41vLhwwksnrsKPmUVDfzGJa4JUXI7TupwV-vRPWTelVGFuq2ycLCw3vAR5tBjlrti8XF_pGC26G8MK58qteY8QfQ5TjBouPH1nNcjcd5ReNajrpYy9rpyTjPA2_KmWJ9Lg7AcuiJGMl2-S2m5YtL2TmSyO6Fup3qbXS-I2gY3t0O3136cfaJT6f7pmigNURhM_ukhYO71PMIaaMhcjvOJia8mSZd7Zf2yFRAnV8B3xbZ1KzCWt-llyRQoHdcehRpHvkIpOI6Brcz4-QLlzEfbgdHm_FWD1Q_ZpgFTwrcNZwN67P9pXiHG_z_d4linaXVwdmqILTPgN31XlTR4SbDfAF5whoyRhLaedEz8vygAyxVMPkyA00mVpg_E6m1FLbHtHr6ap-2Xrg43ggOGMkVf2APJznyTSAUYiDIfTKO348xFpFRjY6hadEnToLN3Lstm_S5QdepbGMcUtjLVjNjYUhsrbSjjYGnSz5jpO1akFv5rLGuQFpk7bgEsMONkR_lcTaxP3ntSzID9EpQoK170IHT4N_WpvTPFH0ZlfXPo_9lXf64lyjhD0-LPu-o3sYJW9EM2KIfQhlNu-fHi7-S1W05_i5Da7_2sHgfZTzuAYwiRhr0mVs3vgvGrSJSeehNkXzFxXoTEnDHY7ShILuY1FZa0D1QbWRnyFboZPSqrAA5r2t_JWe37nKK8HwxKzIPePOzKJv8g9Vau6VGYgFa3t8xjtVtLywr0j9BmTS-ylgyINXtC3verZ_amsO4Uew8WkSjpDw1Mo9K1eu5RMumwmWiIIPZAcLEb8fh1n8D0T2OKC1yDPe7M_uOY8Cy9oPEKX83D0QXHcSkf2IANpWufxJWCCMO8vJ0ZYNjLBTFy4mexV1NGhAgfuwCZCKnHH0Q84IKAotAa7uIdzyjC_aYLvdzFt3AhbzR1mYmAl8olFKvjZYcRfRDzUBriRF59I9RTX6SQDfBVD0gKdqWCioqn1RPZggdTal9UH_g3YXrhklUOnDrZOkeyg94yRCMKjG1ywDMyU7Jnlaj7PtZOWeunYncr4pTZ_z1meDwu3Sl7_RW0xdfaR2XnWyhtWdRzqvc9RJfmjAcFzhsq100kDg6NdOKshsx8ARFbgcTwlepxeyIOsB9IMUdz5mbv1eJvptXdsIp_4MfHHHjgp5oqfA6BLzBrCAFm6CgfGvYfXoGD-qke8EJngn77rXLtJlWINr3BgEXF0hhT2y2Pfy8Cu-HyDQNv4B2dkmpqWctegkjas3Dn6EqqEQJWeMTkapCwTi2jTgGbwmcNI5M8Q6Y8prcDgBYZP0eSPRXtlD9QclpK6dfg1gmGg9goT7PV9DWACZTHzgYXkvR7NcEuyXw_ktGNT0Y27EksIQCPRWydzmxtE8I5TAAoEPaBne-_5pXkzZDgaQmSrNIs4Us0nyL5WxQdyCwLkprt03vbSQ7NcO1eYet-QWRHYCbtP5k7dkC4Pcb5BGBbzhd2tkMnaJSMe_A6fh1z1KaAsMDUeajRIMiDnLjrzbVxZ-s2Z-ygulm1llQX9XsyNoLKSofZJWikKT_BBlun9DxPv1albl2NC1RaIUabXSHD0y-BE4_5kNnDOIWKkfE9RcwVvq5CzNfB_emzjydzPjDck9aK0_XxvJKVAFzglzk8Mbt83t_3Isj8GIzfRuCdPrbqXY81J24Hb3W8u1Ve-raapsplGzmlrqLZKymWRsbxzM06u7tkge_WmGloCBwEQ6TrnkH0IsW3lgWmkPF7OowJdI53JRuMycOSmZ7SgxoEJojAcBvz4J7sjMfxBgCnxQpGAojN3cjEUv_WduQR7-p5ge__bp6cCsLGV-r7R3tiiBNYKbrndM65L9VuVGKgBE1NhTBBdrv8AQk7ahpHWA_37iq9UXXiZ4eeAtWgZ3Vv06PoYO2hKvYuKUgnU3EWsL85GeWcoOFc0nBuV9dknb6YUWJjAMs_xKXJrGBcRWeDVD2_gzI_vLC8HAvvcqE8td9ld0eG51bXjf3p1GTrGXwskczJ-n2Ad7sAX_UVDA4C8fotTx9N2xM9yvphQqunlRSIeMLsJAoiwIZQOIfnpezAF5bBdPJSXYBrgXH4CqwJMsTCvI0asiOIN2ZJ1mqp8kx2J32764iADHazqKkUL0oQe6cAUU5AsodWuZu4MUm9-5ft4yzCDw6EDpvjyh3mT7--OK0x2eGxulxtgO5szedpybJGtcwNvBf9vBuk4DrwO5DYulaECWjJ4dLfajy6wutBjZn2UC-e51lhSso_QLtXv10K5vH3_1ypWpPSoDzCZhsEyql9_1B_WiQxCDA2hwriAezlpTxTOIHxpeJKXr6e6us99Kc2czEv_FeerDoxC2psEliUfyJDI0aLPs6mB2adUlwPXT8P_AGzb9EuN033njsqMMLua6Sm5aOlBE4Yx1arTaMPYRfCoArl6Ar9epfABFDJAAZOTvKOLd3uM1NI_HBs44TFzr-C8D1X0HsovEWAJCuZ-HsMC4ONpDt1AAfOXF9JKggpfQylhkeKzFYyrQ-FuhtTbHK0zJnrmCPYQ-zj0ZWZON4ueOcBlk7NRzwvrLX36_GLVorcECUNyUtyRwFYHAkgbCf7cSB2A0jwSHRieSoolgBfu4yXIie3urRhfBccEdhi7QXQorAkuD2AetV5LIBzybjFlmisjUtJVzo2OCVEYwcblMOLCPJfCJTopoF14NwancxP8MmqkeYzbZYVLL4w6Ia3KBvlAra3ctvt4eaNF0XbN5LQlaJVh4jXfUlOHIgReklpOHWbO_ZzFtpT9ynI-preeoswMJvfmc2w3VcCAyxuTRCL3syfrbKEtcuDGA7TyxjKDVAQq8AWRT3SSmfU6vJoEJXKopQH-IlFOvuOuR5KUi-1WdbqA79o041Z2besBO-EXmEW7R4wPviNnD7Bed6MPanQqiXIl_9yuGTxkTDgWI71pt5ps8CYjupMU71q0J9Bzo039kdhPBLvwhZbw4NjVoPnOndyuSRtvu6kSqZnbIOT5G3w2xl69XHAcdy3rT-NI9ioCbnrDPo9wnSwOyb60q5YrfEP9CbOXfdUGKwOWMOHT3L3Nnf1IQGWjt4QuhNkm4LAAwnplMrWotm5nN1G0aLOX9UqtEMcevUHl0T8OIyiFT06vSwACMzwCWiEpKvI3ORC0popfo4IuZoY2VOst3wobPDiP8xiAV08yspPZ1UzcO8ZFth94BN&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpainthy.com%2F&ds=l&xdt=1&iif=1&cor=13842133622287376000&adk=1726166463&idt=105&cac=0&dtd=12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:42:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 20:42:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 4B40 31 KB
12 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 11:19:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 11:19:18 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 4B40 41 KB
14 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 01:45:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 205131
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 Dec 2024 01:45:53 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/1627455/73523888/ Frame 5A9E 255 KB
77 KB 50ms
50ms Script
application/javascript 52.51.176.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/1627455/73523888/skeleton.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20492286635&bidurl=https://painthy.com/&ias_dealId=&xsId=ABAjH0iNo2hACzlZ1P8Ryi5CHKx9&ias_xappb=&adsafe_par&ias_impId=v4~~ABAjH0iNo2hACzlZ1P8Ryi5CHKx9
Requested by: Host: painthy.com
URL: https://painthy.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.51.176.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-51-176-114.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 9a48fa038cd9ca793687caa2c28cc95d72ac07c15e1c68046bd1c0a4db2a2c34

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H3 200 express_html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame 5A9E 111 KB
39 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Origin: https://googleads.g.doubleclick.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:46:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50285
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39806
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:44:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 11 Dec 2023 20:46:39 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/ Frame 5A9E 11 KB
4 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CpiApIYYyOPsvlg3pg-u6d-gNaBKTPcwgwKmlxCI0mBabbRoWZ2ZDBrknEnitIbvxta1jldWHa-r-X8MOTNAbMBPYm5SC9zSvxili1jq3BPS2YIS7j6QAITK1IlsnArGUeqWD5jNseL9G8LXpZdD0CLSpBgikcAE7Ec0fblVO2ekS2KZ8&dbm_d=AKAmf-D5SQHUFNcOrG5gM6jV_e3AOFDj3Ttg8bFukocFntP6iRUuujSi3H90h6v--H9QzFPB2tpuGP8CePx-_ANlaUoqH1dqOZhVSsjSMrUCVTJnjyvcHs9bkAZ_-P9S2UyWex_q-DUv0zNkcGuyGDsw0p2elxL194L3fJSiMuNzEOygrAj4Uuwhk157eJG9rvL-wg4TBduUOhjDRjctHuQZI4Kfse0GAv7Adc3jCPfSk5OIj5Q2cvzvKGCL24VWZfv_VYsLB9XhhNwchwcFVYaUP2YHXgjwY8ihhvQqCbZ2Zj84vsptiaVWsIVBXGYe1pvv58KJFrFWkaqO-umsg-VvzEfNEDgTKskeKn8oLbTl383c7F_DN3fJs4hvfOa7acC5H5IG-y9w9YYxi03PIieyc0h-FaGxI2ShRHhhGbSQihOWFB4wSo0fjA0iu9cSBSE9cNwIyJY1nXpMWOtNpxXNmA3emwLLUMDsGrtk0nrF-U4ATd_s6-RhwQpb0QPou2y2heqROqXrHiZcNPa61eUddFMw790O6QA79xqIVnOzEe7i7Fuj1I9ExGmii7Ks891Qc3SSw7UeffX94Te7ljEmjuj8aPsO4znKD2Wf2kap0i2CidYbn_qeAJ-X0aPTWlta1k90aaDDRzO6IcCoGqwb1HDE9cISV22w--VvVSe_ZZftxYpe9w6Bml5UiFu6UeLRI5VsNXrhDCPApz-a2ruYfabasxNRf4e2TxMsCOIDGc7_rjTJI2ZAgyIVWWVSzpgAHu9Zd_xIabwjKrrjh5VTb08TYwZ_-TynpZKjuCJZdTx8oiYNmryxxOMvI6Nc4D9_fwd_PNKpl7-ENgWUISYfMXgbrOihJ8ypfRMmlWroW2IlUMxgcb64KzrlU4eje5xs409vAddW4oNEATPOz0d3XCmtF5dPeRXwSEXx0Ijrbk10tAMWzf-y-b58xMzy1n5W0fpxY38AFe5Qk9NYukjsX01qwr_5LP_xn4vIGoMDcFSBAK8aR-h0NzdCJE_O3I6k_JwFXA9MzGf4R2I7qPd5Nuu9gJTTt-OvRWFbtVpbClcWl1h2457migLN2WV7jfAPdo1p9n3m7dH0Gmp8EFNKkSCsiOcs3vzbkpL-4xpKdxw7cTzx3UzlleD5v7KIG4-8nnAYsnWS7K4Aqm5E-P5vNSmLfL37m9dsj0ZSzgjhlN-VyKqD6QqcJsNVB92tDlzcBxCavP7dPCBMsu2m4b1EBLUtv79DAR09MQe7UZczM9dQsH5eAWSKvSQO_G9VTwKIO3Y4BJqV10NOi0iYnjm48RAj2Xgn5uUJ1JCS7lders_aVQRAX8R3T-sGLEXOScsukLjRqZKImR-ezhx4DLsSO_LrWxXaJhPQ8JK_wmMUjt1N1OsP8NxjAQUwaCAU-T8vSAJ3qiXSmM1gXJa5qQA1mFQ2fnS5CRpqjFWlklfp_n077sJw3WZ-EDTYU5ums3Mc348VfeqrS1t-OsE4_N4pxC9KExQC31eTrc4qEIq6KQP5CXs3Ag8wKOTYhlb2Z3e36Hz-e5xl_CU8eWq1n5XaYy1wbGMdbtsTz7Gzg3_3OWrVap2ueX_7F4Pkzaw2M5V5LDecoYpQlgHTT5QxCfxVYigVUi0wlEv0i9C2KyUsvpqfIh-NTgrVZkVymMqFOfL_P1KDr_DrLBVVzHvGnSMwPVB-LR-2jQ3mfqtRCoK6JlylJG2CinZC3bcPU7pdg92J4ZgUx25IkJRFqoLr_Neirnx-GAFjb4hFv8IuyETmn8eij9FvOBzA0l0TqRIKVJUTKgQW0DDhRFReGep49SebhsmbubrZOMaiaEEMH0SEFGEDc3Xllw8StwOjSXdf-xvXens2qbf6tqJeaZ2rwigIf8te_mik-vT_onuRpheOlrSVcJnNlmQhHiw1UU5mSwDmqVa2oXVCGd4r3xMGChKDCdPHcow7BtZVH1NYbyCQuo-D26MODW3tN4DGLw8RVnUmqq28CBv-D2BPV5Yt4H9NVLcmkgYi1dLizLcoWXzCpidSuBGtOYs1RhplJUxvldivxIXZEsX04i_e3AgkkDGeFHXoJAV1xeXdjVMe8uJtFZZlQ5azKME6uAHAZwrFd95omaCIrbYsvNdkkbkJnTom6RDvTWNr7SEFBaMZQRaJ0Ay4XAR2uqm8cfGeYTC72Ki74L8KIqqaNmEBfMOUEIfuSLd8ZkdVXXCzqjmtBrbiXDuD6ULH0puKvjJboxaijy-I8y9PhCOGvuG01VPgt_wIfdMrmhH-Yiyw5Jk3Br_rPZz-VtTeMFXFG0-5rC4uQPizsCUSbegS0Uvh2xs3iBzvAPnj0TfFoqUTeMVZyItZpdCsI2Nhd6XdX-PcsnvrkjWQvE2Kml8s-W81NheLIZtkKUj94HjnoLQQTUqA5nCr2Jq9hpeWVSva-pNRIzPtCqpnpjR24HJ4EHEdHmmerrvsxmbLaY5IhOxJJm1VcRrqVBceDPgu0MZpMbRy0cyOds0cgeyvsWyartch-X8ltZl4bHH6euWMbxvhaYgOkVkjuiPsT41TP_opd4xlz5b87cDPYvIXTWuwSatfC6W6OKR1QyCYggKlDr7gKFKbhN5kcT6zuC68RYmNvT9zavQ7cW2czU4ldEXhgGnKwlqMzRljIEzJNKx3yJl7jwzCkvH5oGOSAQQ1xBeX2F09xf_DDwGFuwlUmyAYO6ZsXTLuNfKF5xeVZRG2PPE9h5RzkxtsRs2GW-zecxgsgQSGIsEwgibLB_1mHjrqc-3tqrTCl2rx8NbaCFs8JGZYFlZci8zGm3ke6H_JXjnubAfmqaNHi0FAuscqTlb3nOF23uFcKAoZCOYO7tdWQMLLEq7hMMqIKJExMvLIZtVAQ5FcUozF-ls-CpbtB2WtypEgmowIcm9NEYj4KwRFnZk8JdBhql3f9dRUqAWArCKfPEVPKoV7fQvYB8D8dxH7O9wTcGIFI22yxYUNCCF6LxuBIEqu1feWcVDBVtioEqHsjwhkhyeu2ug2NDhPavO1kkR8J68nBaWv_fTPkN2Z2LVbgH7zohUPI4POtQnBBfyWQrfWeR-RpvQJdaxuxzsRm5ivGN-tEIDh4Ob89XgUik640HnMEsRGPkQgPqJo5vrmrlF3KcFe8_1PM9DKo_0kfd4_qlp7AkOn07_OyFHitWKSc3I6z3jwY9Tm4X5108OGtREflBvFIhfFaB-zOMnNs0WCxdMIAvCdLIe77Lrzk-OnHoeTW6YicP8XkdBYhjiIylruaKhw8zTvAm2kbsQl7n_DLi97vTb38UbZXmTmNTFGhjnDDyQAHk11zOtJM8_T7gc2axU1HO1UyW6AUsZh2r9nGYpPHqptAUEKhWjMOzZ05qImwY7jk2223S23CsWY5gyjhX35_Wm34tIE13KUYaI4bnmD7dfMz1w77blV73ZMXVQHywS0gyIcZpQOMBF9eZzlVn27FGfg4H6RZGnVCTBAyJ6VMgMj52b61S4zTYX6u8EjQpj6NlNoVY4APDNvJwM-ErBCiCHTCA4Ezonex6_YB-38n-yhM2SglYWXQSGP7d5a3PqzKzxNpIig83Q&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&dv3_ver=m202309260101&rfl=https%3A%2F%2Fpainthy.com%2F&ds=l&xdt=1&iif=1&cor=12768063389828585000&adk=521587873&idt=143&cac=0&dtd=3

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 20:42:23 GMT
content-encoding: br
x-content-type-options: nosniff
age: 50541
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4206
x-xss-protection: 0
server: cafe
etag: 14415875674906819925
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 20:42:23 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/ Frame 5A9E 31 KB
12 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 11:19:18 GMT
content-encoding: br
x-content-type-options: nosniff
age: 84326
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11943
x-xss-protection: 0
server: cafe
etag: 4141415479739543000
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Sun, 24 Dec 2023 11:19:18 GMT

GET
H3 200 Q12zgMmT.js Show response
tpc.googlesyndication.com/sodar/ Frame 5A9E 41 KB
14 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 01:45:53 GMT
content-encoding: br
x-content-type-options: nosniff
age: 205131
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13937
x-xss-protection: 0
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 08 Dec 2024 01:45:53 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 7158 0
17 B 65ms
65ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq0sebs5&chm=1&ctx=2&gqid=Geh2ZY_YHce89u8Pu_eliAg&qqid=CJfEvfiZh4MDFWneOwIdPE8M6w&met.4=fb.b~lb.23~ol.50~bdt.-2nt~bpp.-2af~idt.-221~dtd.-21i~dt.-2aj&met.3=492.i_1~518.29~555.4h~556.4h_2~113.9a_1~113.9b_1~112.99_2&met.1=1.lq0sebiw~14.0~15.0~16.0~17.0~18.0~19.0~20.0~21.0~1.lq0sebg0~6.0~7.0~8.0~9.0~10.0~12.1~13.k~14.l~15.w~16.3t~17.3t~18.3t~19.7w~20.7w~21.7w&met.7=CCgQCBgBOAE~CBIQBxgBIAwoDDArOB9oDXAreNIHgAGmBYgB2jGqARQKElJvYm90bzozMDAsNDAwLDcwMLABAbgBAw~CBwQChgBIBIoEjAmOBRoEnAleMcIgAGbBogBiA2wAQG4AQM~CAkQChgBIBMoEzAsOBhoFHAoeJJLgAHmSIgBtbwBsAEBuAED~CB4QChgBIBMoEzAsOBloFHAseIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIBQoFDArOBhoFHAqeLFFgAGFQ4gB8KIBsAEBuAED~CCoQChgBIBQoFDBYOERoFXBHeKX_A4AB-fwDiAGD0wywAQG4AQM~CBsQChgBIBQoFDArOBc~CCgQChgBINIBKNIBMOwBOBpo0wFw5wF4zsEBgAGivwGIAcWBBLABAbgBAw~CCgQCBgBMBU4nAJoAXAUeM4igAGiIIgBn0egAZj__________wGwAQG4AQM~CBIQBxgBIDcoNzBaOCNoOHBYeK8HgAGDBYgBvCOgAZj__________wGqARUKE1JvYm90bzp3Z2h0QDQwMDs3MDCwAQG4AQM~CBsQBhgBIDkoOTBPOBY~CBsQBhgBIDkoOTBPOBc~CEwQChgBIDkoOTBPOBdoOnBNeKw3gAGANYgBiX2gAZj__________wGwAQG4AQM~CEsQChgBIDkoOTBUOBtoOnBQeLtKgAGPSIgBw68BoAGY__________8BsAEBuAED
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame BC01 38 KB
13 KB 23ms
22ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 179581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Dec 2023 08:51:43 GMT
expires: Sun, 08 Dec 2024 08:51:43 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17864851622750576224/ Frame DB0F 6 KB
2 KB 20ms
20ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 136678
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1847
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Dec 2023 20:46:46 GMT
expires: Sun, 08 Dec 2024 20:46:46 GMT
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4B40 0
0 68ms
68ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuMJaFVzHWRI3aQDB3mhkDAfJUrRsaBVKBqo6dtT3oia8DwimUIphttrBY0lUjsrTXMidIAKH0QeoNZ6z3sEPqgRPQQI3BcI38GhwGY0oAbgPe10wMCoDl7TM4S9Bau5uMdIeFHDrPS1iFuJuT4AphYqvHUSPcfN-stUGPAldEi0XFa_jQF-AiJ6j0QHUFkMFvDxADQBqO6X5JlWCvFRDsjGbQs9KWMs3T-vRI5wIEgCJDUB_fLjgYXPZLdPOfN-kWfoHp5TEgnUyFsFGJGv0SY1QnZ3Donh3247Xl2bl8k_DRdSYeCn_eoArkRU2rt9tctKYkWncZYyTbv5fZGTJVu15gJ7dro-f_2780CpYviJAe0g0HrMpE7tMFW9413ePAQG7AHJgL1HmiWL2M1HAqnKth8pWEC8CiQM_8Q4u2L3BNenu2wXT5_TR136pFABfACnbmvhbEVElolZT1DkfFoDo69uUl5D_vuRYDGT468BR2JkzmoWtepLWCcT9qSYurNURN7o4WVVixNruiFrua4xTIdWT2tJFRXxtvGYNeH-bGMIrTKuZ6i2Mj1Crso1tsgHiuXs1kz-W8rLLZIuI8pl6zQWP5sZCVeHFDZ-SvjITyoTC3Ij-Dkb_51glmtt3ZvglzXql-CzBIFSQZmbvi4Zm6GBbTacTfuaUlkbl1j7PFE_KKAnIOQQHpKKWipJM90cwpwXzDoNjo7Ny0JCP1kFEh1JrZSrQBx8iNkMxQa9Lzt5_E3x9imKRw1_f4qH0zAgNcB34NsjY4KzMHpd4ykSwnSWQgjgwKu-zDxewiyyWFkH1SHjUpbnK8FqFmieAykimDc-BLmYG2t-SJyulFTgG8dGHJ7NIu-jTqb1qonmP7xAOyqEyBbR92GIIFdob-LqXN3QpvPDwyHAOqvTX6Vw20AfLlG00Q7RVoqV805sR-HBYrCeeV2ulMvi1E9mWN-A_3saJIBt31HnSwcmguuNkB2o0fYq2zjZxHoY-BbRITYPNXnWcyuvax7l8i1wA0s0tq3hSJ1tRS2k5EKf7wp2jVAXKNkjQrkTlkz8wxoZvPIH7xkqFDzSTVs2oyhPQ0f8-1BKou5bklHWLS9B5U9Yry0Vo-zkBHTgALGYtOjLawA75BpGYwkF4kDQVmzXGx6ZTG8yQtBO4b9ZDaH5_yTSO4XAPazy8SWKe4kUyiMLTzWPO6lo1MWQXzFXTxckqUAP9qo0kr2nOAKf19v1pE9xdhQMjv7tRzWWAeYa6C3FWTg5Qs_bEKlyYk8wGFpCOR4fWWl1yWo8Fm8FZ3kh63IR07wKL4Q_3yGw0hrDeZDF0tawrPnHpZne55FADr62Btm&sai=AMfl-YQoY2OJHZlyPxaAYuNjZr1DXw5dcGUnAFh77DPuOeOj0roKAg1GjsTB5uaj1AVXUttCObNChqeO2Djvmixgyk3lQjWJ3xs__vUlqy84BhK8zW8X4OD2PQ_mpjBSEhG3eS02EjeLPpK-lTTr8WoVvZHHmxusTuA36sXe0yUcGGFdOztX8AG0oF2WZQH-GPzJ9P5niXbUzvxAhd1XoaNhKOfhedntvAxtUmUCpWCY0brWqEyxQDcTqp3JbHbsbem0xm13b4HIj2hs3Dlzn6ebaked7cbFsFIZcQ7YlJJS9w&sig=Cg0ArKJSzKuAvEQosIiGEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=152&cbvp=1&cstd=151&cisv=r20231206.53404&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3

200

/
www.googleadservices.com/pagead/ar-adview/ Frame BEB2
Redirect Chain

https://googleads.g.doubleclick.net/pagead/adview?ai=CZPsuGeh2ZdrTH-m878EPvJ6x2A6g9fHMZ5qQjfSVCY3m2r_NARABILausZABYJWCgICwB6ABlsWe3QPIAQGpAv_c2wbsELM-qAMByAPLBKoE3AFP0I8VyPb6z60OQbchi8zdOlc1MS70ECh...
https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216780569059548707557%22,%22debug_reporting%22:true,%22destination%22:%22https://workplanet.ch%22,%22event_report_window%22...

0
0

54ms
54ms

Fetch
text/css

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/ar-adview/?nrh={%22debug_key%22:%2216780569059548707557%22,%22debug_reporting%22:true,%22destination%22:%22https://workplanet.ch%22,%22event_report_window%22:%22259200%22,%22expiry%22:%222592000%22,%22filter_data%22:{%222%22:[%221000841878%22],%224%22:[%2212-11%22],%226%22:[%22true%22]},%22priority%22:%22500%22,%22source_event_id%22:%225769334435251625105%22}&andc=true

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
attribution-reporting-register-source: {"debug_key":"16780569059548707557","debug_reporting":true,"destination":"https://workplanet.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1000841878"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"5769334435251625105"}
server: cafe
content-type: text/css; charset=UTF-8
access-control-allow-origin: https://googleads.g.doubleclick.net
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Mon, 11 Dec 2023 10:44:44 GMT

Redirect headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://www.googleadservices.com/pagead/ar-adview/?nrh={"debug_key":"16780569059548707557","debug_reporting":true,"destination":"https://workplanet.ch","event_report_window":"259200","expiry":"2592000","filter_data":{"2":["1000841878"],"4":["12-11"],"6":["true"]},"priority":"500","source_event_id":"5769334435251625105"}&andc=true
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 4B40
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523873/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20487174429&bidurl=https://painthy.com/&ias...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

32ms
32ms

Script
application/javascript

2600:9000:223f:a400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:a400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: ce47Uk_40n7.EHf_5AWPfR6VoMlkrWoX
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 316735
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:47 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: y_ZsSScvS4FcW1F-mVcxN4VGfQlzUgN0-S8ytAHwNP5Q70DNiVfadQ==

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: app05.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 65DA 91 KB
23 KB 37ms
37ms Script
application/javascript 2600:9000:223f:a400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:a400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7036534
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: SheW83oDG_D4uGUD5DvIzinoZx8YyYLdg3KRranfiXUCsqO9zCk4xQ==

GET
H3 200 a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js Show response
pagead2.googlesyndication.com/bg/ Frame A841 50 KB
19 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/a_HaIzZFyEVJYJ9hlnDU0-lGrGHVFv1T5ZfBCtEAYIo.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:47:32 GMT
content-encoding: br
x-content-type-options: nosniff
age: 39432
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19601
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 09 Dec 2024 23:47:32 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame BEB2 64 KB
24 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3490
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24482
x-xss-protection: 0
server: cafe
etag: 10022724608466387392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:46:34 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17864851622750576224/css/ Frame DB0F 5 KB
2 KB 21ms
20ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489706
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1854
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 18:42:58 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame DB0F 70 KB
25 KB 28ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2711399
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BvK7RFmR42rL%2FPuNhsvrLassY1U9uJMXXiMaIhN9Cc4d%2Bi%2Bz21yLypiSzoM1oCXdRDT%2FDKu6cRnsezGiRv4L5wxLShySiutxTX1zGtX7szOnPGTYMyUn%2BBc7qNlipOSWY%2F%2F%2BfnOdHs%2FNAGXHpC3teUCZ"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 833d2252cf3d3673-FRA
expires: Sat, 30 Nov 2024 10:44:44 GMT

GET
H2 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame DB0F 7 KB
4 KB 27ms
27ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2517199
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7kLRqwcw06zUyEHd%2FeNplvtYUCmdHAvtQfQMsBU3Seu%2F68taqba3iap6h8%2BIhsySXZq6Osh5u5ixSrGAPYbECc5nlkKmj7RopJdapO4gaOQfn64IQD7tOD%2Bj%2F8hBMDbKXkpKQNuIvf6JKZlpX7HnYrnv"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 833d2252cf403673-FRA
expires: Sat, 30 Nov 2024 10:44:44 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 2 KB
1 KB 22ms
21ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:49:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136515
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 20:49:29 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 2 KB
808 B 21ms
21ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:18:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257173
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 11:18:31 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 13 KB
4 KB 19ms
18ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:49:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3980
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:49:35 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 31 KB
31 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:46:46 GMT
x-content-type-options: nosniff
age: 136678
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31326
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 20:46:46 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 21 KB
21 KB 19ms
19ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:47:39 GMT
x-content-type-options: nosniff
age: 255425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21613
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 11:47:39 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 25 KB
25 KB 20ms
20ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:47:48 GMT
x-content-type-options: nosniff
age: 39416
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25605
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:47:48 GMT

GET 4-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 0
0

GET arrow.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame DB0F 0
0

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/17864851622750576224/script/ Frame DB0F 4 KB
981 B 21ms
21ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 15:15:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 944
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 15:15:25 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4B40 43 B
215 B 110ms
109ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=70f24f45-5e7e-a88d-d7c0-fa0dd5ae5f1b&tv=%7Bc:wuie2Z,pingTime:-3,time:69,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:69,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B63~0%5D,as:%5B63~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAuM+11%7C12%7C1311%7C1312%7C1313%7C14%7C1511%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C1711%7C181%7C182%7C191%7C1a,idMap:161*,rmeas:1,rend:0,renddet:IMG.us,siq:27%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4B40 43 B
215 B 110ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=70f24f45-5e7e-a88d-d7c0-fa0dd5ae5f1b&tv=%7Bc:wuie31,pingTime:-6,time:71,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:71,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B65~0%5D,as:%5B65~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAuM+11%7C12%7C1311%7C1312%7C1313%7C14%7C1511%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C1711%7C181%7C182%7C191%7C1a,idMap:161*,rmeas:1,rend:0,renddet:IMG.us,siq:27%7D&tpiLookup=ao:painthy.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: dt17.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

OPTIONS
H2 204 /
www.googleadservices.com/pagead/ar-adview/ Frame 0
0 56ms
53ms Preflight
text/html 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Headers: attribution-reporting-eligible
Access-Control-Request-Method: GET
Origin: https://googleads.g.doubleclick.net
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: attribution-reporting-eligible
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: https://googleads.g.doubleclick.net
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 11 Dec 2023 10:44:44 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 62bHydCX.html Show response
tpc.googlesyndication.com/sodar/ Frame 9ACD 38 KB
13 KB 20ms
20ms Document
text/html 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/62bHydCX.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Q12zgMmT.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 179581
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 13045
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Dec 2023 08:51:43 GMT
expires: Sun, 08 Dec 2024 08:51:43 GMT
last-modified: Fri, 25 Aug 2023 23:48:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/17864851622750576224/ Frame 56C1 6 KB
2 KB 19ms
19ms Document
text/html 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 136678
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 1847
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Sat, 09 Dec 2023 20:46:46 GMT
expires: Sun, 08 Dec 2024 20:46:46 GMT
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5A9E 0
0 66ms
65ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDsB3pEkRXc9siVaNo6W00jZ9HCj5Y4w6WT591cddM_-uv6hZwAxAyeypCE6Knjc3cujqJOeLfZIPeearx8XqzGULeucaiJrf2uYgztp-ZMLVUufJvA0P-PWuzyQwcvOz97qwNfUL_A4UJK8yrIq4FBk4Isg7WrC3pTqnerKiDlsNz4D4OUp70zAhMXHTPFsYANA2MdTGXYHKFibykjpJInzj2zCWeUT6BkbTe-G5Mpt3lvrjL3RhaeuXo-vFZ9M1_lKpD5ZD-UoNDGIlUIBAS0pxVK9GgeElEiYL2wrCHxtqQRGG8g8UAncwfBPczObtStNf9mqCrcCyuIqeuyB5yaozDif4TeZX0kT2_8fqj9z45H4bnDb0Tmqu2WXuotjQWZGyLJkI1H5PJe6ARctLdf76HwqjeEUVaMK73SKAThWXo9fLZjXGdQO8z_7w460QT-qZ6tXFmXLtoGVqrIAT3ZbP_a8a7d-bU_DKUNq_jTrGxFCKisyBm09Bpbe__GYcfGBBru3heEg5_EWbuyWAoaX_s4RPEBKmxC4OsJWIg8h3YhUKWUHS1oRXKGSgO2opE17vFK7NMbGqM6Rb8BxTRZ0IIly0rWV7eENPqHPsyusux4enlt67RAQObmkydIrW8OH2spa-sa9jiDofmh2XG0_6Im7GXlfyo4ra5ZtB0e72AoZyb2oZ8p41xmRekgdlKgNi5cvEATXkjAyJee-Vcro6j8k-Y1khxoduYXCkW6hze23m0UBNM6CndmTX1K9zv8Z5mMlDxQxPPb2YX8SG0EMWYfdWxre9JLOsieb56xhy_pPkh_Uvc0QuZJilcpP35RXf-eKEPF0l4eDSx0-xHE4L5wIU4twTHqLv9QV62ku6Dcnq9UN1kjD6zpVpa2ICqwMPVSJOOEAdIj0Xykj3fJkEJ9Akpnh0ABZoP4UO5vYIFYvsCuOlPcQF8zzBhc-x5lPIDio7YyrO5sjs8L79R_UV1id-9uwFe_CGpd1fps0qt4osynjPUWsjuw0Mtq9BqmzKSJ9rcDJUN3wRy1HjG-t31mgHEXQC_g9mr5vFO4fpUSn2p4bcpPl8rOzzGFSMbFnEHFpvO_-u6k3xrzXfFWFyJfnySqKFmCFZHfnie20xYOqbkQdS1L0GYwVHLNeHTk1u0rnoMNpxml2ip1KJdjniFrxAAsnzYonCqcqDCssN91ib0Sq1rENL11mHKlD1B3ERmN47tV2UFT93aOxSRScefsNJwCZ_PoZdUsxzI1cZu8G3VtKLXdSiwxKSQuVHQK1I8MrALqdWH2-7cXZXrvfHK5dz1RmxBbNX_AStF3KL7Oo7xjmPDYUUq2E1EuPwSZQ&sai=AMfl-YSbtKUepzNrZ1estESQhU2FSqfImndDqEKelBNnEa0ANjZO7j98EAsEyCvPUaXATGtUHYMtnmKXn5xxt6zkIPIxrBkAbSmAYNno9UHAu3ICw76Ex4MQJsQHHvrkNFJVCyX4GrOq7ySVmiXvchZJHLozL0ovYh1jrVHvKMqGnMNVIkK2suRe2-VuQeyhxSxnmY8HOxVL3Uy6wi-SiOyzWwiUm70fs_fkatP15nMlvRJ7nc3iVyJDRIcxKZhfo7yUZHBnBmh4Kiwbg1kTG1Egb42NkU4_9BfPeNaDMdtnaA&sig=Cg0ArKJSzFh71S5Zx7L2EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=170&cbvp=1&cstd=169&cisv=r20231206.63726&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
content-type: image/gif
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4B40 43 B
215 B 111ms
111ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=70f24f45-5e7e-a88d-d7c0-fa0dd5ae5f1b&tv=%7Bc:wuie3n,pingTime:-2,time:93,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:463,beZ:464,mfA:467,cmA:468,inA:468,inZ:471,prA:471,prZ:484,si:490,poA:491,poZ:509,cmZ:509,mfZ:509,loA:534,loZ:536,ltA:556,ltZ:556%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:26%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:93,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:26,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B87~0%5D,as:%5B87~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAcR+11%7C12%7C131.1627455-73523864%7C1311%7C1312%7C1313%7C14%7C1511%7C161*.1627455-73523873%7C1611%7C1612%7C1613%7C1711%7C181%7C182%7C191%7C1a,idMap:161*,pd:VEBo.mhjfbmdgcfjbbpaeojofohoefgiehjai,rmeas:1,rend:0,renddet:IMG.us,siq:27,sinceFw:65,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2

200

4a.js Show response
static.adsafeprotected.com/ Frame 5A9E
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/1627455/73523888/4.js?ias_dspID=3&ias_campId=1013910218&ias_pubId=pub-9779134835489781&ias_chanId=1&ias_placementId=20492286635&bidurl=https://painthy.com/&ias...
https://static.adsafeprotected.com/4a.js

2 KB
2 KB

33ms
32ms

Script
application/javascript

2600:9000:223f:a400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/4a.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Server: 2600:9000:223f:a400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 18:45:50 GMT
x-amz-version-id: ce47Uk_40n7.EHf_5AWPfR6VoMlkrWoX
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 316735
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: PENDING
last-modified: Thu, 07 Dec 2023 18:45:47 GMT
server: AmazonS3
etag: W/"589d8955c4906ab1b8e63a2f92d932d3"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=604800
x-amz-cf-id: Lu9d6D-LHShv6bOnITxFGKNIpiPyCiQKMyLeeo88vHUFf7E-I-wv_Q==

Redirect headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: app12.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/4a.js
cache-control: no-cache
content-length: 0

GET
H2 200 sca.17.6.2.js Show response
static.adsafeprotected.com/ Frame 816E 91 KB
23 KB 37ms
37ms Script
application/javascript 2600:9000:223f:a400:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.6.2.js
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223f:a400:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 21 Sep 2023 00:09:11 GMT
x-amz-version-id: go8nfBUviNCPCwnrYX1LpMW5hEx3ASGy
content-encoding: gzip
via: 1.1 edffe6978db53d114a80cda421e0b6b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P5
age: 7036534
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 20 Sep 2022 19:21:34 GMT
server: AmazonS3
etag: W/"1f3488247c90bb5de253d3d0cb3b7458"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=315360000
x-amz-cf-id: chnkgTJ00IhqWpZNZy7klO-1ca8kwQ0WOdUWeahGwj62_SkKBVsijQ==

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame BA2B 0
10 B 20ms
20ms Image
text/plain 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?0TJNLQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3 200 style.css
s0.2mdn.net/sadbundle/17864851622750576224/css/ Frame 56C1 5 KB
2 KB 19ms
18ms Stylesheet
text/css 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Tue, 05 Dec 2023 18:42:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 489706
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1854
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 04 Dec 2024 18:42:58 GMT

GET
H3 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 56C1 70 KB
25 KB 30ms
29ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2790214
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 25267
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-62b3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IFTsDgmXNsu3KzJyyCN6o7TW%2BY%2BMjLataZF%2FiBefkIut93UYruzFjMMzPzy24HWjlo91ig2ow5ECm0tCiKc9fBtQn%2FG0N0dZJg6SiN%2FrXL2nWliqAjBwfpUnDbYcEn%2BF3Wo1otD6snnlwAIhw80CDz%2BX"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 833d225378cabbe3-FRA
expires: Sat, 30 Nov 2024 10:44:44 GMT

GET
H3 200 CustomEase.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/ Frame 56C1 7 KB
4 KB 52ms
51ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.12.0/CustomEase.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
age: 2759433
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 3299
last-modified: Tue, 01 Aug 2023 16:38:45 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "64c93515-ce3"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qMbBDqIlJQSo6%2Bs5wgv0aY2dzTBZcIThp6C2JWaAZvUOANflm%2FqRm9be%2FUj7kGZpZO96hdkuiZm0Ctd65EZ65mZD19j0tLJyVhTHPXAO2weXYM0j0iuai2fLgeGQUK%2FH1yaQ0zLJtbd20ynT0497wk0x"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 833d225378cfbbe3-FRA
expires: Sat, 30 Nov 2024 10:44:44 GMT

GET
H3 200 dyson.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 2 KB
1 KB 21ms
20ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:49:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136515
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1076
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 20:49:29 GMT

GET
H3 200 rtbIcon.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 2 KB
808 B 22ms
21ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/rtbIcon.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:18:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 257173
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 771
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 11:18:31 GMT

GET
H3 200 dyson-v15s-submarine-stack.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 13 KB
4 KB 19ms
19ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/dyson-v15s-submarine-stack.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:49:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 39309
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3980
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:49:35 GMT

GET
H3 200 1-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 31 KB
31 KB 19ms
19ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/1-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sat, 09 Dec 2023 20:46:46 GMT
x-content-type-options: nosniff
age: 136678
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31326
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sun, 08 Dec 2024 20:46:46 GMT

GET
H3 200 2-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 21 KB
21 KB 19ms
19ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/2-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 11:47:39 GMT
x-content-type-options: nosniff
age: 255425
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21613
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 11:47:39 GMT

GET
H3 200 3-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 25 KB
25 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/3-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 23:47:48 GMT
x-content-type-options: nosniff
age: 39416
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25605
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 09 Dec 2024 23:47:48 GMT

GET
H3 200 4-min.jpg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 30 KB
30 KB 18ms
18ms Image
image/jpeg 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/4-min.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Thu, 07 Dec 2023 19:22:40 GMT
x-content-type-options: nosniff
age: 314524
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30924
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 06 Dec 2024 19:22:40 GMT

GET
H3 200 arrow.svg
s0.2mdn.net/sadbundle/17864851622750576224/assets/ Frame 56C1 192 B
199 B 22ms
21ms Image
image/svg+xml 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/assets/arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 18:54:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229840
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 18:54:04 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/17864851622750576224/script/ Frame 56C1 4 KB
981 B 29ms
28ms Script
application/x-javascript 2a00:1450:4001:831::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/17864851622750576224/script/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/17864851622750576224/index.html?ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Fri, 08 Dec 2023 15:15:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242959
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 944
x-xss-protection: 0
last-modified: Mon, 28 Aug 2023 18:29:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 07 Dec 2024 15:15:25 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5A9E 43 B
215 B 111ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=eea54a64-f72a-8b26-47dc-1ad97a6d993d&tv=%7Bc:wuie4E,pingTime:-3,time:78,type:v,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:29%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:79,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:29,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B73~0%5D,as:%5B73~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAwi+11%7C12%7C1311%7C1312%7C1313%7C14%7C1511%7C1611%7C1612%7C1613%7C1614%7C171*.1627455-73523888%7C1711%7C1712%7C1713%7C181%7C182%7C191%7C1a,idMap:171*,rmeas:1,rend:0,renddet:IMG.us,siq:30%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: dt06.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5A9E 43 B
215 B 110ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=eea54a64-f72a-8b26-47dc-1ad97a6d993d&tv=%7Bc:wuie4G,pingTime:-6,time:80,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:80,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:29,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B74~0%5D,as:%5B74~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAwi+11%7C12%7C1311%7C1312%7C1313%7C14%7C1511%7C1611%7C1612%7C1613%7C1614%7C171*.1627455-73523888%7C1711%7C1712%7C1713%7C181%7C182%7C191%7C1a,idMap:171*,rmeas:1,rend:0,renddet:IMG.us,siq:30%7D&tpiLookup=ao:painthy.com*%2Cgoogleads.g.doubleclick.net*&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: dt11.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame BC01 39 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:00:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 09 Dec 2024 19:00:51 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5A9E 43 B
215 B 110ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=eea54a64-f72a-8b26-47dc-1ad97a6d993d&tv=%7Bc:wuie5U,pingTime:-2,time:156,type:a,im:%7Bsf:0,pom:1,prf:%7BbeA:543,beZ:544,mfA:546,cmA:547,inA:548,inZ:551,prA:551,prZ:566,si:573,poA:573,poZ:593,cmZ:593,mfZ:593,loA:622,loZ:625,ltA:698,ltZ:698%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:160.600,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r.h,w:0,h:0,t:29%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:156,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:29,wc:0.0.1600.1200,ac:NaN.NaN.0.0,am:sp,cc:0.0.0.0,piv:0,obst:0,th:0,reas:r.h,bkn:%7Bpiv:%5B150~0%5D,as:%5B150~0.0%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:tY7TAcR+11%7C12%7C131.1627455-73523864%7C1311%7C1312%7C1313%7C14%7C1511%7C161.1627455-73523873%7C1611%7C1612%7C1613%7C1614%7C171*.1627455-73523888%7C1711%7C1712%7C1713%7C181%7C182%7C191%7C1a,idMap:171*,pd:CV8L.internal-pdf-viewer,rmeas:1,rend:0,renddet:IMG.us,siq:30,sinceFw:124,readyFired:true%7D&br=c
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
server: nginx
x-server-name: dt13.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

POST
H3 204 csi
csi.gstatic.com/ Frame BEB2 0
17 B 65ms
65ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq0sec0z&chm=1&ctx=2&gqid=Geh2ZY_YHce89u8Pu_eliAg&qqid=CJrEvfiZh4MDFWneOwIdPE8M6w&met.4=fb.27~lb.4f~ol.dw~bdt.-2l9~bpp.-27v~idt.-1zh~dtd.-1yy~dt.-27z&met.3=200.22_7~492.4c_1~555.7o~556.7p~113.ko_1~112.kn_2&met.1=1.lq0sebgc~6.0~7.0~8.0~9.0~10.0~12.1~13.k~14.l~15.r~16.7o~17.7o~18.7p~19.de~20.de~21.dw~22.4c~23.4c&met.7=CCgQCBgBMBY49ANoAXAUeM4igAGiIIgBn0ewAQG4AQM~CBsQBxgBIE8oTzBkOBY~CBsQBxgBIE8oTzBnOBg~CBIQBxgBIFAoUDBvOB5oUXBueNwLgAGwCYgB7W2qARUKE0dvb2dsZSBTYW5zOjQwMCw1MDCwAQG4AQM~CBwQChgBIFAoUDBmOBZoUnBmeMcIgAGbBogBiA2wAQG4AQM~CB4QChgBIFEoUTBvOB5oUnBteIAMgAHUCYgBgRWwAQG4AQM~CAkQChgBIFEoUTBsOBxoUnBmeJJLgAHmSIgBtbwBsAEBuAED~CBwQChgBIFEoUTBqOBpoUnBmeLFFgAGFQ4gB8KIBsAEBuAED~CCoQChgBIFEoUTCwAThfaFJwkgF4pf8DgAH5_AOIAYPTDLABAbgBAw~CBsQChgBIFEoUTBtOBw~CCgQBRgBIJ4BKJ4BMLMBOBVooAFwsgF4vQOAAZEBiAGPAbABAbgBAw~CCgQChgBIK8EKK8EMMcEOBhosARwxAR4zsEBgAGivwGIAcWBBLABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js Show response
pagead2.googlesyndication.com/bg/ Frame 9ACD 39 KB
15 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/Dtt_-LR3WxpzwV0Gscftq1A_D1owstvxoTnWWhwY4Ow.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/62bHydCX.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Sun, 10 Dec 2023 19:00:51 GMT
content-encoding: br
x-content-type-options: nosniff
age: 56633
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15165
x-xss-protection: 0
last-modified: Tue, 28 Nov 2023 18:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 09 Dec 2024 19:00:51 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4B40 0
26 B 65ms
65ms Ping
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssNZatZwMCcfgoqQQMF2OC0hqUo6tAQdQezAetmqF55hRkB2FsZjUKGX-c5RzMpUdX4KZKO5qEJnwZ32f2G0-i25TnwGvjBgJgvZEyFyYfG4T8fpVHmvD-2rbLgVo6iSk3ok1zgD4BtMK54EvWGt0C92A4vt2-TRF2N&sai=AMfl-YRYbLBa_cSeUNf5Wwe-NP_ytuP0nASM8sNLRm3HyCVlVVZN3XYnmF7yisMZMZj5INQlJr21uU95SO6mVkBMlydgVbRHKUnp8Wczpr1Hf5POkoeAl1ZIo6yUQwhIZX0&sig=Cg0ArKJSzPzCFHeN9PjoEAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 4B40 0
0 59ms
58ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuMJaFVzHWRI3aQDB3mhkDAfJUrRsaBVKBqo6dtT3oia8DwimUIphttrBY0lUjsrTXMidIAKH0QeoNZ6z3sEPqgRPQQI3BcI38GhwGY0oAbgPe10wMCoDl7TM4S9Bau5uMdIeFHDrPS1iFuJuT4AphYqvHUSPcfN-stUGPAldEi0XFa_jQF-AiJ6j0QHUFkMFvDxADQBqO6X5JlWCvFRDsjGbQs9KWMs3T-vRI5wIEgCJDUB_fLjgYXPZLdPOfN-kWfoHp5TEgnUyFsFGJGv0SY1QnZ3Donh3247Xl2bl8k_DRdSYeCn_eoArkRU2rt9tctKYkWncZYyTbv5fZGTJVu15gJ7dro-f_2780CpYviJAe0g0HrMpE7tMFW9413ePAQG7AHJgL1HmiWL2M1HAqnKth8pWEC8CiQM_8Q4u2L3BNenu2wXT5_TR136pFABfACnbmvhbEVElolZT1DkfFoDo69uUl5D_vuRYDGT468BR2JkzmoWtepLWCcT9qSYurNURN7o4WVVixNruiFrua4xTIdWT2tJFRXxtvGYNeH-bGMIrTKuZ6i2Mj1Crso1tsgHiuXs1kz-W8rLLZIuI8pl6zQWP5sZCVeHFDZ-SvjITyoTC3Ij-Dkb_51glmtt3ZvglzXql-CzBIFSQZmbvi4Zm6GBbTacTfuaUlkbl1j7PFE_KKAnIOQQHpKKWipJM90cwpwXzDoNjo7Ny0JCP1kFEh1JrZSrQBx8iNkMxQa9Lzt5_E3x9imKRw1_f4qH0zAgNcB34NsjY4KzMHpd4ykSwnSWQgjgwKu-zDxewiyyWFkH1SHjUpbnK8FqFmieAykimDc-BLmYG2t-SJyulFTgG8dGHJ7NIu-jTqb1qonmP7xAOyqEyBbR92GIIFdob-LqXN3QpvPDwyHAOqvTX6Vw20AfLlG00Q7RVoqV805sR-HBYrCeeV2ulMvi1E9mWN-A_3saJIBt31HnSwcmguuNkB2o0fYq2zjZxHoY-BbRITYPNXnWcyuvax7l8i1wA0s0tq3hSJ1tRS2k5EKf7wp2jVAXKNkjQrkTlkz8wxoZvPIH7xkqFDzSTVs2oyhPQ0f8-1BKou5bklHWLS9B5U9Yry0Vo-zkBHTgALGYtOjLawA75BpGYwkF4kDQVmzXGx6ZTG8yQtBO4b9ZDaH5_yTSO4XAPazy8SWKe4kUyiMLTzWPO6lo1MWQXzFXTxckqUAP9qo0kr2nOAKf19v1pE9xdhQMjv7tRzWWAeYa6C3FWTg5Qs_bEKlyYk8wGFpCOR4fWWl1yWo8Fm8FZ3kh63IR07wKL4Q_3yGw0hrDeZDF0tawrPnHpZne55FADr62Btm&sai=AMfl-YQoY2OJHZlyPxaAYuNjZr1DXw5dcGUnAFh77DPuOeOj0roKAg1GjsTB5uaj1AVXUttCObNChqeO2Djvmixgyk3lQjWJ3xs__vUlqy84BhK8zW8X4OD2PQ_mpjBSEhG3eS02EjeLPpK-lTTr8WoVvZHHmxusTuA36sXe0yUcGGFdOztX8AG0oF2WZQH-GPzJ9P5niXbUzvxAhd1XoaNhKOfhedntvAxtUmUCpWCY0brWqEyxQDcTqp3JbHbsbem0xm13b4HIj2hs3Dlzn6ebaked7cbFsFIZcQ7YlJJS9w&sig=Cg0ArKJSzKuAvEQosIiGEAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=477&vt=11&dtpt=325&dett=4&cstd=151&cisv=r20231206.53404&vwbs=2&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 4B40 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bde9f3d62900c63aaa48b4103f27ddd36ec84d6a0fb1ba8ddb70d3dfae6f4d0c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 4B40 64 KB
24 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3490
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24482
x-xss-protection: 0
server: cafe
etag: 10022724608466387392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:46:34 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5A9E 0
0 58ms
58ms Fetch
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvDsB3pEkRXc9siVaNo6W00jZ9HCj5Y4w6WT591cddM_-uv6hZwAxAyeypCE6Knjc3cujqJOeLfZIPeearx8XqzGULeucaiJrf2uYgztp-ZMLVUufJvA0P-PWuzyQwcvOz97qwNfUL_A4UJK8yrIq4FBk4Isg7WrC3pTqnerKiDlsNz4D4OUp70zAhMXHTPFsYANA2MdTGXYHKFibykjpJInzj2zCWeUT6BkbTe-G5Mpt3lvrjL3RhaeuXo-vFZ9M1_lKpD5ZD-UoNDGIlUIBAS0pxVK9GgeElEiYL2wrCHxtqQRGG8g8UAncwfBPczObtStNf9mqCrcCyuIqeuyB5yaozDif4TeZX0kT2_8fqj9z45H4bnDb0Tmqu2WXuotjQWZGyLJkI1H5PJe6ARctLdf76HwqjeEUVaMK73SKAThWXo9fLZjXGdQO8z_7w460QT-qZ6tXFmXLtoGVqrIAT3ZbP_a8a7d-bU_DKUNq_jTrGxFCKisyBm09Bpbe__GYcfGBBru3heEg5_EWbuyWAoaX_s4RPEBKmxC4OsJWIg8h3YhUKWUHS1oRXKGSgO2opE17vFK7NMbGqM6Rb8BxTRZ0IIly0rWV7eENPqHPsyusux4enlt67RAQObmkydIrW8OH2spa-sa9jiDofmh2XG0_6Im7GXlfyo4ra5ZtB0e72AoZyb2oZ8p41xmRekgdlKgNi5cvEATXkjAyJee-Vcro6j8k-Y1khxoduYXCkW6hze23m0UBNM6CndmTX1K9zv8Z5mMlDxQxPPb2YX8SG0EMWYfdWxre9JLOsieb56xhy_pPkh_Uvc0QuZJilcpP35RXf-eKEPF0l4eDSx0-xHE4L5wIU4twTHqLv9QV62ku6Dcnq9UN1kjD6zpVpa2ICqwMPVSJOOEAdIj0Xykj3fJkEJ9Akpnh0ABZoP4UO5vYIFYvsCuOlPcQF8zzBhc-x5lPIDio7YyrO5sjs8L79R_UV1id-9uwFe_CGpd1fps0qt4osynjPUWsjuw0Mtq9BqmzKSJ9rcDJUN3wRy1HjG-t31mgHEXQC_g9mr5vFO4fpUSn2p4bcpPl8rOzzGFSMbFnEHFpvO_-u6k3xrzXfFWFyJfnySqKFmCFZHfnie20xYOqbkQdS1L0GYwVHLNeHTk1u0rnoMNpxml2ip1KJdjniFrxAAsnzYonCqcqDCssN91ib0Sq1rENL11mHKlD1B3ERmN47tV2UFT93aOxSRScefsNJwCZ_PoZdUsxzI1cZu8G3VtKLXdSiwxKSQuVHQK1I8MrALqdWH2-7cXZXrvfHK5dz1RmxBbNX_AStF3KL7Oo7xjmPDYUUq2E1EuPwSZQ&sai=AMfl-YSbtKUepzNrZ1estESQhU2FSqfImndDqEKelBNnEa0ANjZO7j98EAsEyCvPUaXATGtUHYMtnmKXn5xxt6zkIPIxrBkAbSmAYNno9UHAu3ICw76Ex4MQJsQHHvrkNFJVCyX4GrOq7ySVmiXvchZJHLozL0ovYh1jrVHvKMqGnMNVIkK2suRe2-VuQeyhxSxnmY8HOxVL3Uy6wi-SiOyzWwiUm70fs_fkatP15nMlvRJ7nc3iVyJDRIcxKZhfo7yUZHBnBmh4Kiwbg1kTG1Egb42NkU4_9BfPeNaDMdtnaA&sig=Cg0ArKJSzFh71S5Zx7L2EAE&uach_m=%5BUACH%5D&cry=1&fbs_aeid=%5Bgw_fbsaeid%5D&urlfix=1&omid=0&rm=1&ctpt=398&vt=11&dtpt=228&dett=3&cstd=169&cisv=r20231206.63726&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&arae=0&ftch=1&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame CD8E 0
20 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=9145499253090&version=m202309260101&ct=76&x=1&cor=270419256795489440

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 5A9E 0
26 B 58ms
58ms Ping
image/gif 142.250.74.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsv6t7WMZsFj2RMAJtelTXr4auIL3zG_weglJIag-sRs3-kb5PxwsHD4srDR3_x2fgtgCsrY3bpXH7SHCyf1zyqp0UsUy7VBk08gaMEVfZhLwlSuBe9PlGqtByBBlGuiwFkKYUGSjdVcMWxlhKlDYcTWf-g_6r2Mzp_R&sai=AMfl-YTukrF6sPrG4xr5Ah8vkYe_lkE5PLjw8PyC90S6l2ir1Bla-P7tUFl2Zf6GZY8_xWnnwt4gT8asckXJolkZjZwailvEvj9g40taT1TPLL5Xu9BHWNqjoBU7lAsywdM&sig=Cg0ArKJSzKfp_hdaIqv-EAE&uach_m=%5BUACH%5D&urlfix=1&vt=13&adurl=

Requested by

Host: painthy.com
URL: https://painthy.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.74.194 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s02-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 10:44:44 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 5A9E 64 KB
24 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20231206/r20110914/zrt_lookup_fy2021.html?fsb=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date: Mon, 11 Dec 2023 09:46:34 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3490
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24482
x-xss-protection: 0
server: cafe
etag: 10022724608466387392
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 11 Dec 2023 10:46:34 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 4B40 0
17 B 65ms
65ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq0sec5e&chm=1&ctx=2&gqid=Geh2ZY_YHce89u8Pu_eliAg&qqid=CJjEvfiZh4MDFWneOwIdPE8M6w&met.4=fb.5~lb.7x~ol.l0~bdt.-2mm~bpp.-298~idt.-20u~dtd.-20b~dt.-29c&met.3=374.e6~113.nq_1~113.nr~112.np_2&met.1=1.lq0sebhp~14.0~15.0~16.0~17.0~18.0~19.0~20.0~21.0~1.lq0sebg7~6.1~7.1~8.1~9.1~10.1~12.2~13.k~14.l~15.v~16.2f~17.2f~18.2f~19.mi~20.mj~21.mj&met.7=CCgQCBgBMAE4AQ~CCgQBRgBIAYoBjBHOEFoCXBGeIoEgAHeAYgB8ASwAQG4AQM~CBwQChgBIAcoBzBwOGloCHBoeKn4AYAB_fUBiAGFxwWwAQG4AQM~CB4QChgBIAcoBzAdOBZoCHAceIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAcoBzAiOBtoCHAceLFFgAGFQ4gB8KIBsAEBuAED~CCoQChgBIAcoBzBsOGVoCXBCeKX_A4AB-fwDiAGD0wywAQG4AQM~CBwQBhgBIAcoBzA_ODhoCXA9eNYCgAEqiAEqsAEBuAED~CBwQARgBIH0ofTCyATg1aH1wsgF4rAKwAQG4AQM~CBwQARgBIH4ofjC0ATg1aH9wswF4rAKwAQG4AQM~CCgQChgBIIkBKIkBMNkBOFBoigFwzAF40s0CgAGmywKIAcPtBrABAbgBAw~CBsQCiCTAjg2~CCkQChgBIJUCKJUCMLMCOB5olQJwqQJ4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBIJUCKJUCMKgCOBNolgJwqAJ4miOAAe4giAGAWLABAbgBAw~CAkQChgBIJkCKJkCMK0COBRomgJwrAJ401-AAaddiAHZ-wGwAQG4AQM~CCcQChgBIJoCKJoCMLECOBdomgJwrwJ4nW-AAfFsiAHpyQKwAQG4AQM~CCcQBRgBIKsDKKsDMMYDOBtorwNwxQN4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIK8DKK8DMMYDOBdosANwxAN44xCAAbcOiAGsLLABAbgBAw~CCIQBBgBILADKLADMPUDOEVosQNw9QN4rAKwAQG4AQM~CBsQCiDrAziiAQ~CBsQBiCVBDhu~CBsQBiCYBDhv~CBsQBiCtBDhw~CCIQARgBIOEFKOEFMKMGOEJo4QVwogZ4rAKwAQG4AQM~CCgQChgBIPkFKPkFMJEGOBho-gVwjQZ4zsEBgAGivwGIAcWBBLABAbgBAw~CCgQCBgBMBQ4qgZoAXAUeM4igAGiIIgBn0egAcr__________wGwAQG4AQM
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:44 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 5A9E 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 25f7069edd4355bee97ce0dab54da2ad95721bfcb73ff331466bebca7e458490

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 csi
csi.gstatic.com/ Frame 5A9E 0
17 B 65ms
65ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~lq0sec6l&chm=1&ctx=2&gqid=Geh2ZY_YHce89u8Pu_eliAg&qqid=CJnEvfiZh4MDFWneOwIdPE8M6w&met.4=fb.6~lb.af~ol.n9~bdt.-2n1~bpp.-29n~idt.-219~dtd.-20q~dt.-29r&met.3=374.gs~113.oj_1~113.ok~112.oi_1&met.1=1.lq0sebi4~14.0~15.0~16.0~17.0~18.0~19.0~20.0~21.0~1.lq0sebga~6.1~7.1~8.1~9.1~10.1~12.2~13.k~14.m~15.t~16.2c~17.2c~18.2c~19.p3~20.p3~21.p3&met.7=CCgQCBgBMAE4AQ~CCgQBRgBIAcoBzBGOD9oCXBEeIoEgAHeAYgB8ASwAQG4AQM~CBwQChgBIAcoBzCWATiPAWgJcI8BeKn4AYAB_fUBiAGFxwWwAQG4AQM~CB4QChgBIAcoBzAeOBZoCXAceIAMgAHUCYgBgRWwAQG4AQM~CBwQChgBIAgoCDAgOBloCXAeeLFFgAGFQ4gB8KIBsAEBuAED~CCoQChgBIAgoCDBtOGVoCXBBeKX_A4AB-fwDiAGD0wywAQG4AQM~CBwQBhgBIAgoCDA_ODdoCXA-eNYCgAEqiAEqsAEBuAED~CBwQARgBIOoBKOoBMKACODZo6gFwnwJ4rAKwAQG4AQM~CBwQARgBIOsBKOsBMKICODdo6wFwogJ4rAKwAQG4AQM~CCgQChgBIO0BKO0BMLUCOEho7gFwrwJ4gssCgAHWyAKIAeDpBrABAbgBAw~CBsQCiDsAjg1~CCkQChgBIO4CKO4CMJYDOCho7gJwggN4qrkCgAH-tgKIAbH1BrABAbgBAw~CBwQChgBIO8CKO8CMIIDOBNo8AJwggN4miOAAe4giAGAWLABAbgBAw~CAkQChgBIPMCKPMCMIcDOBNo9AJwhgN401-AAaddiAHZ-wGwAQG4AQM~CCcQChgBIPQCKPQCMIkDOBVo9AJwiAN4nW-AAfFsiAHpyQKwAQG4AQM~CCcQBRgBIJkEKJkEMK8EOBdomgRwrgR4oWiAAfVliAH-sAKwAQG4AQM~CB8QBRgBIJwEKJwEMLEEOBVonQRwsAR44xCAAbcOiAGsLLABAbgBAw~CCIQBBgBIJ0EKJ0EMN8EOENonQRw3gR4rAKwAQG4AQM~CBsQCiC9BDjQAQ~CBsQBiDuBDhw~CBsQBiDxBDhv~CBsQBiC7BThv~CCIQBBgBIIAGKIAGMLwGODxogQZwuwZ4rAKwAQG4AQM~CCgQChgBIMsGKMsGMOIGOBdozAZw3wZ4zsEBgAGivwGIAcWBBLABAbgBAw~CCgQCBgBKAEwFTiGB2gCcBR4ziKAAaIgiAGfR6ABvv__________AbABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC01 0
21 B 55ms
54ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BlOC5HOh2ZceWDtiXjuwP6_KvYAAAAAA4AeAEAg&bg=!ISKlIm3NAAY3kmNgF5I7ADQBe5WfODDgX9tKNnH7rIHPxlrzVlsdvjbl0vO72U4kY6uhtnclfSgZEPRJTy9WarXBfAFJAgAAAJhSAAAAAmgBB5kDNAiZu42Akr1HukdO7wdpHr86lfetVf6nWx18ee8yKlZlaO-hRIPDj_TYVN21i3mjbssMvFc9eTE4AjQ1jXvRLOSFRBj--0IeJeipT9e46EHniklaOLAh2CrT0AhF7Yh_1WeBE_VQcTSxLU2vlUahY6Cwv-k9VaX0puBQbjJy1_zADvoEer6UvVEq_X80_yA9Ok_mA9e-ozAPqqP6XMAzLau0WjEW-f2bECg3IHEmfMu2S_57GJ6RJhMG4J3t04CcN3n2CC5nVJNFaBJKTxoPqBUW7fxvm33rbBSYb8KaPTqtNpnHv7PmTlKPpIIidNdbVpBTZFpanqHivO8zHg16A3_tfRpZMKO79L2ukdACpVSA9dHBD3tZGZK85O-SOSjPxHairJJ3_Hnv50j2ZvSblvwtS2iz1IBGuPekDShdgRpxCXVlUoOm1dO42AIPHQhGszCoJu38jpnhNS_4l4QC4pCEeG0XOwrlfWiE9nrOr3TCSJoll7ivY8oL-uYQ6izE7fP8SlupKcBMkG1n8ArlocBb7DrHnKk-sVZWfl-seotOBUrH10cPEooxgmti2jKLwZHhU4HXfFCggE_1EtCIjCyq7vWCz2ghaH8RqFG7VWQ-4kvm-XeDmVPDixDS-0HFlz0veXkkJ2FhW9qjkvB39cbMQz-arwHgW5Ylt-bWpo05v7GC3f8ZnDx9_jTnyymsgcqdI2d9y-rU2mEnF951dGLf47u5ftVEz01kjT30szBlKKsLRlthPRwNqkGSk6FZ-LON1CXr0bF114RbfC94yWCqXMHaI1hf22Gvi5V4zstvtmeZpDWtS53SzlGgkNcAI7rLSL8amtBYUfpRKko6-C5la6iHLsCgyWUabSvRzEuEPnDcB380xVpwLyYU7d--t6109iFWcDaUUibfiktJ8VwH-4MuVdLtW63RkngISMeyFZDEF6MD3tp7wVUy5g6LbNfQosqmkSTik0eGnWFE_M3qNcxiPXILfWgAIsJAfzsiFWARFahjA5E8WnjWxqopJ_870JmfW07Z6-ALFdMqZXlcUlywBqFUONTiZGPGrY4Rlrtg_NgKg1nACCSIUV5PYg9iv28

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ 0
17 B 68ms
68ms Ping
image/gif 2a00:1450:400d:805::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&top=1&puid=3~lq0seant&c=2462913498881428&e=44759876%2C44759927%2C44759837%2C31079265%2C31079924%2C31080036%2C31061691%2C31061693&ctx=1&met.3=1000.qo_1__1~782.qo_2~1001.qn_2__1~164.qq~165.qm_5~247.qr~248.qr~164.qs~165.qq_1~247.qs~164.qs~165.qs_1~166.qc_t~166.r6_2~166.rk_4~1032.z4~326.z6_1~832.z8~868.z8~216.z4_5~215.z4_5~843.z3_6~889.zl~639.zp~1032.zt~326.zt~832.zt~868.zt~216.zt_1~215.zt_1~889.zv~639.zy~1032.zz~326.zz~832.zz~868.zz~216.zz_1~215.zz_1~889.100~639.102~112.104_2~168.1px~168.1px~168.1px~168.1px~168.1px~168.1px~168.1px_2~168.1px_2~246.1x3_1~168.260~168.260~168.260~168.260_1~168.260_1~168.261~168.261~168.261~246.262~429.2vm_1~993.2vp_2__3~992.2vs__3~994.2vs__3~991.2vo_4__3~990.2vo_4__3~353.2vm_5~113.2vs_1~453.2vt_1~998.2vt_1__8~453.2vu~998.2vu__9~453.2vv~998.2vv__a~453.2vv~453.2vw~453.2vw~453.2vx~454.2vx~454.2vx~454.2vx~453.2vy~753.2vz~210.2y0_1~1032.2y2~326.2y2~832.2y2~868.2y2~164.2y2_1~165.2y2_1~466.2y1_2~1032.2y3~326.2y3~832.2y4~868.2y4~164.2y3_1~165.2y3_1~466.2y3_1~1032.2y4~326.2y4~832.2y5~868.2y5~164.2y4_1~165.2y4_1~466.2y4_1~1032.2y5~326.2y6~832.2y6~868.2y6~164.2y5_1~165.2y5_1~466.2y5_1~522.2y1_5~525.2y8_8~525.2yg_3~525.2yj_2~1013.2yo~525.2yk_d~639.2yy~639.2yy~639.2yy~639.2yy~264.2yz~264.2za~264.30l~264.30w~264.30z~264.31r~264.31z~264.32s~264.332~168.339~168.339~168.339~168.339~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~168.33a~264.33b~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~168.33e~264.34k~264.35h~952.35p~264.36c~264.37h~264.38k~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~168.38m~264.38x~264.3ac~264.3bh~168.3bm~168.3bm~168.3bm~168.3bm~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~168.3bn~273.3ch~264.3ci~264.3eg~264.3f1~264.3gw~264.3hq~264.3js~264.3k3~264.3kd~273.3kz_1~264.3l1~264.3lj~264.3m5~264.3mh~264.3ne~273.3nm~264.3nq~264.3nv~264.3o2~264.3oh~264.3ox~264.3pc~264.3pt&met.7=CBsQCMABscjfowo~CBsQByDiAzhOwAHQ8sGFBQ~CBsQByDiAzhOwAGKwsf_DA~CBsQByDiAziLAcABk7XwzgM~CBIQBxgBIOMDKOMDMLcEOFRQ5QNYlARg-ANolARwtgR4vQWAAZEDiAGTCKoBLwoMUG9wcGluczosNDAwCgxQb3BwaW5zOiw0MDAKEVBvcHBpbnM6LDQwMCwsNDAwsAEBuAEDwAHWx7vICg~CBsQByDjAziOAcABsNHz-Qg~CBsQByDjAziMAsABsfTZjg0~CBsQByDjAzjLAcABov3EhQ0~CBsQByDjAziMAsABhtrNYw~CBsQCiDjAziNAsAB9I207gI~CBsQCiDjAziNAsAB1On_iQM~CAEQChgBIOMDKOMDMNMHOPADaMsGcMQHeMGZA4ABlZcDiAGQsgmwAQG4AQPAAd6Ov5sB~CBsQBiDjAziPAsABhNadzQQ~CBsQBiDjAziOAsABjuvx0ws~CBsQBiDjAzjMAsABneWU2gw~CBsQBiDjAzjdAsAB2q6qnQU~CBsQCiDkAzj_AsABt4WJyA8~CBsQCiDkAzj_AsABrrC7mQI~CBsQCiDkAzj_AsABvaOexww~CBsQCiDkAzj_AsABqc-RngU~CBsQCiDkAziBA8AB8d6SEA~CBsQCiDkAziBA8ABxMyQ4AE~CBsQCiDkAziBA8ABlJr2yw8~CBsQCiDkAziAA8AB3qq4qA4~CBsQCiDkAziBA8AB2sHbiw0~CAEQChgBIJ4GKJ4GMK4HOJABQJ8GSJ8GUJ8GWMoGYLAGaMsGcJIHeMSZA4ABmJcDiAGYsgmwAQG4AQPAAd6Ov5sB~CBsQAiCqBjhDwAHz4rDfBg~CBsQBiCxBjhHwAHm8vHSDg~CBsQBiCxBjhHwAGD7IOjAw~CBsQBiCyBjhHwAHp0trdDA~CBsQBiCyBjhPwAHDpPqOAg~CBsQBiCyBjhywAHd_vL3Cg~CBsQBiCyBjh1wAGi_Y2JBw~CBsQBiCyBjh8wAGt5-fBCA~CBsQBiCyBjh8wAHn3vHoCg~CBsQBiDoBjgdwAHx0LWSDA~CBsQCiDoBjhHwAHQqpWZDg~CAMQChgBIL8HKL8HMOgJOKkCUL8HWOYHYL8HaOcHcLwIeKe2CIAB-7MIiAHD8RiwAQG4AQPAAeGj56QP~CCgQBRgBINEHKNEHMKMIOFNA2AdI2AdQ2AdYjghg6gdojwhwoQh4ziKAAaIgiAGfR7ABAbgBA8ABrIKg2QM~CBwQChgBIPMJKPMJMIgKOBVo9Alwhgp4_K0BgAHQqwGIAdG-A7ABAbgBA8ABzbu4zgo~CBwQBhgBIIQKKIQKMLsKODZohQpwugp4rAKwAQG4AQPAAZSE4rUO~CAUQBRgBIJEKKJEKMM4QOL0GaJMKcLcQeP3xAoAB0e8CiAHcwQ-wAQG4AQPAAZDHsvAI~CAUQBRgBII0KKI0KMJISOIUIaI4KcJESeMJhgAGWX4gB4vsBsAEBuAEDwAGQx7LwCA~CBsQARgBILgTKLgTMOQUOKwBwAGkoPylBw~CBsQARgBIPoVKPoVML8WOEbAAaSg_KUH~CBsQCDiQHcABscjfowo~CAUQBRgBIIQKKIQKMPAcOOwSaIYKcNIceN68BoABsroGiAH0rxywAQG4AQPAAZDHsvAI~CCcQDRgBIJAdKJAdMNUdOEVokR1w1B1452GAAbtfiAG-frABAbgBA8AB8_LLrgs~CBwQChgBIJIdKJIdMOUdOFNokh1w1x146bcDgAG9tQOIAeeCCrABAbgBA8AB6oT52QM~CCgQBRgBIPEdKPEdMIYeOBVo8x1whR54ziKAAaIgiAGfR7ABAbgBA8AB3t-Ayg4~CCgQBRgBIPkdKPkdMI0eOBRo-h1wjB54ziKAAaIgiAGfR7ABAbgBA8AB3t-Ayg4~CCgQBRgBIPwdKPwdMJEeOBVo_R1wjx54ziKAAaIgiAGfR7ABAbgBA8AB3t-Ayg4~CCgQBRgBIP0dKP0dMJMeOBZo_x1wkR54ziKAAaIgiAGfR7ABAbgBA8AB3t-Ayg4~CCcQChgBINYdKNYdMKweOFfAAeLBm9oF~CCcQBRgBINUeKNUeMJUfOEDAAZmVn6AL~CBsQBRgBINceKNceMI4gOLcBwAHPxtriAQ&met.1=1.lq0se8hr~6.0~7.a~8.a~9.a~10.41~11.23~12.41~13.da~14.db~15.dc~16.o8~17.o8~18.o9~19.2vk~20.2vk~21.2vk~22.ms~23.ms
Requested by: Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20231206/r20110914/rum_fy2021.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:400d:805::2003 , Ireland, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 9ACD 0
21 B 56ms
56ms Image
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=44&t=2&bgai=BhSv7HOh2ZfmeFfGZjuwPvMOLyAwAAAAAOAHgBAI&bg=!XV6lXhHNAAY3kmNgF5I7ADQBe5WfON4I6tQOvw9LOVNU9nzFqDdpyXQSP-3ppsGlPA7UCmdLKjo3kz-ZTPfCCSnJjREXAgAAAJJSAAAAA2gBBwoAUV4XRAvYmMGNF6J_DT-kWZoVUO0jyF7RRwLt-jA5RDErIvVupwZuN66dAl_JCR7YxT9FTQbzeT500mooLW8I64soy3CRjQ2wSu5NzEMcS58sV5kDLS7-1rbBMLlEPpMzRQ70IecNsE4M_qSZQVfVSGtySrWOZ_6IN06x5z_wQtXXRZyFGWh0argQ9Z96Hfwc7Ou5eDZ1WmYu2Rx-_rlIy5_bh-rSx2bgfzLdHwTiZINKUwcC0DrZz63_k4Hc6amfaEDP2ViWd4_xdBjUe7acx71qiABYlkphnDRh6ud2FEGNm8KXDDl32semXxmUSiuvUX7Nb2VX3aycSE-TLgaOjkPg1d_17dSbEDPO81hP3tzFnKp3t6kgEtzdUPVo4uUxEn41JmhuZIHMmxwB5z3KRCJF0TreRUgtFLPFAUf8Su9FhBiSUlwHgs56JA0iLuJjAe9CBfuKHE87gMM81Nmc7JC8SbqPb37wFR73DMLSFXK2i_vKoBOZj4tshWD8M39Yx7f70fb2tO5ps6M3hzJyeZak-FrLWm0oYIPpyaxXVpTV3z8tN-nZAmof53i4wio5sktrdcpjPh-Glm-rJNxGAu3cS4PzFABgskjdvPjRzwqNtScLasBDv2L4zw3b1Qf-i3sRnt6GaoIYXWJ8G6nQfbQej1F3_hpH7RhqZx-vBA1osqzpbCYAlKBoDrD2A8BcD4al_tLJ5oS1uvvcNc6loQq7-U5h4TR8dZA_cSZTorhujupAw2He2l6kzBE34AWXI-8rktKCubOYOSqfHh6X2_7sTreFif9f4QEEorWUbEv_MKeBajYHSc4qwaz6nA0B3c5joe4n70oAHbBJizRp3W0PpVQAfy3ejWNc90iffsTzKCrJabT2hBBP1TKgeT3-UECMzOBRtqApFBVOV4T5Z0kxWwAE47wuOg8mnvCR_ANpNcxKWh2eow81YgZp06l0VK2oxWjDQqDdwanN5DdXWYQCb_WxI-plFj9ZfKr0anMf3xT_2QvznPC7u5KdkKA01sfAOWUhpacI2es0gj29klF5UK435kWz3hj4arJe2_UtWcq-qIUyY5V7Sy_C7jMtX_q1BXjJPTJBhoX1c9DY1FMhC8jPKMJbdQCo14DIOzFeOmkdLROxy5ZdMCMzbqE3Pt4Wo3J5P6CfgmT85_kqmC_-hYpTDitm4NFDJbLBUutWfA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 4B40 43 B
215 B 112ms
112ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=70f24f45-5e7e-a88d-d7c0-fa0dd5ae5f1b&tv=%7Bc:wuieal,pingTime:-10,time:525,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjcxIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702291485065%7C%7C025b9286cbc613429971fa994c60cedb%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7Ce6fdfeeab8d0311e3cd37d262169b65c%7C%7C7d8ade3996aadb02de55f47df4229473%7C%7C31cbe36fbf5cb06945a8a553ec73d0b3%7C%7C0233f15c2918d4a7dcdd1b8df5fb4dd0%7C%7C680927b9ce19eeab49d9f762a811b66b%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
server: nginx
x-server-name: dt12.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H2 200 dt
dt.adsafeprotected.com/ Frame 5A9E 43 B
215 B 110ms
110ms Image
image/gif 2600:1f18:1aca:4280:aab:ddb9:5e71:5416

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=1627455&asId=eea54a64-f72a-8b26-47dc-1ad97a6d993d&tv=%7Bc:wuieaR,pingTime:-10,time:463,type:s,mvn:ZnNjPTEzLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNi4ydjEyMDB8fDE2MDB8fDF8fDF8fDI0fHwxMjAwfHwwfHwwfHwxfHxsYW5kc2NhcGUtcHJpbWFyeXx8MjR8fDQvM3x8NC8zfHwwfHwxNjAw,no:MTcuNi4ydk1vemlsbGF8fE5ldHNjYXBlfHxufHxufHwwfHxufHxXaW4zMnx8R2Vja298fDIwMDMwMTA3fHwtNjB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjAuMC42MDk5LjcxIFNhZmFyaS81MzcuMzZ8fDF8fDF8fEdvb2dsZSBJbmMufHxu,ch:n,fsc:17.6.2v222222220002222202222222220222222222202222222220222202000022000220222222220000222202002222202222222220222222220000020022222200022222220200000222200022220002022022022222202002220222022222022220000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022220222200202222020002200002222022222202222000002002002222222202220022202200022002220222202,asp:1702291485096%7C%7Cb35f6e1e8cacb9a7b8a42bdae3460583%7C%7C81fa84b75a8024ba76b34e57df459f31%7C%7Ca7bf093d096b14a1678fa4801b3e2197%7C%7C7ca9a142b20a1a94ac79adc2144f5219%7C%7Cca441e6bf029b114cd7cdaeaadb6d69e%7C%7Cea82ea868a547b9d9e656a3458f767b6%7C%7Ca9f08b7b1b6e5024665f6f21e8d96de3%7C%7C1663701684%7D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:1aca:4280:aab:ddb9:5e71:5416 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
server: nginx
x-server-name: dt19.va.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
content-type: image/gif
cache-control: no-cache
content-length: 43

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 58ms
58ms Image
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20231206&jk=2462913498881428&bg=!DwylDEPNAAY3kmNgF5I7ADQBe5WfOEYAtoJj-tKL5JKYUkyr2zo2KLmfUY2lRfShv5kPz4l_PrEEs64_SrE3ttgssjElAgAAAdVSAAAAA2gBBwoAKjOv3krm2FMseGxtuGP8iYE_qnsNYaQ49YFqLaaDJda1qBhuz6iNMQrmyJkC8gxuI5gQdrpaAe4I4x8RCBrjJRyYX_lx82H_zW74zGtgITUqJLM3dZ5eL3uuKVFFj12ftHwFsuAFuBzhwJa-yxgI3lLBzj0yUPQX9OfuuKheGvh-3nyaUFgIiZG-pHfEdPVbea_pYV6iMA8BMwK0JFurgP9VodCYeN7CekDqHJYG2AP7y8L0o26oagYmrsTz30SU8DMHQo0qdCvjX1LJRi5km1YWeajY4a3e7d9Qh8LkuPoA2pbpcTTtwDVfzvhuyAoTiJ91n8b_0gzdmt5f8cTOQSPfDryTFm8k-9maWF9hPdzrzoTsSnlhReTipBFlFMTk_cZqQNXdRADhed0ug4acAJbpE0eB4T30qrfIQtgOlS5C1wMWFuCIuBwQrT05eC3ASzwD9RY5eorl0fkaR8rYM35_KQcaotfjf4b8VE9P4XGNjT6eXlKBpGKBfVaxBJ9cdHjBQWcAsPBloYhfP75eMlK9pHtGTgkFFMwFMbLBBHFxTFKORxREjOv-_Jp8eihujomlFd4fX0EAUaqVTlIUha13MNc6TL4ygOjdfDR259xfL7NxsjZk3yZVVIQRKZsLt6o56zfMIfJ9Evap4zNf5s9LtXa7Yhm6b23HwOHrm2JZrDBp5D8g_mxWdRRw97axM5dtPIdzb0RtCipVYGdqzcMio6ICcYo5yzJ8Wwh7MDtMGdiIInbtsSHSvjwMCwDtNXbqzAS6bt1it69kYKT-VRYGJnzCfgelSNEUyFQNKLSeGlvSGxOefaRQdHvCJh3YGDkK1OKbd5w_q1HB2ZCosDkMXUyX33-beAjOO6QtPjRkXVwaBJJ4wJRQfw4vKAR37tuQUUE9bJQO4F1LdIXWaZtTmnYaH5QIMdb8PhW5Y7J3wm2shTQtoZEC-mJOvg9kgs9kkhV2ZxXi1OzgEtK5QsKuVMqy1EAYZRJZqDfrBgrOERDQzcRv5-kYzpvLNn1VsRxURoeFXzWDJwiw5OpcOcgOxnbsoPQrnwzOx6wDwd0
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://painthy.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame BEB2 42 B
64 B 61ms
61ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst_KDPkrncUcKvi9wPCGvRM2fbViHOl7KltuGWPUQAIWCaLLNc4xzYM8GDG9EryP0IbkQiCDaRlKpTXy-mBZY5QYn1yhMkrm5s6Me_j5Jnc8ckS_RLDtPZCoX0UX4AmMastMVk67OoPPOEV&sai=AMfl-YQIoVF8xCtgYd5x__2UG-QS6II33nqCFFFIDAjHWgEcpt6w3ZHTjDVQYRUHazbcuEss__fYj7huTaXQ0Br7r-fJavshB3CDLm4JYJb9WzadMfyz0QtYs4PUeCc7eA_w9wQLrigNMezW5bv99LSWncyrbmWaeRpVPiOk&sig=Cg0ArKJSzLDiA_3FUphPEAE&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&id=lidar2&mcvt=1000&p=0,0,124,1005&mtos=188,813,1000,1000,1000&tos=188,625,187,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=22&adk=1812271801&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291484028&rpt=492&met=mue&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B40 0
21 B 53ms
53ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1430313210631&version=m202309260101&ct=76&x=1&cor=13842133622287376000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 4B40 42 B
64 B 57ms
57ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuR_tcna0p9V19ZrMO8aIFIspSm2BPPKnqvJY5SFlY75qTrzZwqg9_pY4LUSZp8EIRzsLW2pR0Yv66uQewMNJEfVzgrAx41643irMwKBUasaqhueVgsjWnIS30h4RwSQ2c6aHCLy4zmFOoQ&sai=AMfl-YQfMZBqWkIjGHnJjJQ3B-4svyI0JI7b4lGsS27DDqtXm56vJmroKJjFK-vJtIpD0aBFRK4iv1y4DzMYsv2zQx_nemPIgRbwmh4MzCDkqZ5Q_-r9ZmRhqxgynId-rB2LO5hCoVEGL0X9OpGTPqNrSENpqTXlcp_JvE6E&sig=Cg0ArKJSzEWGylBGXCxPEAE&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&id=lidar2&mcvt=1000&p=0,0,600,160&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271803&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291484077&rpt=308&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5A9E 0
21 B 58ms
55ms Ping
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=423644649410&version=m202309260101&ct=76&x=1&cor=12768063389828585000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 5A9E 42 B
64 B 60ms
60ms Fetch
image/gif 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjst1-M5CmfqsMe-vV3HREtKrJ9F0lORIZd1YG7jvxdAcXcWRy5CQtY1pB4wOt-qm-9OiVmjYmAYiUjIi1HXuc4lL6UfBHlgIivUYL3MW7-7hc_g-f3sqEaLXPqkJDl1pt1S3cPYLoNXDfrmz&sai=AMfl-YQ5ot0C5UMiDwf3dEtNcSa6infGvZzfMzwZ7VS7Fe3ef7gye_-3TjPNxMGq_dRThnj8JxDs6MqJZtYRP5Yh3_SDwGwS3nQiQg_sRl7CHlJv6QfMb-kBZseNDXZiDTTTao8S1ZXOAPQxuuovXXvonJg-piOAuIH9KDNt&sig=Cg0ArKJSzKJ84LpCxKDWEAE&cid=CAQSTwDICaaNiNId8lRP6q2n9D969Sd0LUFPegDGaJX4kM7yCtOKRVApOASzUdNHBzIHEXWbMO8tDBbGznvk0-QMurdG-Cg-7lY2tlacYLoqQsQYAQ&id=lidar2&mcvt=1007&p=0,0,600,160&mtos=1007,1007,1007,1007,1007&tos=1007,0,0,0,0&v=20231206&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=1812271804&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&vs=4&r=v&rst=1702291484092&rpt=390&met=ce&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/ufs_web_display.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 11 Dec 2023 10:44:45 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/assets/4-min.jpg

Domain: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/17864851622750576224/assets/arrow.svg

Verdicts & Comments Add Verdict or Comment

55 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.painthy.com/	1970-01-21 02:13:07	Name: __gads Value: ID=f6e537444ce05513:T=1702291481:RT=1702291481:S=ALNI_MaDoMPdj31dtIeZpuasZMzLv5dTjg
.painthy.com/	1970-01-21 02:13:07	Name: __gpi Value: UID=00000d137f09254c:T=1702291481:RT=1702291481:S=ALNI_MYCM2sKNEy7vcZTeY3WseP2LwDmIA
.doubleclick.net/	1970-01-21 02:13:07	Name: IDE Value: AHWqTUnlOzE2P6WBpDLY3G5icBv8MS3io7oHXcDexUQatW295eqbm-tmB5Cf3WZ_uBc
.adnxs.com/	1970-01-20 19:01:07	Name: uuid2 Value: 6940386732676852166
.doubleclick.net/	1970-01-20 21:10:43	Name: APC Value: AfxxVi64YwO5gyJUO9pPzYvAfOHp9a6RpMFLwur6BqlMp0aKGa7K6g
.casalemedia.com/	1970-01-21 01:37:07	Name: CMID Value: ZXboGr6e9LJ9mATf4BcIcwAA
.casalemedia.com/	1970-01-20 19:01:07	Name: CMPS Value: 3349
.casalemedia.com/	1970-01-20 19:01:07	Name: CMPRO Value: 3349
.googleadservices.com/	1970-01-20 19:01:07	Name: ar_debug Value: 1
.adnxs.com/	1970-01-20 19:01:07	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GU'dAr4[!]tb)8i_iqf!oN/@E'zz<Z0Qhm0?JgbOZI/pI!GhUwSos0q7snfiY$R0IlTD._*PlZ[C[-kX-8oF/?
.doubleclick.net/	1970-01-20 16:51:35	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
cm.g.doubleclick.net
csi.gstatic.com
dsum-sec.casalemedia.com
dt.adsafeprotected.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
pagead2.googlesyndication.com
painthy.com
pixel.wp.com
s0.2mdn.net
securepubads.g.doubleclick.net
static.adsafeprotected.com
stats.wp.com
tpc.googlesyndication.com
www.google.com
www.googleadservices.com
www.googletagservices.com
www.gstatic.com
s0.2mdn.net
142.250.185.130
142.250.185.226
142.250.74.194
172.64.151.101
192.0.76.3
2600:1f18:1aca:4280:aab:ddb9:5e71:5416
2600:9000:223f:a400:8:48e:53c0:93a1
2606:4700::6811:190e
2a00:1450:4001:811::2002
2a00:1450:4001:813::2003
2a00:1450:4001:828::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:831::2002
2a00:1450:4001:831::2006
2a00:1450:400d:805::2003
37.252.171.52
45.130.41.84
52.51.176.114
01cee6a7a3f1444680b188ab84052e2b6c85966f53a718d3926135ebcc832ffd
038b275f38d04b75d7182414be819e2ac78ec03d33656d9ed3731ec81c020c1c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ed2fbe2d2b97abe16e2599f15bff066e4b0600c00b5865b68e61bd95611ffc6
0edb7ff8b4775b1a73c15d06b1c7edab503f0f5a30b2dbf1a139d65a1c18e0ec
12ff2ec39651e02b34ee26ae91b66614f3b981e5b8db58feb16115c2b6b201f0
13e73245838f4910c698a39fbfaeb10a6de7fd43cd461ef408714a01cf9b8f2f
1642dd5dc126df4feff2255cba0988528507973d842d0a73331a5873f6b9d4e5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19dc5f765d51f715497f0eadd0dede8eaa5ee17447a22db60538f60ca7c0a01d
1e9d81ffc95fdfa7a102e3e0f3441e497d93a20d57dbf0f3e97f28348e762198
1fc8dfdb8f646e934bf93bc6f793604bb12c6b304c04ac509aa86cdc1a2dbbea
2118ff5e7b81b33ce532537119543614a3258f77bfa6e61a28c7f76777faf46b
21602d46c4e666495bdd0f84c3dfe552b57dd5111b4f1aa970a637c747635b81
2233c53a2b65d37a6c9826430686fe2cfdcafe5d9169727961e727291369e604
25f7069edd4355bee97ce0dab54da2ad95721bfcb73ff331466bebca7e458490
25fdc7a17a7b3884e86c6f6b72b60288025980e5bcfff6b736f077902c1697ef
263403e6cea55abd488e73b1a3ed6fac18d6b3136572570953b3392504715123
27d5ba2175dc395614adb2c69fe9f4bff9abddef3a7c6e3e30a68587f428a37b
2b0f50d56487c75208623dbfb545f5fb219bb14cf084dbfa43a8a0a88b367373
2b67702d4e78a4b6d5981a50298b0989dea48fc7d95b5e593dfafbe96cdbb309
2c55dea800c7c131d9f3e3ac8a411abf3ca2b4fa836a7376aba3e99c43a621ba
2d0922bd18f06df3c7413fcd6a3f1c5ec9545b4b07b131e362f30df7275fc058
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2e120707b7a0de913a32da3e779b975bd342672ca68c9aa373029f38c90cfb56
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
323b389d8458f7dc707e2f119c0cffbbc29f465d5e5145663ed2843d0c58ab72
36d2279d6bdfd42765a2b279a36a44b84a1d2d849d0872004fe8c6e3fee1b774
372360f6d3fa2133dfbf08ba93b3b55985785cb74106d75839618b7d273dd3c6
38eb0379c855f10a0e69073af6b54582216fa37b7e2b1563a1246bbf1ef49642
3d66ba6bc03128cc3ce96e393fc2b3f7c8bd2e73af8258ae6d6a5e6f2efb9848
3ed4f005d017269daae648a345d69de32a82073817aa68719c1738eb41a078dc
3fa868c32233943b85f9dd5a56505d191a95a8aa225a5077ae6bbd73063944c0
41d2526e9c4595fc1fc747555bda18a041033a863a9b2ed180e7b5836918facd
435db380c9936c0970dcd3d9941eab6aec2fcf2a38c3e2b4e02d957e8e76bd1f
440d1b119047b75a6843bc144b60cfb2dc2bf7fe3bf4c3d1aed8dc66950a939a
4460f1596174d06cca957fdaca2c71e1a377cf1d6f07ee4c75ffb3bf3fc97a03
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
457852000f1b85c1d570224fe5aaacc709625fc3bff458ad4e8a35420d21843d
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b74e39e9e4133dd74df68e8fb5ab701072c87944cf78821336f1566dc7d25ea
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
507a74eb21e9a16396d226f31f5e25345a8208db821d9fc5798284c38bec5e1b
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
566165820cb347905665472e5e57227f1a034c64299787686311ffa124d9082b
5b8f0c95d61d2f7f7e032614835b050941c0cdd9cb9914f50f4b107e31dd6096
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5d718e731772b953c14feecc2919cfc6c1dac89785885346c17e5a5f5e300e1a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65c99d3b9f1a1b905046e30d00a97f2d4d605e565c32917e7a89a35926e04b98
662427ed34db05e4f8689ef317119113c1091438bcde0d9927d72766f24cecd2
698b89c0da3d319754d6a837b5e6d4e6a42dc402d9ffd7559b8c4cb29c644340
6bf1da233645c84549609f619670d4d3e946ac61d516fd53e597c10ad100608a
6c38dc17dbebb7e00014f3ea1025d5bb245baff733b50069eff5403b5dfaeeb8
6dee119ee49ab8771cf531190b1b186a092c709f799baf9ab566a3ca9778ea0b
6ff299b6fd35c723dcb6b8f6f3bc566e6a70daf285fc0b348db6d21d13903246
712bf11a3755c81fa1ce57249e7a61f6845b843b84aea09889a11478515234ca
7612ff33976166c9617f119403de9d0eae9e553ce8e06a265f5a02039cb05fc3
7c5d5590ee9293cfca711c17bd6297dc1be2fe94115b4c506697a1e61ee3d3bf
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7eb0253f0361aa22f7eca8b526abb2e43c2576f2a36aea5b0848a18d6570378c
7ee21d2fee0e71b3c027db61b46cb52e75a55e57e8e0158683c2f63b1948e900
82bcd08aa95b042e8fe0df860338532ba8e0200797dfddabbf44c4a754f032e1
854a70be53102e3030c42d4c3f65eb8f0d838569b5733913b9a5eae6eb3ff521
85504127fe4db2de68001bdda289346afe0f83ee56310e0b8b0815c196e27cbd
89a8fda9646735467bb9cbebff33ace574801fe553aa4cfb69abea572fa1a066
8bb76af1be9c401ef3da16e31401b74f7cb0627154925d8c9fa308fba2e1413c
8bb76b6ed760de97f8a40e71c79ce9704e965bb287761bd81fb2fb021b8609c5
93cffeb6d38ee782b57bc55792f291330dfa6bf340856e4707cdcc6c2db0445b
962c6f934340fc6195fd8ee2597996ef967fa2c1ea8b76b22dfbff4d6657018f
9a48fa038cd9ca793687caa2c28cc95d72ac07c15e1c68046bd1c0a4db2a2c34
9a4eb2c9445287c34cb0a9ed5cc673460362483f0855bc91f8230dfa46a955e1
9bfb077c58ba2ed326e6c2e5fde000951543d1dbb6a5fed4662eeade4c1ebdd1
9caffafcdae7b42e3d074103c18a33640d4edf81401c216e99dbb77a15dfa511
9d0edc5d2a5b64fe3bc08b0b7d7e8d39dad3355c0f805bd707aedfb717fc3a22
9e3a705dca5d86993ba0382f8670c3755f9398d82c1fb980fa28242a9bb61da1
9fad5d7b813e41a8cfe0debb0a718c8e4fc5e7e1c898642bdc67d3870b15ad4b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a04fa6af32e77548f1c3e27b7014f3520c7494f317fa80b58f8704de83e4b821
a2366f8ceefa49f15dbf946bb02a4cf52b6d2999f71712d3f52e8bd5f56e1988
a55f386367cbcc30390435806075251b8ef4afb086409bc8e301558223398245
a72990ce8413aceedbfbf2f1d7ca2231c726b29a4ab1ddbca32b45ad685b4e26
aaadde89b0db2f97f270379b4762e025c85a1a4d8a4c9ae2421ab48198cc3ae6
aade7746342f608807b7eb107059c842fe200e1ff09e146db822250055cecaed
ad386e83074906780dfa1feec2070ff6e11f15c07953ac3d8431300ae0ba175b
ae585b5e68040f400b56107084d04ab1c8b7eed9025db0e8f49a0ff019e058cd
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b39123d9447a82a3d9a9754c068dd9962c8ef71d82787686518d89d0f2adc0ec
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b8d99191997f9c3e6794142cba8b2959a673c7cd044871697b0e969620a584ab
bbead98319b2bee5757af35b4eacf615df3e45da2f69cb999cd4694a26bfb90f
bc9d065c517156a79b4bd381dc9cb1f6ec20e861ed1ca802c6f9816274c820b9
bde9f3d62900c63aaa48b4103f27ddd36ec84d6a0fb1ba8ddb70d3dfae6f4d0c
c0a71ca2c2b80121a9db00dd745294b6a10f3904add5781197d3f6db69e4a574
c190eb38a3f491bcbf96b136cf4a4ab534ac1293d37d9047fd77db6365c86682
c412e214b5bf8c2c5df9b4564a28d33a50208291c0e3d713b635806713c74a56
c7c68fe3304171df26a809ccd41041e19127481c406d18b3c7930e6058a81293
c868679a384546d80661e6085c6a40e95de3be2ad0487c56e116703ffd1850bf
c8fffb0b438b7f9403ccd47fddc2de355f2f685fe2f59ac9d4c15f82854d79b1
ca212a6d45038b16f7e2ee85414d0f67362985095eac9dc26a34e96d1ea529b5
ca4c3ad9639830e6f8f8e29775549fc24fcab33b4eeec7ae77da27c5c9e6bc80
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
ce56080747fb3b762486b9ccc59bc01f871c9647d354a1c27b52cdb73fc1bfe1
ceee574841dd9f8ff1f1d23a93e3115a2c6b0392f804f3c6b35fd6c53d754073
cf16672386c3480d9a4c788cf864af46cd7e8957387961ef905fd590b9598f3a
d3470dc8af1dd6fc8b6c59a0a3d3632969c68fe410cf5c9530e253a3b7327e14
d5210ae9cf05965f10dc94e13be8495b8c0aea66e4b2ffb4c6ce5ad3911d0a0f
d58f34174aa0c71cbef9ce43c8594d3586ffd00dae97e0a22a10f205a22d3569
d68f7694086a771004216eb24979a57640fd9140f365ec4c404a170181e30064
d74871f1d66e7c0230449ab708d05f088e33d578275cfbc2e0d95529b689cfcd
d9ce958515e4c42199afa5f6f985d7038047c2ca5821147d68fe3604b138e5aa
dc94b334bdbade3c6e278dcb6568556f0ce413d97a49d046e94a67f56472f0ff
dcb9644014045b8bb2f2e5431d5a4b6daa7b249a1c86f6b0e6ec108fd857314f
dddb1dd2e3b9741198706af9aaca0db8a92af319bc0a052cd211628aed8959a2
de63bf5ecaf8695bae42a604e9808a63c55b0d62bdb3b4462c1530950772fc27
dec757dd01ad8eccc7e208f0371954d9ba4e60631492e5d104d24568c612483a
e24e46459c7d6e73401ab03d015d9819826b4d7e01d5dacb37c0264ebf8f069a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e284f113e4bcac5dff1505966a91a128687b12fae8d9c14e83d334a1f4afe6
e5e166567ad908883ca1d769c38b6f65959bb067295e5ea3c2f850ec5fa2b8d9
e6fc61fe295b484ffb97e65827967af6e50a70ab5dbb2db8df8f254bb3baf6a5
e7b8d433b88d210c6aeb414da6fc440f45c471fad1b5aaae9f0b66c50122c62b
eb66c7c9d097d5ba414230f422484c17fa6f37157d30e1ded2cc5f65a9667987
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f278bf82a64ac1a5ae8f69e06890047a914b3d0100bf856aabd758d2e15edf36
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f51c2ea8be90351c31c2eaf325eb98d4495c2fa17dbf45ece1405e3f4d62a747
f6cbe31747c16c069d861a8ed01b15186eaee8c381f74ca1712087811c39f4d4
fbe403c6402f83e4e4d8fb4f87bf3326797010c07b5f93276b6a718854eb504e
fd99a285d81a12f549b741db9604416a669e2ee8accf00cd40c0b0344e9ba63f
ff82aeed6b9bb6701696c84d1b223d2e682eb78c89117a438ce6cfea8c498995

painthy.com Open in urlscan Pro 45.130.41.84 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

296 Requests

89 %HTTPS

65 %IPv6

14 Domains

24 Subdomains

24 IPs

4 Countries

5173 kBTransfer

10939 kBSize

11 Cookies

0 Outgoing links

Redirected requests

296 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 5 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

painthy.com Open in urlscan Pro
45.130.41.84 Public Scan

Screenshot
Live screenshot

Full Image

296
Requests

89 %
HTTPS

65 %
IPv6

14
Domains

24
Subdomains

24
IPs

4
Countries

5173 kB
Transfer

10939 kB
Size

11
Cookies

296 HTTP transactions
5 data transactions