nets4.com Open in urlscan Pro
2a06:98c1:3120::7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Submission: On March 14 via api (March 14th 2022, 9:14:10 am UTC) from US — Scanned from DE

Summary HTTP 355 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 66 IPs in 7 countries across 48 domains to perform 355 HTTP transactions. The main IP is 2a06:98c1:3120::7, located in United States and belongs to CLOUDFLARENET, US. The main domain is nets4.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 29th 2021. Valid for: a year.

This is the only time nets4.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
14	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
7	2606:4700::68... 2606:4700::6810:125e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
37	2a00:1450:400... 2a00:1450:4001:82f::2016	15169 (GOOGLE) (GOOGLE)
1	99.86.7.104 99.86.7.104	16509 (AMAZON-02) (AMAZON-02)
1 13	2a00:1450:400... 2a00:1450:4001:82f::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:5f41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
22	3.94.45.13 3.94.45.13	14618 (AMAZON-AES) (AMAZON-AES)
1	2620:1ec:27::... 2620:1ec:27::cafe:2250	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700:10:... 2606:4700:10::6816:46c5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	20.62.48.180 20.62.48.180	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 2	52.142.114.2 52.142.114.2	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5e41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
18	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:803::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
43	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:812::2001	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4007:816::2003	15169 (GOOGLE) (GOOGLE)
35	2a00:1450:400... 2a00:1450:4001:82a::2001	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
14 17	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
5 11	23.218.208.246 23.218.208.246	16625 (AKAMAI-AS) (AKAMAI-AS)
5 8	185.33.220.145 185.33.220.145	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	54.72.219.124 54.72.219.124	16509 (AMAZON-02) (AMAZON-02)
29	2a00:1450:400... 2a00:1450:4001:811::2006	15169 (GOOGLE) (GOOGLE)
4	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
1	217.79.188.11 217.79.188.11	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2	217.79.188.54 217.79.188.54	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
3	2600:9000:214... 2600:9000:214f:f000:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1 4	138.201.63.150 138.201.63.150	24940 (HETZNER-AS) (HETZNER-AS)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.90.104.248 104.90.104.248	16625 (AKAMAI-AS) (AKAMAI-AS)
6	104.244.36.20 104.244.36.20	7415 (ADSAFE-1) (ADSAFE-1)
1	46.4.10.47 46.4.10.47	24940 (HETZNER-AS) (HETZNER-AS)
1	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
2	46.236.13.147 46.236.13.147	12703 (PULSANT-AS) (PULSANT-AS)
1 3	216.58.212.166 216.58.212.166	15169 (GOOGLE) (GOOGLE)
6 8	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	138.201.64.38 138.201.64.38	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:830::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:7e05	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:211... 2600:9000:211e:d200:c:6264:8240:93a1	16509 (AMAZON-02) (AMAZON-02)
1	108.157.1.118 108.157.1.118	16509 (AMAZON-02) (AMAZON-02)
3	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
1	143.204.215.68 143.204.215.68	16509 (AMAZON-02) (AMAZON-02)
1	178.79.242.245 178.79.242.245	22822 (LLNW) (LLNW)
1	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
1	2600:9000:225... 2600:9000:225f:de00:13:99a2:1280:93a1	16509 (AMAZON-02) (AMAZON-02)
1	85.114.131.233 85.114.131.233	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
1	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	34.242.207.34 34.242.207.34	16509 (AMAZON-02) (AMAZON-02)
2	51.89.7.205 51.89.7.205	16276 (OVH) (OVH)
1 4	54.183.143.74 54.183.143.74	16509 (AMAZON-02) (AMAZON-02)
6 8	3.120.28.2 3.120.28.2	16509 (AMAZON-02) (AMAZON-02)
1	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1 1	156.154.202.32 156.154.202.32	19907 (NEUSTAR-AS6) (NEUSTAR-AS6)
1 1	3.127.157.8 3.127.157.8	16509 (AMAZON-02) (AMAZON-02)
1 2	52.208.115.171 52.208.115.171	16509 (AMAZON-02) (AMAZON-02)
355	66

14 2a06:98c1:3120::7 (United States)

ASN13335 (CLOUDFLARENET, US)

nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.nets4.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6810:125e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

37 2a00:1450:4001:82f::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play-lh.googleusercontent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 99.86.7.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-7-104.fra6.r.cloudfront.net

cdn.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:5f41 (United States)

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 3.94.45.13 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-94-45-13.compute-1.amazonaws.com

api.purpleads.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:2250 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:46c5 (United States)

ASN13335 (CLOUDFLARENET, US)

static.addtoany.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.62.48.180 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

e.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.142.114.2 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5e41 (United States)

ASN13335 (CLOUDFLARENET, US)

cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 142.250.185.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:812::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4007:816::2003 (Queens, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 2a00:1450:4001:82a::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

cdn.ampproject.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 142.250.181.226 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.218.208.246 (Frankfurt am Main, Germany) 5 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-208-246.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.220.145 (Amsterdam, Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.72.219.124 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-219-124.eu-west-1.compute.amazonaws.com

fw.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:811::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.23.46 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 217.79.188.11 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: imagesrv.adition.com

imagesrv.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 217.79.188.54 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: aa.adfarm1.adition.com

ad13.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:214f:f000:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.63.150 (Reilingen, Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.150.63.201.138.clients.your-server.de

hal90008.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.90.104.248 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-90-104-248.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.244.36.20 (United States)

ASN7415 (ADSAFE-1, US)
PTR: nyidt.adsafeprotected.com

dt.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 46.4.10.47 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.47.10.4.46.clients.your-server.de

ad.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a0b:4d07:102::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 46.236.13.147 (United Kingdom)

ASN12703 (PULSANT-AS, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.212.166 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s01-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 104.111.239.217 (Frankfurt am Main, Germany) 6 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.zenaps.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 138.201.64.38 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.38.64.201.138.clients.your-server.de

ad11.ad-srv.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:7e05 (United States)

ASN13335 (CLOUDFLARENET, US)

www.conrad.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:211e:d200:c:6264:8240:93a1 (United States)

ASN16509 (AMAZON-02, US)

htlp.emp.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.157.1.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-157-1-118.dus51.r.cloudfront.net

js.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

static2.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.215.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-215-68.fra53.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.79.242.245 (United States)

ASN22822 (LLNW, US)
PTR: https-178-79-242-245.fra.llnw.net

asset.conrad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 145.239.193.130 (France)

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225f:de00:13:99a2:1280:93a1 (United States)

ASN16509 (AMAZON-02, US)

media.acfrg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.131.233 (Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: srv21037.dus4.fastwebserver.de

cdn.contentspread.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 88.198.250.30 (Hamburg, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.242.207.34 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-242-207-34.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.89.7.205 (London, United Kingdom)

ASN16276 (OVH, FR)
PTR: p28.id5-sync.com

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.183.143.74 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-183-143-74.us-west-1.compute.amazonaws.com

ads.creative-serving.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 3.120.28.2 (Frankfurt am Main, Germany) 6 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-28-2.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.189.110 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 156.154.202.32 (United States) 1 redirects

ASN19907 (NEUSTAR-AS6, US)

adadvisor.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.127.157.8 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-157-8.eu-central-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.115.171 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-115-171.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
87	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 90 bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 122 c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com 87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com	504 KB
51	doubleclick.net 15 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159 googleads.g.doubleclick.net — Cisco Umbrella Rank: 38 cm.g.doubleclick.net — Cisco Umbrella Rank: 176 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 71352 ad.doubleclick.net — Cisco Umbrella Rank: 181	937 KB
37	googleusercontent.com play-lh.googleusercontent.com — Cisco Umbrella Rank: 453	5 MB
29	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 246	563 KB
23	purpleads.io cdn.purpleads.io — Cisco Umbrella Rank: 176762 api.purpleads.io — Cisco Umbrella Rank: 157725	24 KB
19	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 57	28 KB
14	nets4.com nets4.com img.nets4.com	83 KB
11	adsafeprotected.com 1 redirects fw.adsafeprotected.com — Cisco Umbrella Rank: 660 static.adsafeprotected.com — Cisco Umbrella Rank: 500 dt.adsafeprotected.com — Cisco Umbrella Rank: 458	96 KB
11	casalemedia.com 5 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 496	10 KB
8	bidswitch.net 6 redirects x.bidswitch.net — Cisco Umbrella Rank: 257	4 KB
8	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 28803 hal90008.redintelligence.net — Cisco Umbrella Rank: 200189	60 KB
8	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 205	8 KB
7	creative-serving.com 1 redirects static2.creative-serving.com — Cisco Umbrella Rank: 63081 ads.creative-serving.com — Cisco Umbrella Rank: 3287	15 KB
7	gstatic.com www.gstatic.com csi.gstatic.com	474 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 916 e.clarity.ms — Cisco Umbrella Rank: 1869 c.clarity.ms — Cisco Umbrella Rank: 547	25 KB
7	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 194	229 KB
6	awin1.com 4 redirects www.awin1.com — Cisco Umbrella Rank: 13937	4 KB
5	ad-srv.net 1 redirects ad.ad-srv.net — Cisco Umbrella Rank: 33086 ad11.ad-srv.net — Cisco Umbrella Rank: 206548	7 KB
5	ampproject.org cdn.ampproject.org — Cisco Umbrella Rank: 343	111 KB
5	google.de adservice.google.de — Cisco Umbrella Rank: 8832	1 KB
4	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 147	143 KB
3	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 18655 api.webgains.io — Cisco Umbrella Rank: 47350	51 KB
3	adition.com imagesrv.adition.com — Cisco Umbrella Rank: 16139 ad13.adfarm1.adition.com — Cisco Umbrella Rank: 40145	11 KB
3	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1207 cloudflareinsights.com — Cisco Umbrella Rank: 1193	5 KB
2	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 184	2 KB
2	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 488	2 KB
2	adsrvr.org js.adsrvr.org — Cisco Umbrella Rank: 1439 insight.adsrvr.org — Cisco Umbrella Rank: 567	3 KB
2	zenaps.com 2 redirects www.zenaps.com — Cisco Umbrella Rank: 18649	1 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 35 ajax.googleapis.com — Cisco Umbrella Rank: 251	7 KB
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 35662	2 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 870	344 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 323	366 B
2	addtoany.com static.addtoany.com — Cisco Umbrella Rank: 3666	34 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 31	20 KB
1	agkn.com 1 redirects aa.agkn.com — Cisco Umbrella Rank: 393	332 B
1	adadvisor.net 1 redirects adadvisor.net — Cisco Umbrella Rank: 6045	241 B
1	pubmatic.com simage2.pubmatic.com — Cisco Umbrella Rank: 554	492 B
1	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 64653	23 KB
1	media01.eu pb.media01.eu — Cisco Umbrella Rank: 39676	628 B
1	contentspread.net cdn.contentspread.net — Cisco Umbrella Rank: 45661	8 KB
1	acfrg.com media.acfrg.com — Cisco Umbrella Rank: 179467	20 KB
1	medialead.de pv.medialead.de — Cisco Umbrella Rank: 39406	1 KB
1	conrad.com asset.conrad.com — Cisco Umbrella Rank: 66381	23 KB
1	emp.de htlp.emp.de — Cisco Umbrella Rank: 159970	3 KB
1	conrad.de www.conrad.de — Cisco Umbrella Rank: 55516	728 B
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 54	32 KB
1	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 202756	931 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 193	556 B
355	48

	Domain	Requested by
43	pagead2.googlesyndication.com	securepubads.g.doubleclick.net nets4.com tpc.googlesyndication.com bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com googleads.g.doubleclick.net e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com s0.2mdn.net www.googletagservices.com
37	play-lh.googleusercontent.com	nets4.com
35	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com nets4.com ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com googleads.g.doubleclick.net e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com s0.2mdn.net
29	s0.2mdn.net	nets4.com s0.2mdn.net bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
22	api.purpleads.io	cdn.purpleads.io
18	securepubads.g.doubleclick.net	cdn.purpleads.io securepubads.g.doubleclick.net nets4.com bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
17	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net
13	www.google.com	1 redirects nets4.com www.gstatic.com www.google.com tpc.googlesyndication.com bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
11	dsum-sec.casalemedia.com	5 redirects googleads.g.doubleclick.net
11	nets4.com	nets4.com
9	googleads.g.doubleclick.net	bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com nets4.com ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
8	x.bidswitch.net	6 redirects
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net
7	cdnjs.cloudflare.com	nets4.com cdnjs.cloudflare.com
6	www.awin1.com	4 redirects ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
6	dt.adsafeprotected.com	bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
6	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
5	cdn.ampproject.org	securepubads.g.doubleclick.net
5	adservice.google.de	securepubads.g.doubleclick.net
5	www.gstatic.com	www.google.com
4	ads.creative-serving.com	1 redirects
4	ad11.ad-srv.net	1 redirects c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com ad11.ad-srv.net
4	hal90008.redintelligence.net	1 redirects ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com hal90008.redintelligence.net
4	googleads4.g.doubleclick.net	nets4.com
4	hal9000.redintelligence.net	ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com hal90008.redintelligence.net
4	www.googletagservices.com	bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
4	e.clarity.ms	www.clarity.ms e.clarity.ms
3	static2.creative-serving.com	ad11.ad-srv.net static2.creative-serving.com
3	static.adsafeprotected.com	fw.adsafeprotected.com bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
3	img.nets4.com	nets4.com
2	dpm.demdex.net	1 redirects
2	id5-sync.com	static2.creative-serving.com
2	api.webgains.io	analytics.webgains.io
2	www.zenaps.com	2 redirects
2	5994599.fls.doubleclick.net	1 redirects nets4.com
2	track.webgains.com	nets4.com ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	ad13.adfarm1.adition.com	c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com ad13.adfarm1.adition.com
2	fw.adsafeprotected.com	1 redirects nets4.com
2	e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	csi.gstatic.com	securepubads.g.doubleclick.net
2	bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
2	cloudflareinsights.com	static.cloudflareinsights.com
2	c.clarity.ms	1 redirects
2	static.addtoany.com	nets4.com
2	www.google-analytics.com	nets4.com www.google-analytics.com
1	aa.agkn.com	1 redirects
1	adadvisor.net	1 redirects
1	simage2.pubmatic.com
1	ad.doubleclick.net
1	insight.adsrvr.org	js.adsrvr.org
1	ad-server.eu	ad11.ad-srv.net
1	pb.media01.eu	pv.medialead.de
1	cdn.contentspread.net	ad11.ad-srv.net
1	media.acfrg.com	ad11.ad-srv.net
1	pv.medialead.de	ad11.ad-srv.net
1	asset.conrad.com	ad11.ad-srv.net
1	analytics.webgains.io	track.webgains.com
1	js.adsrvr.org	ad11.ad-srv.net
1	htlp.emp.de	ad11.ad-srv.net
1	www.conrad.de	ad11.ad-srv.net
1	www.googletagmanager.com	adv.office-partner.de
1	ajax.googleapis.com	s0.2mdn.net
1	fonts.googleapis.com	hal90008.redintelligence.net
1	adv.office-partner.de	hal90008.redintelligence.net
1	ad.ad-srv.net	nets4.com
1	imagesrv.adition.com	c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
1	87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
1	c.bing.com	1 redirects
1	www.clarity.ms	nets4.com
1	static.cloudflareinsights.com	nets4.com
1	cdn.purpleads.io	nets4.com
355	75

This site contains links to these domains. Also see Links.

Domain
blog.nets4.com
link.nets4.com
play.google.com
thimbleweedpark.com
www.addtoany.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-04-29` - `2022-04-28`	a year	crt.sh
edgestatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.purpleads.io Amazon	`2021-12-01` - `2022-12-29`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft RSA TLS CA 01	`2021-07-27` - `2022-07-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
misc-sni.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
fw.adsafeprotected.com Amazon	`2021-08-11` - `2022-09-09`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
redintelligence.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.adition.com AlphaSSL CA - SHA256 - G2	`2021-04-15` - `2022-05-17`	a year	crt.sh
*.adfarm1.adition.com AlphaSSL CA - SHA256 - G2	`2021-05-21` - `2022-06-22`	a year	crt.sh
static.adsafeprotected.com Amazon	`2021-09-05` - `2022-10-04`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2022-01-03` - `2022-04-03`	3 months	crt.sh
*.adsafeprotected.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-26` - `2022-06-17`	a year	crt.sh
ad-srv.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
adv.office-partner.de R3	`2022-03-07` - `2022-06-05`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-02-17` - `2022-05-12`	3 months	crt.sh
www.conrad.de Cloudflare Inc ECC CA-3	`2021-05-17` - `2022-05-16`	a year	crt.sh
htlp.emp.de Amazon	`2022-01-31` - `2023-03-01`	a year	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2021-03-18` - `2022-04-19`	a year	crt.sh
static2.creative-serving.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.webgains.io Amazon	`2022-02-10` - `2023-03-11`	a year	crt.sh
pv.medialead.de R3	`2022-02-20` - `2022-05-21`	3 months	crt.sh
contentspread.net R3	`2022-01-27` - `2022-04-27`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
ad-server.eu R3	`2022-02-13` - `2022-05-14`	3 months	crt.sh
*.id5-sync.com R3	`2022-03-08` - `2022-06-06`	3 months	crt.sh

This page contains 49 frames:

Primary Page: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Frame ID: 5E58F0CAFF09B006950A1BC4550AF568
Requests: 84 HTTP requests in this frame

Frame: https://static.addtoany.com/menu/sm.22.html
Frame ID: 4342302768DCCD667F747BD83EBE90BC
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: A488F6F5C0C4EBD88F85A4D0D4EB7A48
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=fvbe5uslgiw1
Frame ID: 11914AABD87A7F3CD271624CB46E7DA1
Requests: 4 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 24BA884F9C7C1ACA11B960A4654EB493
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: EDB5646DF885EDC314F1E4B3148F2C2E
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: B7B501B09FA0FF8A6B1AAAC48453C879
Requests: 8 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Frame ID: 327A78E17FD6F3EE57AADC258182CB5F
Requests: 8 HTTP requests in this frame

Frame: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: E273317A62C48116615E4E91D616A10B
Requests: 1 HTTP requests in this frame

Frame: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 73409531D80566CAC3D5DE9E0C2BBDCB
Requests: 1 HTTP requests in this frame

Frame: https://87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 22BDFA37B31AEE40D2E55ECCB2DDE1B4
Requests: 1 HTTP requests in this frame

Frame: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 0DE55A98EF52467519C16278B9416D65
Requests: 1 HTTP requests in this frame

Frame: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: CCC8F8D7D084D5FBCDDB972179D5ADCE
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD
Frame ID: 2BB062A505F7B1202A99FC525BB0ACFD
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9CCF7110D500761E66F34C1692FCF510
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: CCF41CE6749A2ACAB751A92C2C3B05A3
Requests: 2 HTTP requests in this frame

Frame: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 77AA30087A1A9E49D6434980F1DCDFCB
Requests: 26 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7E6001687C76F202D7E0E2CFE72C6CC5
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: F8B23D877020E06201283BE6B14808CF
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: DDCB8903877E3C5FE191640F74F34ED4
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 15DCE98513ABE2E1AC69069576E17D15
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 91B0206FC9101C3F71584FCB500B3247
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 98241C6785D52D94B8144600F9493939
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 422A6F865EF916D6D0FAB9BA8579F3A3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 6E2E1627868A425A9645C5897E188CC6
Requests: 2 HTTP requests in this frame

Frame: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: FF2DCD802BDF2A347B95B04D9932C473
Requests: 17 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjbh_LEATAB&v=APEucNVAvD3ivnzUetS2wsdM1mgWXGSDW7UnA6FqiOHDY4ciRhZ9Fw18jYomGxe7aT_ZqdrD0tkA-qY9WnT5X1gpr4poVU6CyvdVegkd6f97hvwavgDg3jvUK2kd7cmfwfsFbk-97M3gVcYZDs7I6K8hHluROg-p_Ekq8AUYyR8MPUsSU2N2Kyk
Frame ID: 74CDED392F45CFABB26C3BA94190B236
Requests: 5 HTTP requests in this frame

Frame: https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs
Frame ID: 55EBFE7ADC016DEFF8C4E36FE9D0713D
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNXZPHY0RKt01IZbWkui1rEeuYQvB8JAoF1je6jVGcSNGtD5MPgKrBOkmNfcKqaaCuoYTU5iiWNhQcacfJQdBj4vaTfX8HWGINsdocsjbwuMkd27COrhtF7Kj7N7lo6BuVQevoy_-YGK0dOas-cbuONEWRUAwaCbtb77eFp648ft6oRRZbs
Frame ID: 439C78CFB718F8B39961BAC85A4D9CCB
Requests: 5 HTTP requests in this frame

Frame: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 065A58AE4FEAFBF8F97A4F42FB89AF7C
Requests: 16 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYwc3jwAEwAQ&v=APEucNWSflqzWWgR8BZIYs9FL_XU2Ha72U-w5JQypMwuuwBXQUpoFF_fnySv8o8unJaCzCgn7p-X9LZI7AXSE4-qkD0FFW-JseU1m2EbwiLkOo0V8sjmvLbRlrHRn6K4G9kLfsgF4h6iqHdnU6VaH_s0gttBJc0XLGjIWjS4LigkDnMaq9WgEo0
Frame ID: 2721FD8543F596996FE14307FD105E1C
Requests: 5 HTTP requests in this frame

Frame: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Frame ID: 587A96BA17BE3F8CCA1DE2E1978F7040
Requests: 27 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWWZztybAUK05-re94AXT9ny-4qZFP7qpshNcSg6bCIoyPhsWb8Uq5jYAsGD60OHt9nQ2c4I268u1Lx8CR54kZhmmIj1M2NQfWZFThoXcyIMnIBzPKYffEvUptw7bKOENE2zb3aSv37EOldeD3F_vnG0iFcDLOIwJdIooXhyJGUyNYCwL0
Frame ID: 5BA9F51F69C7FED93C5DA9215E322522
Requests: 5 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
Frame ID: 2860CF7D59EFFAF4C2503B14532E1FBA
Requests: 16 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F8C7D4756F9478D38B58D32126A4C435
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
Frame ID: 48F589DA21E5B05DF4EB1E68D9ED75E9
Requests: 14 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: EA357D166A07F9522A84DBB2A39E2EA1
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6CA97265126ED1F8591D56042803F436
Requests: 3 HTTP requests in this frame

Frame: https://static.adsafeprotected.com/sca.17.5.12.js
Frame ID: 2FB4FCA01FB2F63F3EEFC2961CB5DC0B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 417AE9EDAC24DD533A34FCFF7AC30228
Requests: 3 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 1FD04C815C2C60075FFD28C3A21576E1
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228
Frame ID: 6ABE69FA3257EC5BB8FCA5BBBE444C0E
Requests: 2 HTTP requests in this frame

Frame: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
Frame ID: 7F1794D16DCDDC3554153D3C43788D6E
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js
Frame ID: 5D57CBBB68414E9FB868A8F1A9F733F5
Requests: 1 HTTP requests in this frame

Frame: https://www.conrad.de/ztpv.php?awc=11354_473322_1647249245_18cbae00-a377-11ec-81bc-2262d3a2196d&insert=AW
Frame ID: 3E50CE960D311A0D0DFADB42D26A3B83
Requests: 1 HTTP requests in this frame

Frame: https://htlp.emp.de/
Frame ID: 42FC31E2BFA9D9BE3B5B928C5F4D906C
Requests: 1 HTTP requests in this frame

Frame: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
Frame ID: B7DCAF30699304B5E398EB548C8BEDA0
Requests: 7 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50099&dt_subid2=80384500055665200383828011898011&actionid=981741&produktid=&dt_url=
Frame ID: F580B3E1F2F8CA3E11A540F577A70C2D
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
Frame ID: 05997C3455B5136B40A44AB4D9FCF21C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Thimbleweed Park - Android App

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

googleapis\.com/.+webfont

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Popper (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

<script [^>]*src="[^"]*/popper\.js/([0-9.]+)
/popper\.js/([0-9.]+)

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

355
Requests

92 %
HTTPS

43 %
IPv6

48
Domains

75
Subdomains

66
IPs

7
Countries

8268 kB
Transfer

13236 kB
Size

56
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.nets4.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://link.nets4.com/digitalocean

Search URL Search Domain Scan URL

URL: https://link.nets4.com/google
Title: Signin to Nets4.com

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.terribletoybox.thimbleweedparkandroid
Title: Get it on Google Play

Search URL Search Domain Scan URL

URL: https://thimbleweedpark.com/

Search URL Search Domain Scan URL

URL: https://thimbleweedpark.com/privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/privacy-policy.html
Title: Privacy

Search URL Search Domain Scan URL

URL: https://blog.nets4.com/p/about.html
Title: About Us

Search URL Search Domain Scan URL

URL: https://link.nets4.com/facebook

Search URL Search Domain Scan URL

URL: https://link.nets4.com/twitter

Search URL Search Domain Scan URL

URL: https://link.nets4.com/youtube

Search URL Search Domain Scan URL

URL: https://link.nets4.com/instagram

Search URL Search Domain Scan URL

URL: https://link.nets4.com/quora

Search URL Search Domain Scan URL

URL: https://link.nets4.com/pinterest

Search URL Search Domain Scan URL

URL: https://www.addtoany.com/
Title: AddToAny

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 69

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?CtsSyncId=780FEF7CD05B4E369C4E72E96A72364F&RedC=c.clarity.ms&MXFR=39472C949A7C657B2A1A3DF39E7C6B4B HTTP 302
https://c.clarity.ms/c.gif?CtsSyncId=780FEF7CD05B4E369C4E72E96A72364F&MUID=13F0BFBB2F5C63AB2DB4AEDC2E8E624F

Request Chain 190

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsKPWhHHJfNWjyJS9WSwMc&google_cver=1

Request Chain 191

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi8HXHC0mcpfNMP0FEBvoQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

Request Chain 192

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOawQmdcy50drIBW58zaNRM&google_cver=1

Request Chain 193

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

Request Chain 194

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBPnZzFMN6VWt403L7mV52U&google_cver=1

Request Chain 195

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi8HXHC0mcpfNMP0FEBvoQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

Request Chain 196

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1

Request Chain 197

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

Request Chain 215

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 217

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

Request Chain 218

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi8HXHC0mcpfNMP0FEBvoQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

Request Chain 219

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1

Request Chain 220

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

Request Chain 241

https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=6668936078491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=6668936078491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 242

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKGlXGEM3YfA-I-HnpWoYxc&google_cver=1

Request Chain 244

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEAFZR4jtxJzhZ6XT3gfR7UE&google_cver=1

Request Chain 269

https://fw.adsafeprotected.com/rfw/st/985734/61500682/skeleton.js?adsafe_url=https%3A%2F%2Fnets4.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fnets4.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com%2F&adsafe_type=f&adsafe_url=https%3A%2F%2Fbcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com%2Fsafeframe%2F1-0-38%2Fhtml%2Fcontainer.html%3Fn%3D1&adsafe_type=d&adsafe_jsinfo=,id:f4a73a82-cd92-803d-7c7a-b38988bf1497,c:6PfkLz,sl:outOfView,em:true,fr:false,thd:1,mn:jsserver-primary-756fbb76bf-59pkm,rg:ie,pt:1-5-15,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,br:c,abv:na,an:n,oam:0,nbld:0,mtim:261,fm:t02RXtc+11%7C121%7C122*.985734-61500682%7C1221%7C1222%7C1223%7C131%7C141%7C142%7C1431%7C1432%7C151%7C152%7C1531%7C1532%7C161%7C162%7C163%7C171%7C172%7C1731%7C1732%7C18%7C19,idMap:122*,pl:CV8L.VEBo.0YtC,rmeas:1,rend:0,renddet:na,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,tt:rjss,et:280,oid:18311be9-a377-11ec-a3b5-2e1732385b95,v:19.8.299,sp:1,st:0,fwm:1,wr:1600.1200,sr:1600.1200,ov:0 HTTP 302
https://static.adsafeprotected.com/skeleton.js

Request Chain 280

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228

Request Chain 288

https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 304

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pv=1&pref1=80384500055665200383828011898011 HTTP 302
https://www.zenaps.com/cshow.php?pvr=18cbae00-a377-11ec-81bc-2262d3a2196d&v=11354&r=473322&q=371931&s=2470208&viewref=80384500055665200383828011898011&pv=1 HTTP 302
https://www.conrad.de/ztpv.php?awc=11354_473322_1647249245_18cbae00-a377-11ec-81bc-2262d3a2196d&insert=AW

Request Chain 305

https://www.awin1.com/cshow.php?s=2481850&v=14172&q=372911&r=473322&pv=1&pref1=80384500055665200383828011898011 HTTP 302
https://htlp.emp.de/

Request Chain 326

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pref1=80384500055665200383828011898011 HTTP 302
https://www.zenaps.com/cshow.php?pvr=18f926a0-a377-11ec-81bc-2262d3a2196d&v=11354&r=473322&q=371931&s=2470208&viewref=80384500055665200383828011898011 HTTP 302
https://asset.conrad.com/media10/isa/160267/c1/-/de/KuKa_234x60?format=gif

Request Chain 328

https://www.awin1.com/cshow.php?s=2481854&v=14172&q=372905&r=473322&pref1=80384500055665200383828011898011 HTTP 302
https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png

Request Chain 350

https://ads.creative-serving.com/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse HTTP 302
https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse

Request Chain 353

https://x.bidswitch.net/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=202 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=202 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=rprP-VdbRdK3zBw5QD6OYg== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1

Request Chain 354

https://x.bidswitch.net/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=354 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=354 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a195a7-24f6-4882-9a64-da544fb676e9&gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 355

https://x.bidswitch.net/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=93 HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=93 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=w6cEzkvNTFqc1uJ7ZS2bSg== HTTP 302
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1

Request Chain 356

https://adadvisor.net/adscores/g.pixel?sid=9212282158 HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9212282158&&bounced=1 HTTP 302
https://ads.creative-serving.com/cm_nst?cookie_id=165020604090000136577

Request Chain 358

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=96c9b330-f27e-4ab2-81e5-b7d5cffd6109 HTTP 302
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=96c9b330-f27e-4ab2-81e5-b7d5cffd6109

Request Chain 359

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc HTTP 302
https://ads.creative-serving.com/gcm?google_gid=CAESEF0UQbs8N8j5wTF8ILi3ajg&google_cver=1

355 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request com.terribletoybox.thimbleweedparkandroid Show response
nets4.com/android-apps/ 46 KB
10 KB 561ms
508ms Document
text/html 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4a4a933636cd4b3d485a329f89aa90eaf6e4ff147080fbbc53f080802f7690f1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Mon, 14 Mar 2022 09:14:01 GMT
content-type: text/html; charset=UTF-8
cf-ray: 6ebbe58f2ba7900d-FRA
cache-control: public, max-age=86400, proxy-revalidate
last-modified: Mon, 14 Mar 2022 09:14:01 GMT
vary: Accept-Encoding
cf-cache-status: MISS
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hKbd4KjZhJkdVP3YpPX4rNwDvbY7LuzUZVOJzDAyAxbWExj%2FzxkvfIk%2BajHUP2lGn283stDjqMtvsL7LyROGNSoRAmM1KJo45XySl9FLYdF5hwunGzh7Rnn6RBUxhYMBgk0iVTeOVZ8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 awkqrI1qzYcE0gTfW6uXyLl_1bA.js Show response
nets4.com/cdn-cgi/apps/head/ 7 KB
3 KB 36ms
35ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4154895
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: BY6CAZDM09BG4BCW
x-amz-id-2: ehIXWVY/ZUF5Ooi83TSBV1+KlYYK1I/8tpZOmWF/sUwesuxopnAJy2SIiernsJLpc1vgoFVbpXM=
last-modified: Fri, 10 Dec 2021 11:06:12 GMT
server: cloudflare
etag: W/"e951628ea64bbeadb19c6d855ca98c7a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VqEGRsDVb9Fo%2B4SKWmsvagDXQjLgns4yj%2BMEgBpt3ueHsvVUM5AhPaVJy8iWLnZOFEUL9G5%2FcB4UyWvftx60%2Bf5dgJqbrG5zHh7MeOpH8eO%2F5a7p3LFo6pLQz%2BLMatTEVI%2FwevfjpCk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
x-amz-version-id: 7KspX51u1Msx7FcOmJWweyW7FbGqzJNg
cf-ray: 6ebbe59278ca900d-FRA

GET
H2 200 bootstrap.min.css
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/ 157 KB
18 KB 67ms
27ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/css/bootstrap.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1206544
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 17620
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-44d4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CHkpi8tUAOLUVghInD0AlPJRai8y4WazRpVUAj%2BIiGoHQT7ZtFSMf722E0iS5II%2F9e3wPRmdbrbg1O0f2z74ulxrp17K5pGO3dLdEVDBY9K8OOmXTZlrgDwIeXXORdK81xPVqF25gTQ%2BxtK1jwnQk%2F%2F3"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe592b99a5c44-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H2 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/ 58 KB
11 KB 65ms
26ms Stylesheet
text/css 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1422816
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 10462
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-28de"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QMCoCwPWHzCRmCP%2FLs1%2Fq7vLzbQBiHCfe%2BGm6Yga%2Bm2hY1PS9gteVQMN1HnecVmdWXKJFzwlK%2B%2F0D8aZZzvniU1KHXRHkOuqOoUF18cosi3nBD4xdO1ZJciZvzKx5912l6kJZduQPFx4QH0bSUuONN9O"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe592b9a15c44-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H2 200 style.css
nets4.com/assets/css/ 345 B
564 B 56ms
55ms Stylesheet
text/css 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/css/style.css
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2059
cf-polished: origSize=451
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 01 Nov 2021 12:55:19 GMT
server: cloudflare
etag: W/"617fe3b7-1c3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qXQn03MYsbI09AoCjsh1%2BNPBm9rxPb3kplEvkpj3Zext1At4BVyLvPBA4HbhhMm6ufeRTS%2FQbeOQsUq20HJ2SFlIyEE4yE0kVxbkMxLe1xRsyDGz0fG91Su2xsTL4wEGHfXZSiFgWPI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cf-ray: 6ebbe59278cb900d-FRA
cf-bgj: minify

GET
H3 200 invisible.js Show response
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 44 KB
16 KB 37ms
37ms Script
text/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1647248400
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8aeb7e54c9489ecc7478fb5a9c4ac1ae96e861379179df83e06b28fc97cfa1a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6K4xR1%2FMDRoXx4Jfsz07vLrFb4SUbImFdlwUtltIRclPnjF%2BfYho8gAWWRCjjqEFfQxI34mXzR%2Fi02vvCOVQgX%2FhvM2k065f%2BCvs%2FLOpOAu1TGFtkKPuFEIOxBdctnxp7d%2BWvUA%2FEM%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6ebbe592f9a9690a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2 200 Th69y9F.png
img.nets4.com/img/i.imgur.com/ 3 KB
4 KB 77ms
65ms Image
image/gif 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/Th69y9F.png?w=120&h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4154750
cf-ray: 6ebbe59309a2900d-FRA
x-cache: MISS, MISS
x-cache-hits: 0
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 3395
x-served-by: cache-sea4480-SEA, cache-fra19175-FRA
server: cloudflare
x-timer: S1643094492.029969,VS0,VE283
etag: W/"6df89d86deba278d112332afb4bb100b1a6165842a7fdb7f78a5a70c7c7218aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eTDDfy19j5wpuiXQAEPxVxULyX0WSkr%2FTc5Ywcr9A7u7%2Bpm4YNRuBKa2UsED0%2Fx78p04HseN%2BNt5cUA7sgELLhuONodDo%2FTWhqdCiyEITcBcVxzLay%2BhDC9C660rz5sxvmq20v3tvglSs4Nm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/Th69y9F.png>; rel="canonical"
access-control-expose-headers: *

GET
H2 200 58T3Wrl.png
img.nets4.com/img/i.imgur.com/ 1 KB
2 KB 91ms
79ms Image
image/gif 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/58T3Wrl.png?w=20h=20&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4154750
cf-ray: 6ebbe59309a4900d-FRA
x-cache: MISS, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1117
x-served-by: cache-sea4474-SEA, cache-fra19183-FRA
server: cloudflare
x-timer: S1643094492.028983,VS0,VE1
etag: W/"86d32e1b83f7c87590ac6aad5f278dca67bb9675a7a7869ed47749c6cf91763d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cV%2B2xT81vUxhsAekXSdpNVYDTXiFUhmlnWjTAxfDMU9K6VZ2q5Y0og6JWJE2yJCCIDyMJgDOB9DD%2BxEaG7CG4YvenaXbTQs%2FofyoQjQ%2BS%2FsGlbUf0dkB9VT%2FRJ3fKgDk2rCZ56bQq8%2Bu%2BE1k"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/58T3Wrl.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 rocket-loader.min.js Show response
nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ 12 KB
4 KB 22ms
22ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UmTdnQRwQtu6%2FRkwKAFp6vlYoIToA4p0EOVsV%2FgzXF2UQUDPKeBVNm9Vl%2BLVhRa4yxGy3HsHB6EtT5hvottbej31n6Trs6pzr91KA9lOgurk1YYvxqRnBoA0IwylW3%2BA6IS8uRuLbtU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebbe592e98d690a-FRA
vary: Accept-Encoding
expires: Wed, 16 Mar 2022 09:14:02 GMT

GET
H2 200 FnScLTZMifmuGwQJhMTqC_pmRNd-u1Kdh3xYE2I0T9nxEAgFhCKk2PKW1RgXDwVz-OI=w300
play-lh.googleusercontent.com/ 206 KB
206 KB 219ms
169ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/FnScLTZMifmuGwQJhMTqC_pmRNd-u1Kdh3xYE2I0T9nxEAgFhCKk2PKW1RgXDwVz-OI=w300

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

44a4125499aa0a4a340b196f8629c1c3cde2275dcb3e7134da488ba809179075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 210879
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H2 200 yzAE67mORWNHc_kKNQQIkpJKj-1OpGySEk2iNFIJq1o8AxwYQlvguAMOmlyJ2e3EsFh4=w500
play-lh.googleusercontent.com/ 274 KB
274 KB 279ms
228ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/yzAE67mORWNHc_kKNQQIkpJKj-1OpGySEk2iNFIJq1o8AxwYQlvguAMOmlyJ2e3EsFh4=w500

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

b40c235d865f04ad3e1fea5537eb1f1f149274cfa9a7b1ded8b5db8aba98663f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 280479
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 email-decode.min.js Show response
nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 20ms
20ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://nets4.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 11 Mar 2022 12:22:44 GMT
server: cloudflare
etag: W/"622b3f14-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TL%2B6wQElZ5lUBUtC6HY6AKNAJxL1X%2BDSChe%2BYe2ATQAlsJylzOK2id%2FtfqAM6khftH7G26GY%2BWHh3nLbkAu1Q5p9hhAI%2BCuDzbJwHElHePSZ0M5sTXPZKQleCGq8xyBeLkdcGmtXM38%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 6ebbe592e995690a-FRA
vary: Accept-Encoding
expires: Wed, 16 Mar 2022 09:14:02 GMT

GET
H2 200 W25b9ht.png
img.nets4.com/img/i.imgur.com/ 2 KB
2 KB 55ms
55ms Image
image/gif 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://img.nets4.com/img/i.imgur.com/W25b9ht.png?w=40&h=40&f=auto

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
via: 1.1 varnish
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4154750
cf-ray: 6ebbe59319b9900d-FRA
x-cache: HIT, HIT
x-cache-hits: 1
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 1574
x-served-by: cache-sea4420-SEA, cache-fra19149-FRA
server: cloudflare
x-timer: S1643094492.028469,VS0,VE1
etag: W/"ee80457266cef4b485c3668cbdd5f67e7ed204e94a46f041afd17fa27c93c945"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FK4tp8RdWgdLu3zmXpt1V6Zoup1AVC5bj8XlW1pOnqxNbWkJo7MytdFWXROXs4v69m9zOEW%2BHMaG9Fyx880E%2BzMD5oyi3iAErtjsb2TFLQ2pJpqpA6jGOKdtZPWSgmoFpyH4hLkmH7MtO%2B%2Fs"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
access-control-allow-origin: *
vary: Accept, Accept-Encoding
cache-control: public, max-age=31536000, immutable
accept-ranges: bytes
timing-allow-origin: *
link: <https://img.nets4.com/image/W25b9ht.png>; rel="canonical"
access-control-expose-headers: *

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/ 87 KB
28 KB 51ms
29ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 398850
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 27938
timing-allow-origin: *
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "603e8adc-15d9d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nL2nd3i2Q%2FbmPkEMewwfLsWHs9QQqdqc7EbOPbjuZH3dO98N4%2FoqPX3AETpI29SixTDdyLDmBsDC3BTVsr%2FZmETQdqugEsDS0ckjM5eO72iPsRSk5jPzcNhsY1sKDlCqJS6ria2ZjHvl%2B%2BTckdPmntGq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe5934a72915c-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H3 200 popper.min.js Show response
cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/ 18 KB
7 KB 26ms
26ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4151927
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 6107
timing-allow-origin: *
last-modified: Thu, 02 Sep 2021 17:01:41 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "61310375-17db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=86%2B29O59UFirIn75WHpmnKnh%2FZE76LTethQF%2Fhn7cGtXQNL8jyAoJH0O%2FCufhTcOvRrfByJToR7%2B96fEYMwzqEndbwRVZl%2BQyl438sKtR9KoXrAVMDYy%2B1JjEzhtVnyKwHAhLojiUry2TmOwXqJuFhgq"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe593ab47915c-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H3 200 bootstrap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/ 62 KB
13 KB 26ms
26ms Script
application/javascript 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1183656
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 13102
timing-allow-origin: *
last-modified: Tue, 20 Jul 2021 01:00:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "60f6203f-332e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nOw%2FrigVtBRdMLj%2F%2FvtC%2BCF4l1xu6hKtVDLvpKaet4HcOczfRIAIEI91yuO1p1tqggBx%2BHVBmfETmt82xtoNcvZUkYCKtR7NNnCKAW4FL2xAKk4eUSpIdwpOyY9kSYkTlp%2Bv3JJvvi6D5I5%2FYGQQzXr0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe593dbb1915c-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H3 200 sharebutton.js Show response
nets4.com/assets/js/ 80 KB
28 KB 246ms
246ms Script
application/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/assets/js/sharebutton.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
cf-cache-status: HIT
last-modified: Sat, 03 Jul 2021 07:08:27 GMT
server: cloudflare
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
etag: W/"60e00ceb-1d7e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=21HclWWKYUYEIBXUWoxzbL4TBr6CYC%2Bp6FsogVKIn81JFOkdrDn2Nu6KAfWlP3E66YirTfuvoUhrgXVqWxOyrMkLXa75xua5m543XD2Opaogv7mcxrAsUgQY2bWwRIASPeUXsELIQl0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cf-polished: origSize=120806
cf-ray: 6ebbe5941bcb690a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj: minify

GET
H2 200 agent.js Show response
cdn.purpleads.io/ 34 KB
10 KB 75ms
17ms Script
application/javascript 99.86.7.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.7.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-7-104.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 38bf08369b9d72ce4d22d5b555e9e5ee2e7a5fab8980ba2787f47d89d55e2c99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 02:32:52 GMT
content-encoding: gzip
last-modified: Mon, 21 Feb 2022 08:37:50 GMT
server: AmazonS3
age: 24070
etag: "0c008aa8cd8d5ae47e2eb77cc10e9a3c"
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 10377
x-amz-cf-id: csTSEArdF3hIYPXzXIlEDcziKlPqOHr4T9kPKrgvfswTdig26CV6cQ==

GET
H3 200 com.terribletoybox.thimbleweedparkandroid
nets4.com/android-apps/ 15 B
0 31ms
31ms Fetch
application/json 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
ts-request-embed-key: 6b851de2-9b93-4f8f-ab0f-e2056bcf2ae8:d00fb5eed8e6470bf9d96c9c61acabcce0f492e67b34d512b153b6157ee73240
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:02 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1OiAsB%2FX1avVRpvq8NnMStWc37ZY9gRuOmuNeDw9CbTxO84gktzKnNvaxHPRRWtc%2F8%2BQ1gPgYH84Dlv1KHvxp5ffkQYjImSXQihdDvvOn2zCShVVKcaq4kYCb6OEO9yBuS%2Be7o0%2B5SM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/json; charset=UTF-8
cache-control: no-store
cf-ray: 6ebbe5941be4690a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 15

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 850 B
968 B 72ms
29ms Script
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: nets4.com
URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

bafa1db2a6708b6401e11e0b2ac4c5bb6eddf4c25e5a83b7eb391fe42ab34a2f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 555
x-xss-protection: 1; mode=block
expires: Mon, 14 Mar 2022 09:14:02 GMT

GET
H2 200 beacon.min.js Show response
static.cloudflareinsights.com/ 14 KB
5 KB 91ms
51ms Script
text/javascript 2606:4700::6810:5f41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/apps/head/awkqrI1qzYcE0gTfW6uXyLl_1bA.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:5f41 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 6ebbe59458989140-FRA

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 62ms
18ms Script
text/javascript 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 4150
date: Mon, 14 Mar 2022 08:04:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 14 Mar 2022 10:04:52 GMT

GET
H3 200 s.js Show response
nets4.com/cdn-cgi/zaraz/ 4 KB
2 KB 125ms
125ms Script
text/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0cmFja3MlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyVGhpbWJsZXdlZWQlMjBQYXJrJTIwLSUyMEFuZHJvaWQlMjBBcHAlMjIlMkMlMjJ3JTIyJTNBMTYwMCUyQyUyMmglMjIlM0ExMjAwJTJDJTIyaiUyMiUzQTEyMDAlMkMlMjJlJTIyJTNBMTYwMCUyQyUyMmwlMjIlM0ElMjJodHRwcyUzQSUyRiUyRm5ldHM0LmNvbSUyRmFuZHJvaWQtYXBwcyUyRmNvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lkJTIyJTJDJTIyciUyMiUzQSUyMiUyMiUyQyUyMmslMjIlM0EyNCUyQyUyMm4lMjIlM0ElMjJVVEYtOCUyMiUyQyUyMm8lMjIlM0EwJTdE
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 22d7e00449ca81f34b0926fe4573ec056a674d959ad42d7fa0ad680e90f27992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://nets4.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A8%2BrLBZN%2FjJi3H5HqufssE2iiS%2BYjqibRQvI9YMN4%2BlBSVHJ2IFdWtUfJ8i%2FjBNYdV8mCu74piUgYt3ikQl8z%2FKC%2Bc50Gh9L3qQVDGO3yYzispSOrd0xS3xy2iCZyJDNvPyyvWrWqHE%3D"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 6ebbe5942bf4690a-FRA
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3 200 fa-brands-400.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 75 KB
76 KB 68ms
45ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 2428162
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 76736
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-12bc0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2wxo1sUdL8fPEjjzCulndGYDE2RMFZ39o4qbkjk%2BLVwXEFU1HahymObCRJgAbmo98irU6GL8dtIo3k4%2Bvkia%2FMoojbZo1hdnY7aRDZ7JSw9%2FE9yjTAUbtCsI35TtN2IADZUuyvEA2IZMozO8%2Bbq2eJdx"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe5944c2e929b-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H3 200 fa-solid-900.woff2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/ 76 KB
77 KB 51ms
28ms Font
application/octet-stream 2606:4700::6810:125e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-solid-900.woff2

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:125e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/css/all.min.css
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1426133
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 78268
timing-allow-origin: *
last-modified: Mon, 13 Sep 2021 19:10:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "613fa20b-131bc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mWjb1QiCdqmQsSQO41GAef5UYw%2B5WvNcb9y56k9%2BKb2w7MLG2PZ1P8d9KQUZ37hxdkR8ttPyuXdauv4F25mXkktz%2FIzuXmM%2FxYjTDoyUc7FjSMOA%2BNwUW2q5jvRfB8DrletZbLKeN2RDRgRjYoDSKwW9"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6ebbe5944c30929b-FRA
expires: Sat, 04 Mar 2023 09:14:02 GMT

GET
H2 200 FnScLTZMifmuGwQJhMTqC_pmRNd-u1Kdh3xYE2I0T9nxEAgFhCKk2PKW1RgXDwVz-OI=w16
play-lh.googleusercontent.com/ 823 B
894 B 168ms
165ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/FnScLTZMifmuGwQJhMTqC_pmRNd-u1Kdh3xYE2I0T9nxEAgFhCKk2PKW1RgXDwVz-OI=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3586c048d2f7cc6b31672cb68dfedc137d24c60eb17ca35c8445d0c32eea7d8f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 823
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H2 200 AGdcZX_9C25NQEojIeJ1swcmEHgaS_nzkam7HnYptWAuzpne_IwvFmW9MMCQlAD824Nl
play-lh.googleusercontent.com/ 204 KB
204 KB 219ms
214ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/AGdcZX_9C25NQEojIeJ1swcmEHgaS_nzkam7HnYptWAuzpne_IwvFmW9MMCQlAD824Nl

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e866202c7cd97ca18ec2427347648fc7f59ec50083cfa249f50ee42b72d26bc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 208987
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H2 200 ckCzcmodPpc5M2sPdIsOyCXDItFBHh0xlxdwOWuzq5nbpv3z4TDoAvSmrcLIv5hx7DU
play-lh.googleusercontent.com/ 169 KB
169 KB 103ms
96ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/ckCzcmodPpc5M2sPdIsOyCXDItFBHh0xlxdwOWuzq5nbpv3z4TDoAvSmrcLIv5hx7DU

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ac90aaa0a780549fc9faadcf2182fe5b0d6b769a585e8945cfff3612c29e055b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 172569
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 UNGsYFBIV4iaFoGJzu280zbPnQ04vvPBXloWAlYkCW84__xUfCDCq2BA0M1bj-Ors34
play-lh.googleusercontent.com/ 158 KB
158 KB 105ms
76ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/UNGsYFBIV4iaFoGJzu280zbPnQ04vvPBXloWAlYkCW84__xUfCDCq2BA0M1bj-Ors34

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e33df0d2cac5e19b7b65ec902963483c307594d39cde9bcb8b08838ea1d3d53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 161771
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 wF_7t5ACf1HeXPdSGTM3mYEuixC6WHOt2Lpou-7VMduaoZzzipVwXOd2Iu0rTOPExvg
play-lh.googleusercontent.com/ 274 KB
274 KB 268ms
239ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/wF_7t5ACf1HeXPdSGTM3mYEuixC6WHOt2Lpou-7VMduaoZzzipVwXOd2Iu0rTOPExvg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88580ca2e0450c557fc225dbd5cc74cf747c36f74c2f2dfc8b898bd4052ba33b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 280090
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 Bn7XWvclYv79DKGVAdCfCdPxLk3hRdjBoNDV2AKryr_-o-0cN5dyVrD_jV0IrP9ADcXG
play-lh.googleusercontent.com/ 152 KB
152 KB 205ms
176ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/Bn7XWvclYv79DKGVAdCfCdPxLk3hRdjBoNDV2AKryr_-o-0cN5dyVrD_jV0IrP9ADcXG

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

081739c8430afe817f3eb0e1af50b5642a758fdd4375ce4326af5786421432b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156000
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 dGCPJ8jcxbtMExK4mf8hKQgHQEX35mmAvaJw8yRI3l3vn0i3JgtBy_IFEstnBcJw7VQ
play-lh.googleusercontent.com/ 159 KB
159 KB 253ms
225ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/dGCPJ8jcxbtMExK4mf8hKQgHQEX35mmAvaJw8yRI3l3vn0i3JgtBy_IFEstnBcJw7VQ

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a6f91b2c590d6df86780df4f601e4663422109c72235afeb5d2dd5ba9cbed261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162887
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 ZIeLf7TzToNfOflRm7Mwj3NWVhNE-Stc2FTgRcNL21PjoBTwm4mxfQ9CKbrBKtPptj6p
play-lh.googleusercontent.com/ 151 KB
151 KB 278ms
250ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/ZIeLf7TzToNfOflRm7Mwj3NWVhNE-Stc2FTgRcNL21PjoBTwm4mxfQ9CKbrBKtPptj6p

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

56090af142d1c36fb5a7ce70ba62303740c4efe24acc1dfe2941ec4d94fb0c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154264
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 jhe5QT2pRaAf9UGkEMo9ToDK8uvUDap-hl2zaIMAmavdci7aH5AMXOSmli2Lyjl30Q
play-lh.googleusercontent.com/ 141 KB
141 KB 225ms
197ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/jhe5QT2pRaAf9UGkEMo9ToDK8uvUDap-hl2zaIMAmavdci7aH5AMXOSmli2Lyjl30Q

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

373fa838ff5b13149d2c6dd3af907d1d50948f0d16142cc683287f5cb482fa7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144533
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 HzVBjS7CstxtAEmqu9Ie84lsS-MC3czs6sBNxh_a_gGsqqtkAyvc2bC8VRCDe0pNUyw
play-lh.googleusercontent.com/ 204 KB
204 KB 222ms
194ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/HzVBjS7CstxtAEmqu9Ie84lsS-MC3czs6sBNxh_a_gGsqqtkAyvc2bC8VRCDe0pNUyw

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e866202c7cd97ca18ec2427347648fc7f59ec50083cfa249f50ee42b72d26bc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 208987
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 bHfA94nZDBR7blbxgsYaLAsLmjSRn7MOJizd60cu56qNhsaVDXWA5eQkIsRs6O5ZOfY
play-lh.googleusercontent.com/ 169 KB
169 KB 134ms
107ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/bHfA94nZDBR7blbxgsYaLAsLmjSRn7MOJizd60cu56qNhsaVDXWA5eQkIsRs6O5ZOfY

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ac90aaa0a780549fc9faadcf2182fe5b0d6b769a585e8945cfff3612c29e055b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 172569
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 xegUjDAPW8G8QP_7Qfy1ATO_J5yvOx2HYc4mw2A-tNPn-0Ae85u-U2PdYZoZ0AN3JkU
play-lh.googleusercontent.com/ 158 KB
158 KB 271ms
244ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/xegUjDAPW8G8QP_7Qfy1ATO_J5yvOx2HYc4mw2A-tNPn-0Ae85u-U2PdYZoZ0AN3JkU

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e33df0d2cac5e19b7b65ec902963483c307594d39cde9bcb8b08838ea1d3d53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 161771
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 MMPH1Z-o6OyE4JKGIImzfoayyJ2D3TRzhMsp0YJid0uPuYZvw9KQ7Tf2ht1zr2B3Xg
play-lh.googleusercontent.com/ 274 KB
274 KB 65ms
37ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/MMPH1Z-o6OyE4JKGIImzfoayyJ2D3TRzhMsp0YJid0uPuYZvw9KQ7Tf2ht1zr2B3Xg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88580ca2e0450c557fc225dbd5cc74cf747c36f74c2f2dfc8b898bd4052ba33b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 280090
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 AWpGt-Uy9tTkbd5SljdcS-KSdJcRgiTgRjqXZpLc5kSgvStsYTjmH3AfwdQ_bQ6-GYo
play-lh.googleusercontent.com/ 152 KB
152 KB 209ms
183ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/AWpGt-Uy9tTkbd5SljdcS-KSdJcRgiTgRjqXZpLc5kSgvStsYTjmH3AfwdQ_bQ6-GYo

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

081739c8430afe817f3eb0e1af50b5642a758fdd4375ce4326af5786421432b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156000
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 nSlh_Bg-paIhpyqp0EG3uk_w-U94vM-ehAdwDHxqpNt59-ACezUf6BI-Lux7Qg721PE
play-lh.googleusercontent.com/ 159 KB
159 KB 226ms
201ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/nSlh_Bg-paIhpyqp0EG3uk_w-U94vM-ehAdwDHxqpNt59-ACezUf6BI-Lux7Qg721PE

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a6f91b2c590d6df86780df4f601e4663422109c72235afeb5d2dd5ba9cbed261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162887
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 Iw5znf8hs7tjxAcVhg3sGn2hQ9d4aNA9DpjKurfoKurYFX2DI-VhsnFKedrf6pQCDA
play-lh.googleusercontent.com/ 151 KB
151 KB 207ms
181ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/Iw5znf8hs7tjxAcVhg3sGn2hQ9d4aNA9DpjKurfoKurYFX2DI-VhsnFKedrf6pQCDA

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

56090af142d1c36fb5a7ce70ba62303740c4efe24acc1dfe2941ec4d94fb0c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154264
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 aWyZ-yAvUNKN03DvGrI01CnPcu21XApB01_aia8Kv5S-8LqEkVc_wO4xo_Pu3kgjq9g
play-lh.googleusercontent.com/ 141 KB
141 KB 223ms
196ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/aWyZ-yAvUNKN03DvGrI01CnPcu21XApB01_aia8Kv5S-8LqEkVc_wO4xo_Pu3kgjq9g

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

373fa838ff5b13149d2c6dd3af907d1d50948f0d16142cc683287f5cb482fa7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144533
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 1pVK7XmokWQRuFIoe85in5RFuNf8C_7xeGw0Q-LfsZXaM9kLrjpqVsscch-ZkrY1L-s
play-lh.googleusercontent.com/ 204 KB
204 KB 200ms
174ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/1pVK7XmokWQRuFIoe85in5RFuNf8C_7xeGw0Q-LfsZXaM9kLrjpqVsscch-ZkrY1L-s

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e866202c7cd97ca18ec2427347648fc7f59ec50083cfa249f50ee42b72d26bc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 208987
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 5oacLfdL9T359WwZ7iAeFLLCa9AiaHQV-GX6tffjJzL6UQWN3DAl6aYz9Sx9vBpIGoo
play-lh.googleusercontent.com/ 169 KB
169 KB 109ms
83ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/5oacLfdL9T359WwZ7iAeFLLCa9AiaHQV-GX6tffjJzL6UQWN3DAl6aYz9Sx9vBpIGoo

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ac90aaa0a780549fc9faadcf2182fe5b0d6b769a585e8945cfff3612c29e055b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 172569
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 BvnockcDcbVzBP6b58Hj1WFJ9f1WXv4jBmMAyXbk0QvFHsKHDMRL6N1a49szb-5USg
play-lh.googleusercontent.com/ 158 KB
158 KB 227ms
201ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/BvnockcDcbVzBP6b58Hj1WFJ9f1WXv4jBmMAyXbk0QvFHsKHDMRL6N1a49szb-5USg

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

e33df0d2cac5e19b7b65ec902963483c307594d39cde9bcb8b08838ea1d3d53a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 161771
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 06 Mar 2022 16:51:58 GMT

GET
H3 200 uQ21S1l3wu1R4wC8t5meJKVg7zU9bKZRRfkjSM8w0ohONgDiJ7Ui5J80HnSKKCtTfRJy
play-lh.googleusercontent.com/ 274 KB
274 KB 278ms
252ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/uQ21S1l3wu1R4wC8t5meJKVg7zU9bKZRRfkjSM8w0ohONgDiJ7Ui5J80HnSKKCtTfRJy

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

88580ca2e0450c557fc225dbd5cc74cf747c36f74c2f2dfc8b898bd4052ba33b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 280090
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 06 Mar 2022 16:51:58 GMT

GET
H3 200 YFbz1wofEXHeym2WQ27Ll8rfnbJzh5NWDS052JgQv33VOmhdpgkMt_PDX3HPxj63hvY
play-lh.googleusercontent.com/ 152 KB
152 KB 204ms
178ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/YFbz1wofEXHeym2WQ27Ll8rfnbJzh5NWDS052JgQv33VOmhdpgkMt_PDX3HPxj63hvY

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

081739c8430afe817f3eb0e1af50b5642a758fdd4375ce4326af5786421432b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 156000
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 oE0Js3aGXGf0MraRYjetR3qmtxDwWeIm4CXgN5pSlodBDs-HIFdsLHNiMWNdZquEvtph
play-lh.googleusercontent.com/ 159 KB
159 KB 241ms
216ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/oE0Js3aGXGf0MraRYjetR3qmtxDwWeIm4CXgN5pSlodBDs-HIFdsLHNiMWNdZquEvtph

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

a6f91b2c590d6df86780df4f601e4663422109c72235afeb5d2dd5ba9cbed261

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 162887
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 icCd-oCtS3mviNPYbXBBIU3Hv7ImEwL0dwGQYo7NNLVv9T3ledq2lEcPmt7ha9oF8w
play-lh.googleusercontent.com/ 151 KB
151 KB 270ms
245ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/icCd-oCtS3mviNPYbXBBIU3Hv7ImEwL0dwGQYo7NNLVv9T3ledq2lEcPmt7ha9oF8w

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

56090af142d1c36fb5a7ce70ba62303740c4efe24acc1dfe2941ec4d94fb0c0a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="unnamed.png"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 154264
x-xss-protection: 0
expires: Tue, 15 Mar 2022 09:14:02 GMT

GET
H3 200 nkmxvrIbovDKxDKsz4ybsNtzZjvNnvAe8AVZJg1wzHguSIUqZwdSMEFI1vQZv2bLexan
play-lh.googleusercontent.com/ 141 KB
141 KB 222ms
197ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/nkmxvrIbovDKxDKsz4ybsNtzZjvNnvAe8AVZJg1wzHguSIUqZwdSMEFI1vQZv2bLexan

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

373fa838ff5b13149d2c6dd3af907d1d50948f0d16142cc683287f5cb482fa7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
age: 0
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 144533
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Fri, 11 Mar 2022 09:12:39 GMT

GET
H3 200 0cirAtW1NSVNXDMvbvyvHmCoT_aPQ39tc1wm3CNUZk7Wmiu2TTa4BLmMRPq6N8nh4w=w16
play-lh.googleusercontent.com/ 620 B
645 B 51ms
27ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/0cirAtW1NSVNXDMvbvyvHmCoT_aPQ39tc1wm3CNUZk7Wmiu2TTa4BLmMRPq6N8nh4w=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4eaad5028b82a89fd08b03ab334b267e51797026c4adb0b71aa96e913913c9ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:13:39 GMT
x-content-type-options: nosniff
age: 3623
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 620
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 15 Mar 2022 02:54:32 GMT

GET
H3 200 yvRPtKhNJesTz6m7-r1EZ1QHDzfr2hx0dxS10TlGzLwImUyHw746Eg9cwbUnKiTFLg_9=w16
play-lh.googleusercontent.com/ 814 B
839 B 57ms
32ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/yvRPtKhNJesTz6m7-r1EZ1QHDzfr2hx0dxS10TlGzLwImUyHw746Eg9cwbUnKiTFLg_9=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

153d00d39b4af16e1dfb6ef30a482a5274d8478f3719c0beb4e6b20dd8f6e70c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 814
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 aIdpRQbfiHM2fZ5d1ywKfS85XLHKn_BduJCY6YPEE2u0DRAJEbGgbluZbgDDlFR5aGI=w16
play-lh.googleusercontent.com/ 4 KB
4 KB 57ms
32ms Image
image/jpeg 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/aIdpRQbfiHM2fZ5d1ywKfS85XLHKn_BduJCY6YPEE2u0DRAJEbGgbluZbgDDlFR5aGI=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

51ecd26b92c8cdf28b9e49416917ea85b85ac471e64a2a97b62081ece3e8ac12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3704
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 rW9h7HC1s_KQmHMQihhQE8-QLoCcbdTMkW2UTbIn2gzrl6nfRtSBUqBT7qMsi8621w=w16
play-lh.googleusercontent.com/ 654 B
679 B 52ms
28ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/rW9h7HC1s_KQmHMQihhQE8-QLoCcbdTMkW2UTbIn2gzrl6nfRtSBUqBT7qMsi8621w=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8634bb73f7abf77727ba3422879ac3c382330db044b7edf4bc993589984fed25

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 654
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 aXVwHjGZWrGP5isAhQqCUXp_EeazWeQ_cr94rIDzLQ6owDeMjWuti44LO8UfJC3c5E0=w16
play-lh.googleusercontent.com/ 825 B
850 B 55ms
30ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/aXVwHjGZWrGP5isAhQqCUXp_EeazWeQ_cr94rIDzLQ6owDeMjWuti44LO8UfJC3c5E0=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

52dc02379fad545d3153e0ae2ef5db0db4cdf242c81d4dc3e5617bcf29adbd22

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 825
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 4JLBEf5xRB17BCVWI_lMx1Q0wb9MVZqMcxX3TV2UFpJYp9A1fKOTdA8zN-oeB0fgMp80=w16
play-lh.googleusercontent.com/ 768 B
793 B 54ms
29ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/4JLBEf5xRB17BCVWI_lMx1Q0wb9MVZqMcxX3TV2UFpJYp9A1fKOTdA8zN-oeB0fgMp80=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

964a10f7ccf077c14f2d284968f9280c858d7c2f63a368d6ec4b542c86acd1b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 768
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 o3qksguXJhOjMT70sckzkcDwHbd6OCFV2hbAKpGWTdLjqhU3JmmF18TOdJ8u4BAkxw=w16
play-lh.googleusercontent.com/ 688 B
713 B 52ms
27ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/o3qksguXJhOjMT70sckzkcDwHbd6OCFV2hbAKpGWTdLjqhU3JmmF18TOdJ8u4BAkxw=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

8a33118fd2643b9c74929a98ef8a371a0294f55772861bd2535dbe82706f3cf2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 688
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 LkbZkE_ykExyBc2cXpSkP-BMvc7PL3NtoGeYzo7WdAcZZI1GoJTm4a9tzSnP5dB22kEs=w16
play-lh.googleusercontent.com/ 459 B
484 B 54ms
29ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/LkbZkE_ykExyBc2cXpSkP-BMvc7PL3NtoGeYzo7WdAcZZI1GoJTm4a9tzSnP5dB22kEs=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4e01b78a49120236ba43f197dd7cddfd52b038aac2e96cb119ec3d80b9f8e1b7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 459
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 NRX1AknhHBenY-SlaCdW1C9vqs9kQVF7mUDmdcgmkOO5wJrwMgkP6C7pyPQjLkaBIGE=w16
play-lh.googleusercontent.com/ 667 B
692 B 51ms
26ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/NRX1AknhHBenY-SlaCdW1C9vqs9kQVF7mUDmdcgmkOO5wJrwMgkP6C7pyPQjLkaBIGE=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

1ffbc15c6fa9a7320f4637cb6d72866831896a649a8a7bcc7cb84f59abe1cf46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 667
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

GET
H3 200 EEBdQJW-lIpBdXNp5mBeIeS6UBRQfkefpkYnbTIbMY_FijtKgOd_mwuD-faxGAz0ha0=w16
play-lh.googleusercontent.com/ 702 B
727 B 57ms
32ms Image
image/png 2a00:1450:4001:82f::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://play-lh.googleusercontent.com/EEBdQJW-lIpBdXNp5mBeIeS6UBRQfkefpkYnbTIbMY_FijtKgOd_mwuD-faxGAz0ha0=w16

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

2aeff6ec3388af6499e38871e81b02311bfb40c7216a75ecbf1eccd8231e02c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 06:52:20 GMT
x-content-type-options: nosniff
age: 8502
content-disposition: inline;filename="unnamed.png"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 702
x-xss-protection: 0
server: fife
etag: "v1"
vary: Origin
content-type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Sun, 13 Mar 2022 04:49:19 GMT

OPTIONS
H2 200 init
api.purpleads.io/x/ Frame 0
0 343ms
102ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1647249242324
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 6b5b5afb-a2a6-4f43-8cba-9518c28f6a0f

GET
H2 200 init Show response
api.purpleads.io/x/ 68 B
358 B 314ms
110ms Fetch
application/json 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/init?ts=1647249242324
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: 587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
etag: W/"44-Pm5SJt3t2KI5gMvsRd3GV+dxT2U"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
content-length: 68
x-request-id: 14c8739d-8c69-470d-990e-a2733e32b94d

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 55ms
29ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=1060281546&t=pageview&_s=1&dl=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.terribletoybox.thimbleweedparkandroid&ul=en-us&de=UTF-8&dt=Thimbleweed%20Park%20-%20Android%20App&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=2001773111&gjid=439223204&cid=250819088.1647249242&tid=UA-123511935-10&_gid=1423834813.1647249242&_r=1&_slc=1&z=1630558362

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:02 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://nets4.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 550j6zn5gn Show response
www.clarity.ms/tag/ 730 B
1 KB 196ms
121ms Script
application/x-javascript 2620:1ec:27::cafe:2250
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/550j6zn5gn
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:2250 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: 0c3ef0fe1d5c711af4c60a08deade283176a3d383c685e4738bc7ac836201658

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:01 GMT
x-powered-by: ASP.NET
x-azure-ref: 0WgcvYgAAAABgZMMcYDzhRacuxfl9QsMJQlJVMzBFREdFMDcxNQA2Y2ZiZWVlMC01MDI3LTQ4NGItODk2Ny00YTI5YWY3N2YxZTE=
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
content-length: 730
expires: -1

GET
H2 200 sm.22.html Show response
static.addtoany.com/menu/ Frame 4342 278 B
327 B 79ms
32ms Document
text/html 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/sm.22.html

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-type: text/html; charset=utf-8
via: e3s
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
last-modified: Tue, 28 Sep 2021 21:02:23 GMT
etag: W/"116-5cd1487afaaea"
cache-control: max-age=315360000, immutable
vary: Accept-Encoding
cf-cache-status: HIT
age: 1190086
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 6ebbe5961e949bb6-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
DATA 200
OK truncated
/ 34 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 icons.29.svg.js Show response
static.addtoany.com/menu/svg/ 78 KB
33 KB 62ms
29ms Script
application/javascript 2606:4700:10::6816:46c5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.addtoany.com/menu/svg/icons.29.svg.js

Requested by

Host: nets4.com
URL: https://nets4.com/assets/js/sharebutton.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:46c5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
via: e1s
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1190000
p3p: CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT"
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 31 Dec 2018 23:29:11 GMT
server: cloudflare
etag: W/"13937-57e59c7b88bd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=315360000, immutable
cf-ray: 6ebbe5961e989bb6-FRA
cf-bgj: minify

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 363ms
160ms Fetch
application/json 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=0d0de12861734c4991bca67276155900&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=998dd22a-8ce6-444c-a830-06783798b206&ts=1647249242546
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: d6f5f18739f0283839c99bbf200d7fadbee9ee2917ee0a5124a96380a5e9eb36

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: gzip
etag: W/"237e-7EGJEKJZFT9fOjVQ63B1EZ6AFsY"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 9a51abc5-94c6-43a1-a38d-07756f18af26

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 122ms
103ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=0&pid=0d0de12861734c4991bca67276155900&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=998dd22a-8ce6-444c-a830-06783798b206&ts=1647249242546
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: e607cccc-8e6b-4e71-b9df-d7bc334e230f

GET
H2 200 clarity.js Show response
e.clarity.ms/s/0.6.32/ 53 KB
23 KB 325ms
105ms Script
application/javascript 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/s/0.6.32/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/550j6zn5gn
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:02 GMT
content-encoding: br
etag: "1d8314040aa9e90"
last-modified: Sun, 06 Mar 2022 09:55:04 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?CtsSyncId=780FEF7CD05B4E369C4E72E96A72364F&RedC=c.clarity.ms&MXFR=39472C949A7C657B2A1A3DF39E7C6B4B
https://c.clarity.ms/c.gif?CtsSyncId=780FEF7CD05B4E369C4E72E96A72364F&MUID=13F0BFBB2F5C63AB2DB4AEDC2E8E624F

42 B
370 B

37ms
37ms

Image
image/gif

52.142.114.2
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?CtsSyncId=780FEF7CD05B4E369C4E72E96A72364F&MUID=13F0BFBB2F5C63AB2DB4AEDC2E8E624F
Protocol: H2
Server: 52.142.114.2 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:02 GMT
last-modified: Mon, 28 Feb 2022 22:29:30 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "7c5ed6a6f22cd81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:03 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: A1F770508CC948DBADDB8CE974FDF7CA Ref B: FRAEDGE1214 Ref C: 2022-03-14T09:14:03Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?CtsSyncId=780FEF7CD05B4E369C4E72E96A72364F&MUID=13F0BFBB2F5C63AB2DB4AEDC2E8E624F
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ 360 KB
142 KB 64ms
19ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://nets4.com/
Origin: https://nets4.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:02:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 09:02:03 GMT

POST
H2 200 rum Show response
cloudflareinsights.com/cdn-cgi/ 0
77 B 38ms
37ms XHR
text/plain 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
content-type: application/json

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 6ebbe599bc6c693f-FRA
vary: Origin

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame A488 80 KB
28 KB 77ms
34ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

afb59150a1f7f411de7c7d466c4bad4ebcfbc29a7312e514a6eeb8161b5176fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27710
x-xss-protection: 0
server: sffe
etag: "1158 / 65 of 1000 / last-modified: 1647247304"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 09:14:03 GMT

OPTIONS
H2 200 rum
cloudflareinsights.com/cdn-cgi/ Frame 0
0 70ms
20ms Preflight
text/plain 2606:4700::6810:5e41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cloudflareinsights.com/cdn-cgi/rum

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5e41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-type: text/plain
access-control-allow-origin: https://nets4.com
access-control-allow-methods: POST,OPTIONS
access-control-allow-headers: Content-Type
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 6ebbe5998c0f693f-FRA
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip

GET
H3 200 pica.js
nets4.com/cdn-cgi/challenge-platform/h/g/scripts/ 25 KB
9 KB 32ms
32ms Other
text/javascript 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 93d3df6d6c78d7d717c43224af26d76263567f7367465190551daf278e96bbfe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QItTfkYSSF1AfJqO7IMfI96ETqhx%2BXtzyMT8Nqn5V2JkjeuwmLDp6OH3E03uFn%2BybIdgAbuAAMZLNTzZ4WP%2BvjBnkfvcJ%2BLcfydPkbgcqgJfzkqswZSAGp8OtRDL784pfWWM2B2Vt%2FI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=604800, public
x-control-type-options: nosniff
cf-ray: 6ebbe5998dc6690a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 102ms
100ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=0d0de12861734c4991bca67276155900&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=d4eb9ba4-a931-43b3-b88d-2660a56a615d&ts=1647249243134
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 25136314-0846-4334-9355-0c39dd3d39ab

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 102ms
101ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=0d0de12861734c4991bca67276155900&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=b7e444de-4305-4738-83e9-a4b625ea11b8&ts=1647249243135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 872e26c1-3938-4a14-aa12-033de6562c6e

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 105ms
104ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=0d0de12861734c4991bca67276155900&sizes=[[200,200],[250,250]]&slotid=81e940bd-0a44-4a8a-b358-0937c37bcc84&ts=1647249243135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 1e09757f-c806-4952-97ef-9970bca880cf

OPTIONS
H2 200 /
api.purpleads.io/x/b/ Frame 0
0 103ms
103ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=0d0de12861734c4991bca67276155900&sizes=[[200,200],[250,250]]&slotid=50c22daa-e0b9-4ed6-bb8c-59b3e9637e1b&ts=1647249243135
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: ec2f8a82-0551-4406-8f09-aed216e7994b

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 229ms
228ms Fetch
application/json 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=1&pid=0d0de12861734c4991bca67276155900&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=d4eb9ba4-a931-43b3-b88d-2660a56a615d&ts=1647249243134
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: 62760269c62541e5b1720abc27e59262e9c375a1b0488f11df70fd504078431b

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
etag: W/"242e-Btz2s/8J9ZfQEZ7jjkkBt8JFrLs"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: d7959960-65b3-4743-96cf-a19543d76c07

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 133ms
133ms Fetch
application/json 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=2&pid=0d0de12861734c4991bca67276155900&sizes=[[728,90],[468,60],[200,200],[320,100],[320,50],[300,100]]&slotid=b7e444de-4305-4738-83e9-a4b625ea11b8&ts=1647249243135
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: 5f566f69e8fba0d89e04a3fc479dc036b337179333270ab01811550b8579e8ba

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
etag: W/"237e-4jUHHnD6WCHjNNt9TTzxJp7Tgh0"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 247a1991-119e-422f-873c-5c54551d241e

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 125ms
125ms Fetch
application/json 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=3&pid=0d0de12861734c4991bca67276155900&sizes=[[200,200],[250,250]]&slotid=81e940bd-0a44-4a8a-b358-0937c37bcc84&ts=1647249243135
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: 43ca6796dc60160d76a7770ff3c989a0be6b5f45cd8dd4f32b2dbabc1f9d1173

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
etag: W/"2409-cuJylS/pBuQlesInf0mC9eutlcU"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: 31451987-3728-4b7a-bdaf-79abfd332ce5

GET
H2 200 / Show response
api.purpleads.io/x/b/ 9 KB
2 KB 165ms
165ms Fetch
application/json 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/b/?idx=4&pid=0d0de12861734c4991bca67276155900&sizes=[[200,200],[250,250]]&slotid=50c22daa-e0b9-4ed6-bb8c-59b3e9637e1b&ts=1647249243135
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: 3ce62b1bae80928fb5cd858d3d5bfc0717270cb07abd0b8fb32f6eeced953499

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
etag: W/"2409-WWwFYQEN/qW8lHFOICUzMt4f4QM"
vary: Accept-Encoding
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
x-request-id: e9b09f31-1655-4ea2-893c-8111a20eaa09

POST
H2 204 collect Show response
e.clarity.ms/ 0
65 B 318ms
317ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: e.clarity.ms
URL: https://e.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:02 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 1191 43 KB
22 KB 94ms
59ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=fvbe5uslgiw1

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

885bfee521e4f60315f393a2e5fc01e059a66ba7e747da708cf377f025f8b033

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RbjIQpRzWNxJ9Me+zVduow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-RbjIQpRzWNxJ9Me+zVduow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 22738
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2022030801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame A488 358 KB
121 KB 44ms
17ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

c00983dee008b49458960478c1cb482043faa725f62c00717915fabddb69bfa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123897
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 09:34:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 08:29:23 GMT

POST
H3 200 6ebbe58f2ba7900d Show response
nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/ 2 B
686 B 48ms
47ms XHR
text/plain 2a06:98c1:3120::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/cv/result/6ebbe58f2ba7900d
Requested by: Host: nets4.com
URL: https://nets4.com/cdn-cgi/challenge-platform/h/g/scripts/invisible.js?ts=1647248400
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a06:98c1:3120::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 6ebbe59bb968690a-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2F0Kcudoh4pTuDXfQN%2BwNmyC5d8oWTIcK0VXiczAAVw%2FjlHITh2qzF%2B%2F10mVal7TA28LeaIN0LO%2F7UF4SrZC9eeBeBxBJr7gQCQiXFtBBKbbBI34Nv3mrdu28s8Rq0dkjLaIy%2FMrZZg%3D"}],"group":"cf-nel","max_age":604800}

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 1191 51 KB
24 KB 46ms
19ms Stylesheet
text/css 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=fvbe5uslgiw1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 15:26:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 15:26:16 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 1191 360 KB
142 KB 43ms
18ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:02:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 09:02:03 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 24BA 80 KB
27 KB 27ms
26ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

afb59150a1f7f411de7c7d466c4bad4ebcfbc29a7312e514a6eeb8161b5176fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27710
x-xss-protection: 0
server: sffe
etag: "1158 / 937 of 1000 / last-modified: 1647247304"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame EDB5 80 KB
27 KB 29ms
29ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

afb59150a1f7f411de7c7d466c4bad4ebcfbc29a7312e514a6eeb8161b5176fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27710
x-xss-protection: 0
server: sffe
etag: "1158 / 129 of 1000 / last-modified: 1647247304"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame B7B5 80 KB
27 KB 32ms
32ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

afb59150a1f7f411de7c7d466c4bad4ebcfbc29a7312e514a6eeb8161b5176fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27710
x-xss-protection: 0
server: sffe
etag: "1158 / 335 of 1000 / last-modified: 1647247304"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 327A 80 KB
27 KB 37ms
36ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

afb59150a1f7f411de7c7d466c4bad4ebcfbc29a7312e514a6eeb8161b5176fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27710
x-xss-protection: 0
server: sffe
etag: "1158 / 76 of 1000 / last-modified: 1647247304"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame A488 61 KB
23 KB 17ms
17ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

62ab857ca9839ee735919642d7a9af19237b879c0f81bf2124679a1ddf68b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:21:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3137
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23343
x-xss-protection: 0
server: cafe
etag: 5785843725437630539
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Mar 2022 09:21:46 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ Frame A488 107 B
792 B 73ms
28ms Script
application/javascript 2a00:1450:4001:803::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame A488 107 B
549 B 71ms
26ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame A488 17 KB
9 KB 334ms
334ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=4263479940061606&correlator=1035086554943419&eid=31065486%2C31061691%2C31061692&output=ldjh&gdfp_req=1&vrg=2022030801&ptt=17&impl=fifs&sc=1&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=471609500&sfv=1-0-38&ecs=20220314&fsapi=false&eri=4&cookie_enabled=1&abxe=1&dt=1647249243539&dlt=1647249243095&idt=424&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=389&ucis=e4spx0vyarwl&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.terribletoybox.thimbleweedparkandroid&top=nets4.com&rumc=4263479940061606&rume=1&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=250819088.1647249242&ga_sid=1647249244&ga_hid=774699812&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

9e93b3f6fe5f98af593270e0d8496a56b88d5cece13a004fa76d937df28ade70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8865
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame A488 13 KB
11 KB 77ms
32ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1d5e00204f4ea630c533911008ce178f57171178f730d0d62652ad0b94b9e538

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10471
x-xss-protection: 0

GET
H2 200 container.html Show response
bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E273 6 KB
4 KB 106ms
27ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 pubads_impl_2022030801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 327A 358 KB
121 KB 17ms
17ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

c00983dee008b49458960478c1cb482043faa725f62c00717915fabddb69bfa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123897
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 09:34:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 08:29:23 GMT

GET
H3 200 pubads_impl_2022030801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame B7B5 358 KB
121 KB 19ms
19ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

c00983dee008b49458960478c1cb482043faa725f62c00717915fabddb69bfa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123897
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 09:34:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 08:29:23 GMT

GET
H3 200 pubads_impl_2022030801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame 24BA 358 KB
121 KB 21ms
21ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

c00983dee008b49458960478c1cb482043faa725f62c00717915fabddb69bfa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123897
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 09:34:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 08:29:23 GMT

GET
H3 200 pubads_impl_2022030801.js Show response
securepubads.g.doubleclick.net/gpt/ Frame EDB5 358 KB
121 KB 28ms
28ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

sffe /

Resource Hash

c00983dee008b49458960478c1cb482043faa725f62c00717915fabddb69bfa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:29:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2680
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 123897
x-xss-protection: 0
last-modified: Tue, 08 Mar 2022 09:34:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Tue, 14 Mar 2023 08:29:23 GMT

GET
H2 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A488 0
442 B 81ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=ama_stats&su=nets4.com&doc=complete&pg_h=93&pg_w=729&pg_hs=93&c=0&aa_c=0&d=0&all_d=0&ard=0&all_ard=0&dt=d

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame A488 0
327 B 547ms
191ms Ping
image/gif 2607:f8b0:4007:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~l0qho2wg&c=4263479940061606&e=31065486%2C31061691%2C31061692&ctx=1&met.9=1.4s~2.bs~9.0~3_1.cg~7_1.0&met.10=1_1.IMcDEAAIABiAmHUoAQ&met.1=1.l0qho2jb~14.4~15.0~16.4~17.4~18.4~19.4~20.4~21.4~22.t~23.t&met.3=113.d6_1~112.d5_2
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4007:816::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 1191 102 B
134 B 27ms
27ms Other
text/javascript 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f98ff8ab059bdef9ea7fe9165a4e74fce15166abdbb8dd25307b7b7d9ac26ddd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD&co=aHR0cHM6Ly9uZXRzNC5jb206NDQz&hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&size=normal&cb=fvbe5uslgiw1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
content-security-policy: frame-ancestors 'self'
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 112
x-xss-protection: 1; mode=block
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame A488 17 KB
7 KB 80ms
34ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 327A 107 B
122 B 57ms
29ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 327A 107 B
122 B 55ms
29ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 327A 18 KB
9 KB 563ms
563ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=3057188931031487&correlator=2843487297567486&output=ldjh&gdfp_req=1&vrg=2022030801&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=4203880072&sfv=1-0-38&ecs=20220314&fsapi=false&eri=4&cookie_enabled=1&abxe=1&dt=1647249243671&dlt=1647249243504&idt=160&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=1385&ucis=koojh7a0w4ch&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.terribletoybox.thimbleweedparkandroid&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=250819088.1647249242&ga_sid=1647249244&ga_hid=1605789339&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

7d4ac426d72c5e5428fce340a7a4326e95ef664b36070f58e3fc77ecffba86af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9201
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 327A 14 KB
10 KB 57ms
31ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5a396256710df1413396ccb6403e17cecfdb7f0fc80a4a85af4c1f8ab41165d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10622
x-xss-protection: 0

GET
H2 200 container.html Show response
c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7340 6 KB
3 KB 58ms
25ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame B7B5 107 B
122 B 27ms
27ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame B7B5 107 B
122 B 25ms
25ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame B7B5 45 KB
11 KB 304ms
304ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2849320462233273&correlator=166365211115392&eid=31060889%2C44758228&output=ldjh&gdfp_req=1&vrg=2022030801&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=200x200%7C250x250&ifi=1&adks=2211438825&sfv=1-0-38&ecs=20220314&fsapi=false&eri=4&cookie_enabled=1&abxe=1&dt=1647249243714&dlt=1647249243498&idt=210&biw=1600&bih=1200&isw=200&ish=200&oid=2&adxs=1128&adys=1283&ucis=cbvbeh37j9n8&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.terribletoybox.thimbleweedparkandroid&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=200x198&msz=200x0&fws=256&ohw=0&ea=0&ga_vid=250819088.1647249242&ga_sid=1647249244&ga_hid=312415235&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

b3eb10c5b352738c896a94524d5f151bc98aa7972d8624027a0465a8ad9945fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11068
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
access-control-expose-headers: x-google-amp-ad-validated-version
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame B7B5 14 KB
10 KB 31ms
31ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

eca8e8e2f07d1010b65e0da46357c9c471f2af7215b989ed6088e4cee7577061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10498
x-xss-protection: 0

GET
H2 200 container.html Show response
87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 22BD 6 KB
3 KB 49ms
25ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame EDB5 107 B
122 B 29ms
28ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame EDB5 107 B
122 B 28ms
27ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame EDB5 17 KB
9 KB 214ms
214ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=975772244215284&correlator=1866968337670303&eid=31065294%2C31065486&output=ldjh&gdfp_req=1&vrg=2022030801&ptt=17&impl=fifs&sc=1&iu_parts=21902364955%3A22652385948%2Ccm_pu_nets4.com_technology_and_computing_top%2Ccm_pu_nets4.com_technology_and_computing_btf_banner&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=728x90%7C468x60%7C200x200%7C320x100%7C320x50%7C300x100&ifi=1&adks=471609500&sfv=1-0-38&ecs=20220314&fsapi=false&eri=4&cookie_enabled=1&abxe=1&dt=1647249243726&dlt=1647249243491&idt=230&biw=1600&bih=1200&isw=728&ish=90&oid=2&adxs=294&adys=2313&ucis=bd03u8l318ii&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.terribletoybox.thimbleweedparkandroid&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=728x0&msz=728x0&fws=256&ohw=0&ea=0&ga_vid=250819088.1647249242&ga_sid=1647249244&ga_hid=1787645731&ga_fc=true&btvi=1&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

dc3754a72ca7c6be59d02b3f13e431ceb5d6c6bc8e965e7c3f12928ebb609da7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8813
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame EDB5 14 KB
10 KB 33ms
33ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a1b337d9b6e14dd8cb3464a28a86e107ae74ebcf2fce58f9e0ecaf493465a6a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10538
x-xss-protection: 0

GET
H2 200 container.html Show response
ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0DE5 6 KB
3 KB 55ms
27ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 integrator.js Show response
adservice.google.de/adsid/ Frame 24BA 107 B
122 B 32ms
31ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 24BA 107 B
122 B 26ms
25ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=nets4.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 24BA 15 KB
8 KB 356ms
356ms XHR
text/plain 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=231340852023047&correlator=750186865736265&output=ldjh&gdfp_req=1&vrg=2022030801&ptt=17&impl=fif&sc=1&iu_parts=22178702878%2Cpurpleapl%2Callsizesv2&enc_prev_ius=%2F0%2F1%2F2&prev_iu_szs=200x200%7C250x250&ifi=1&adks=2211438825&sfv=1-0-38&ecs=20220314&fsapi=false&eri=4&cookie_enabled=1&abxe=1&dt=1647249243740&dlt=1647249243481&idt=251&biw=1600&bih=1200&isw=200&ish=200&oid=2&adxs=1128&adys=255&ucis=kw88xxspmatt&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nhd=1&url=https%3A%2F%2Fnets4.com%2Fandroid-apps%2Fcom.terribletoybox.thimbleweedparkandroid&top=nets4.com&frm=23&vis=1&scr_x=0&scr_y=0&psz=200x198&msz=200x0&fws=256&ohw=0&ea=0&ga_vid=250819088.1647249242&ga_sid=1647249244&ga_hid=459192366&ga_fc=true&btvi=0&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

eb80cf04629e90757b77bb4b0a4c19b149b9de6d31a5fcf63eb47c411ce60c18

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8440
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://nets4.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 24BA 13 KB
10 KB 42ms
42ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022030801&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7429a87c0b98d5cb5eae40cf640475d18fda8d0c33be2185bfeb8a75459be075

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10436
x-xss-protection: 0

GET
H2 200 container.html Show response
e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame CCC8 6 KB
3 KB 55ms
25ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 bframe Show response
www.google.com/recaptcha/api2/ Frame 2BB0 7 KB
1 KB 30ms
30ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3671ee896a4443456a3a3f02218b9a67dd83f4378689b08f0bd58bf4f4a4dd1c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RnqFJtC/XMshlQbWFLB5gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
content-security-policy: script-src 'report-sample' 'nonce-RnqFJtC/XMshlQbWFLB5gg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 1110
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 327A 17 KB
6 KB 79ms
51ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame B7B5 17 KB
6 KB 73ms
52ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame EDB5 17 KB
6 KB 57ms
36ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 24BA 17 KB
6 KB 75ms
55ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:03 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9CCF 13 KB
5 KB 34ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:48:15 GMT
expires: Tue, 14 Mar 2023 08:48:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1548
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame CCF4 783 B
535 B 28ms
28ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0d9e01b9d5e699b7447166133743777420aedd02befd2cc7afcf7f9d19e517fd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-H7q+NxA+Q144lCXiEpYD2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Mar 2022 09:14:03 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-H7q+NxA+Q144lCXiEpYD2g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 2BB0 51 KB
24 KB 19ms
18ms Stylesheet
text/css 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 15:26:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 236867
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24237
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 11 Mar 2023 15:26:16 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/ Frame 2BB0 360 KB
142 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/85AXn53af-oJBEtL2o2WpAjZ/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/bframe?hl=de&v=85AXn53af-oJBEtL2o2WpAjZ&k=6LdBUMUZAAAAAK9sWAfAA-Kd5C0Y4AGlWbDlHXpD

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:02:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 720
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 145081
x-xss-protection: 0
last-modified: Mon, 07 Mar 2022 05:02:21 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 09:02:03 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame CCF4 0
0 97ms
71ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030801&jk=4263479940061606&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 9CCF 35 KB
13 KB 42ms
18ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1548
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 200 container.html Show response
bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 77AA 6 KB
3 KB 47ms
19ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/35535aad31d492c6b0057c289e2d1f57:0dec4c45495e841c6f255ee1790f35704b6004d556e0073c14e2884f2184c65ccbf5b59d0f513eeb22dacda43c03a2f19d7e366dc009cc0bc67c019fd84e6ff434c5a0df0757f7b... Frame 0
0 203ms
203ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/35535aad31d492c6b0057c289e2d1f57:0dec4c45495e841c6f255ee1790f35704b6004d556e0073c14e2884f2184c65ccbf5b59d0f513eeb22dacda43c03a2f19d7e366dc009cc0bc67c019fd84e6ff434c5a0df0757f7b0e4291596bdb4c8ebd1273cb4b304408a7b262cbc606730a132a041326433747c83bad223f1778e557c3455818d06cbc55df7e03e11c92d22b026bc62faed3096448de40b3807cb950acd9f0d19e5face3828a5e237c9d203/i?id=9a51abc5-94c6-43a1-a38d-07756f18af26&ts=1647249243897
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: a2d7a43c-9ea8-4596-9c6e-d812469afb82

GET
H2 200 i Show response
api.purpleads.io/x/a/35535aad31d492c6b0057c289e2d1f57:0dec4c45495e841c6f255ee1790f35704b6004d556e0073c14e2884f2184c65ccbf5b59d0f513eeb22dacda43c03a2f19d7e366dc009cc0bc67c019fd84e6ff434c5a0df0757f7b... 0
199 B 147ms
147ms Fetch 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/35535aad31d492c6b0057c289e2d1f57:0dec4c45495e841c6f255ee1790f35704b6004d556e0073c14e2884f2184c65ccbf5b59d0f513eeb22dacda43c03a2f19d7e366dc009cc0bc67c019fd84e6ff434c5a0df0757f7b0e4291596bdb4c8ebd1273cb4b304408a7b262cbc606730a132a041326433747c83bad223f1778e557c3455818d06cbc55df7e03e11c92d22b026bc62faed3096448de40b3807cb950acd9f0d19e5face3828a5e237c9d203/i?id=9a51abc5-94c6-43a1-a38d-07756f18af26&ts=1647249243897
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 98164342-5f6d-4a61-82e0-94c3952f540d

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7E60 13 KB
5 KB 18ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:48:15 GMT
expires: Tue, 14 Mar 2023 08:48:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1548
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame F8B2 783 B
534 B 27ms
27ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

126bd7d4d54da30dab5bd244abc46a258e4cb6233f1b9a25963c51174d8b359c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-ag4fkbxSoEt3SRfsX43y5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Mar 2022 09:14:03 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-ag4fkbxSoEt3SRfsX43y5Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame DDCB 13 KB
5 KB 18ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:48:15 GMT
expires: Tue, 14 Mar 2023 08:48:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1548
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 15DC 783 B
535 B 27ms
26ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

d8c2904353a6a46fcd06c4afcb03c62aa1fcb844a387f49b62655406ab5a10b0

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iwB6txsXcD4UTc7MOr9lYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Mar 2022 09:14:03 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-iwB6txsXcD4UTc7MOr9lYg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 91B0 13 KB
5 KB 17ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:48:15 GMT
expires: Tue, 14 Mar 2023 08:48:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1548
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 9824 783 B
537 B 26ms
26ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e92cc74b113b159bb550e56caf75cedafe95c4ba3dd37046a383f6935de3a225

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Nk24W18qj3k3thKnCTcQ5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Mar 2022 09:14:03 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Nk24W18qj3k3thKnCTcQ5A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 422A 13 KB
5 KB 18ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:48:15 GMT
expires: Tue, 14 Mar 2023 08:48:15 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 1548
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 6E2E 783 B
537 B 27ms
26ms Document
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a2040ecb8d5152c3b706b71c256083d1d4caeb49e72dcfc16c1a1f25e95ef9bb

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4Yg+PCPRGNAyYVOWCXhRwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Mon, 14 Mar 2022 09:14:03 GMT
date: Mon, 14 Mar 2022 09:14:03 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-4Yg+PCPRGNAyYVOWCXhRwA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 515
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame FF2D 6 KB
3 KB 19ms
19ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/ab4fbc28cab0c36c2e00dcc7fdf36df9:5f1130010cad5ca7039f37b780b0b9c7b0fbd6aade5e53d1c55b8036867d8bc50ade8c873ae3207f3a02311feda9bb92e95d300537004cbb81c859a1bb11096a6face860e127755... Frame 0
0 102ms
102ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/ab4fbc28cab0c36c2e00dcc7fdf36df9:5f1130010cad5ca7039f37b780b0b9c7b0fbd6aade5e53d1c55b8036867d8bc50ade8c873ae3207f3a02311feda9bb92e95d300537004cbb81c859a1bb11096a6face860e12775561dbad3a463e520ca93804f59b8d0eacb91a593c6bcacbf8f0bbd7c07fcc592077360b0e1caa06c8967dd3c190aaf92b07627b744f93d2bc9f9a2f00ad9025b7cf1184a81695120f6ee73d8e3e1440953e100c3f2cb6d9fd6/i?id=247a1991-119e-422f-873c-5c54551d241e&ts=1647249243960
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 0bd9835c-0de1-4144-9b84-1b754156ef96

GET
H2 200 i Show response
api.purpleads.io/x/a/ab4fbc28cab0c36c2e00dcc7fdf36df9:5f1130010cad5ca7039f37b780b0b9c7b0fbd6aade5e53d1c55b8036867d8bc50ade8c873ae3207f3a02311feda9bb92e95d300537004cbb81c859a1bb11096a6face860e127755... 0
199 B 138ms
136ms Fetch 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/ab4fbc28cab0c36c2e00dcc7fdf36df9:5f1130010cad5ca7039f37b780b0b9c7b0fbd6aade5e53d1c55b8036867d8bc50ade8c873ae3207f3a02311feda9bb92e95d300537004cbb81c859a1bb11096a6face860e12775561dbad3a463e520ca93804f59b8d0eacb91a593c6bcacbf8f0bbd7c07fcc592077360b0e1caa06c8967dd3c190aaf92b07627b744f93d2bc9f9a2f00ad9025b7cf1184a81695120f6ee73d8e3e1440953e100c3f2cb6d9fd6/i?id=247a1991-119e-422f-873c-5c54551d241e&ts=1647249243960
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 9aefae44-cb0e-4fdd-aed3-798e3932ec7c

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 74CD 624 B
560 B 74ms
29ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjbh_LEATAB&v=APEucNVAvD3ivnzUetS2wsdM1mgWXGSDW7UnA6FqiOHDY4ciRhZ9Fw18jYomGxe7aT_ZqdrD0tkA-qY9WnT5X1gpr4poVU6CyvdVegkd6f97hvwavgDg3jvUK2kd7cmfwfsFbk-97M3gVcYZDs7I6K8hHluROg-p_Ekq8AUYyR8MPUsSU2N2Kyk

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 09:14:04 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 77AA 88 KB
35 KB 109ms
65ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CEBL-KMpeoRH2VK8DFrM5T-vLG8zI6T9TE5MlvvJncgTfqdQ36RZ3aeKvhrYnop3D-KYiHPoE-mRs7PdFfhwWQIwOEOgOLJsbPl8UT89TMbzvgx0rnnXS7ysO1HrnWRL2C9Q57kMK_lMxtBe1vSJ_WH6YweA&dbm_d=AKAmf-D-xYE18XsaMKCEjWHl7ynCdPwQuxq4tj3lfrIfgpTZ7TIdkZ0BjKZENZpBZLyTkXRQOyRPBdRqSbwZFWLC9QsBaYhGB6OXpNels8JfIDzTYzb7hTlnkO-UguFfXRvmi59_MqSQ_N-8ERjd5VhHoQy0yKUnHwdmnZ32yoFtJxVw5WU7yzt1zPz35QMPEa9ANcNuxwzOlqPrr3-cx6kOu6ID2lB_K8IpvygFv5j0iA44eOxyrAhtX5w91H7xNGEgSEkfbGq9Jak_5jb2RUxu5u9gtgUQeaPMGImLQX4AOvmlBt28xpAIqX_U4NlgVWojpcblRMolfXnEMFwLTZ7Heue-nh9ehmRIhpMA_UdZWfCOq6n96ldoQjHJ41TYV0n6BM1pguW09aU0qgpd4Nm4eEAA8ZxPnbT4usHVI7vu4x4WjLa1Hr28csZQaBDih6-B-2mTeEQBfpHo38LqeLdmSi9pG57ms9CnE8uIq3pXF69E6uqyF9spfhpgvtLEK10Csa7jRHdewDp4TpuZZG5rRp_eaAjQqL4mTJUEXvdIE5Zem0WczUqdFm7WbHFqHzrH-G00qOs2DNF6WRv7p4IXtx3nGXCceu50eSrgAnjXl0Dz8U0-IM6pVgy499oSTvEQ62oy7wvIfpgPZ-9_Bcn7_YbnLcD_iGkhnuNbC3lGO2Ge6ANr1CcjNGMCAxB2nwh9NnTkng9H8QfeMWu5OVBToixt8vdjdJixvBmQIt42kzQhx0_WlPG2bY9hgN2K4Zqojoehr-B9r0t3rcijReFIbPsb3aqwX72_guT5jZAopqomB1qJ7uZrp2FRdKkJ6JDnxn0-6mPcfAjIFfMPReqZzntQQfFACr5Ma5KjwMyRbgkCncaVBrsoInqPY2O2_-QpwEtzn3OLhy0b2J8G9n6abAfk8QlPqFOCFGn3zX4pq75lQHeyAUaP64Q_3zTqSL2xrHIfd-QB4Ng4UL_9iH-652sUlULyrLNm7jrkZVawQLEVph4ubzbniYVeu2qAHoQhj9p1OlJNGnifuUHHW7gGvWsjjD_OtVUKTKnOtCAzDpnTaXAyTKPCiCCKBQk43Jnu2lzNPk18mX_DZfLzrjVTkl9IzqBqQ08M2NV47hnLbN7Ird9s62yayxMkBtBoAZpSd5n2hUIGBhmGGr3qRYeg29FSC2wqE9VLaGYaLkErwkWivAQAp2_AknHhkS5AxqXkiMQ_K2gJUmeCPn_1Nux2cKkNkPOjbf-sjYrBzeRajt0HNxpgbfSU2jjrAWqNOqAhIGrylVk7wm9hsQvJYuppFWSt5d3vE7AMRCKU6VmYiUCmqBBxpJGLRVto6pxDjFwU0VX6FDiprBgW0MI9rQHhoJzzZ4LWWCyW-VmMJrcKiWhzQW61OmJaCi66ag4ghG_LRhRiHXdDoDpenUysbHxFni-_Dkn7ZsufzNGkYhCCDupogvGEphoKKT8JSWArE4mhd8GsI6qIhKnutulDD_wMm21Fah131SZlJXIi0Mv2J8ZbaGuWr2NCy9-mloL9JxuQ76ElWAhQthIAL5Yk5xtP1ZXDQDzf9yC9EUkHiH0n5B-oUbM7o7HDPTlbSdktgK8X6yxv_eLKJ4ygBMGfFjxDEssXjZozMxh58SQq9canLkisjmixh57p--jA-NjokpCw6UWiMUaa9bVFXcONJYY8SVLsIy2gdtBo_0DQRiwBgaerVB6HnYFreUls3Woi-2_HEuRdHhZkQKk091co58SblLUAt4f7WcujSWYjOV-6ghVzP7jFTZiKQTx53XuUbKibrjfE6ZJ70YqrnU1plk2iquV8HNvd6sZBe7GBX8B32zp9j7Z95Re1W7Eem5zBMavGDmi-lPEF9wAc1AXjr3C2r13nnoi5vRoXL0Xan4vJWhfp5XdO_54-7YmRN7HuVhqesP5vCtB3Ik83fifCo8MbCyeRal_C6VGn1tLSmpUVSeEMC5uQmdZpMpL5cdxIBu9hW3yjYh5CWyRc6BCYtnyDT6pOApNOmdA2bz9Bi8dtkUEG45c8RVroPZdBU5MWkOI_lYzRIf3k2AnYyxv1IhpITfr_H853Sr-GPHbiuGwQikafit2SZv_kjXYelCxRdspSZIYierA4wV3Ubk77aP-DJ1nkpORyHwhtIl3eaZi3lhsxyhyfzP5fAUylvajb7vOZlI0lpsvZI9FldzLpb3xyYzu85uf1NX77CUPsgj-UJegm98CbQkjqYz8PSb1SLASbnBbiZqATmij-uzEa71QQ5Z1N0uoJRO170Vg3IxjQ3__vhyJRbSeml6M073RYLulZjxuLN8ZX_fVW3JaMsPN43gjGYzzaAmaBjikPPm94IwCqL1nMmwWSYrkD9muRGe5IBByOaKONILozgHDA5MCgZeYCFVLwbvhBkM5CSHg_LijPj8hYzTK6yIbHKYrsZFJ4U6HzO69QT1ifsxk5wOIEE2vpfbj00X42msqZaJDg3dNLez0cZeOR676A9wwwEvjBazOBcLCACJTLGXKqNpqxygHcV5-NQ6cxFdu0_0H4-_TbEBtbvUUjr2Zh8YYWlKQ_23EtPHBmYsr6ojOVmohJSzQyBjAwIJFY99r4qMsEUCAEpHGVtwi6rWBZIH3DB3OMYy0pCK1yfNkvJ2GemEMwPjH3KOtCBpJ4Xm2R5fVg2ayDIbqhwj9fbuYqAO9MS-cc7I7u7p_uFg04aopIdH_PFS3IjW2N9YHoG6Tvmitb4vox22Z2l9WF8UUl_YDR65DXK-ksLOFukKAfXDqFWjB23l7iOvvE5atdhwJDGaEPhVPNdLNeJESObiRrI_3EnXYwN6tl5e94bnD6vDd-WgrrlCxj_3vjvJVHI1IzxDuSTlPODtgeYV-NGMOTMKC6ycLaghfGrKKJmwqZF7Ly0U0GRapY20o-_R52cQRMMsLFN8hAXkkCBmaOg20eHweNuBuOPtcKpx2ipqcJLylA37My5IKh_Xr9JV5VOmndTnxXYkk1KkU0iE265TWoSLE17CmBX6rrS1zy9JDTIR2W9_7ze0vbBXnvNLKgsTX-vm4ump6RESmCB8rvcMaYwFygY07YT1O3z5pok4jy5xULGTcQgd2AakgQQIHLadf9qGhgiU6enVPTQJ_HFQQ558jUESewqKaHC53eWaQMw81ZuPwf7jlDog7EyUmdnPZ90aNtWNQc3YO5jHEQShwEHD0sYFN05HGsInhUwQRO_7Y3mR8cSxrtOYF77Q&cid=CAASKORoykxYpCY3aVj-3Df61yIuyQcDOUf0JdNYyqRK-ytOCBUfIKzUw4I&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f659e3023e217c28f10fc0b5aaf8997e1cf9be8d697b5684f23263de38c8277

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35019
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 77AA 42 B
63 B 38ms
38ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CfEFSYOKjqQCvgdh2PHfwoOZZDLfNmNzo-kKBYJmObtS42Ufai75AMQfX2oO87IjOetVDQLO4BwozfGW-p10OstU53Ff8Endddvl970ygoZntUWX4

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 77AA 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 77AA 15 KB
6 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:03:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:03:40 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 77AA 0
0 25ms
25ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSztvDeWH4qqrWT9Fr2tHikiBEr4VvoSu4__MZlpk1OywEm4ZK6hWg_8Mlj0MI-QeRfmmk7flZkuoivuiuTso4q7n9Acw
Requested by: Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 77AA 117 KB
36 KB 90ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H2 200 amp4ads-v0.mjs Show response
cdn.ampproject.org/rtv/012202072236000/ Frame 55EB 220 KB
61 KB 73ms
21ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/amp4ads-v0.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 61519
x-xss-protection: 0
server: sffe
date: Thu, 10 Mar 2022 08:32:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "609f9f524fc23ab6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 10 Mar 2023 08:32:18 GMT

GET
H2 200 amp-ad-exit-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 55EB 16 KB
6 KB 103ms
51ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5708
x-xss-protection: 0
server: sffe
date: Thu, 10 Mar 2022 08:32:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "4c9170e21c83610c"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 10 Mar 2023 08:32:18 GMT

GET
H2 200 amp-analytics-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 55EB 96 KB
29 KB 103ms
52ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-analytics-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29623
x-xss-protection: 0
server: sffe
date: Thu, 10 Mar 2022 08:32:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "f660f99fdfd5d6c6"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 10 Mar 2023 08:32:18 GMT

GET
H2 200 amp-fit-text-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 55EB 5 KB
2 KB 101ms
50ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-fit-text-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1844
x-xss-protection: 0
server: sffe
date: Thu, 10 Mar 2022 08:32:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "b0f41eb8e6d0a727"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 10 Mar 2023 08:32:18 GMT

GET
H2 200 amp-form-0.1.mjs Show response
cdn.ampproject.org/rtv/012202072236000/v0/ Frame 55EB 42 KB
13 KB 110ms
59ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ampproject.org/rtv/012202072236000/v0/amp-form-0.1.mjs

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d

Security Headers

Name	Value
Content-Security-Policy	default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy: default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding: br
x-content-type-options: nosniff
age: 348106
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13623
x-xss-protection: 0
server: sffe
date: Thu, 10 Mar 2022 08:32:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
report-to: {"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31536000
etag: "14164defe327400f"
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="amphtml-china-available"
expires: Fri, 10 Mar 2023 08:32:18 GMT

GET
DATA 200
OK truncated
/ Frame 55EB 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a8fe81fdbc6b0a1d19ab816ee65a864e4240b9a2435fc8fc222d3035e0debd5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 200 i
api.purpleads.io/x/a/3f736a557f704b5fe38b24c59a4844ec:00ece8fcf12dd5df43ba8071bd3e08d08828717a8d002b3cf1143e4786f343a5d7797ce81e94ca723ac83d016422fb2e84214e1c93c2a08d45654b2920b307d6cda97e089554957... Frame 0
0 104ms
102ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/3f736a557f704b5fe38b24c59a4844ec:00ece8fcf12dd5df43ba8071bd3e08d08828717a8d002b3cf1143e4786f343a5d7797ce81e94ca723ac83d016422fb2e84214e1c93c2a08d45654b2920b307d6cda97e089554957fe0c54c358b34eabb7b8e3fad5898bf6546379c24c08e46d1384439f68f954ca55e7449c54a5c80aacc5d0d1616b77440bf5cd3cd86eb2469fbdd0d0ffa0e85b16988d24be4d95af2/i?id=e9b09f31-1655-4ea2-893c-8111a20eaa09&ts=1647249244039
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: ccba6a96-c725-4adf-b828-c4a8fd569e57

GET
H3 200 10426793851004881066
tpc.googlesyndication.com/simgad/ Frame 55EB 50 KB
50 KB 19ms
19ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/10426793851004881066?sqp=4sqPyQQrQikqJwhfEAEdAAC0QiABKAEwCTgDQPCTCUgAUAFYAWBfcAJ4AcUBLbKdPg&rs=AOga4qkY4gjUWtHqptslZZJbGpxFw8Rh4A

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ed29dee1a9df18ca0e067944eddfad69422ccda9b4fe616cc69be23eb599c3d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 08 Mar 2022 16:41:25 GMT
x-content-type-options: nosniff
age: 491559
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 51670
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 16:34:40 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 08 Mar 2023 16:41:25 GMT

GET
H3 200 en.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 55EB 2 KB
2 KB 18ms
17ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/en.png

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 09:41:38 GMT
x-content-type-options: nosniff
server: cafe
age: 84746
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 14819457070020093239
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2502
x-xss-protection: 0
expires: Mon, 14 Mar 2022 09:41:38 GMT

GET
H3 200 icon.png
tpc.googlesyndication.com/pagead/images/adchoices/ Frame 55EB 295 B
319 B 28ms
26ms Image
image/png 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/pagead/images/adchoices/icon.png

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 09:53:05 GMT
x-content-type-options: nosniff
server: cafe
age: 84059
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
etag: 426692510519060060
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Mon, 14 Mar 2022 09:53:05 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 55EB 0
0 27ms
25ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRKR1Z1plyETRYZMQF92NcR0K9IMoXlwcQpNzbdbYnJDgxSqiC32VHyubbDfD-wSqxetj3eELQcxUbzu4bEETXfcptSfQ
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 55EB 0
0 50ms
47ms Image
text/html 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Ctds5WwcvYtaRLvyX7_UPoMyM-AnHpqP3aJDiuYv0D9iJhZ4LEAEgudvzJmCViv6BlAegAcO05IoDyAECqQIY8YtEyE6yPuACAKgDAcgDCKoEkAJP0MUU3aPwTd0M4s-I0jfAwWWaIyCFfiXGFh1fUmEykYG8lqHwARv3NOd3S5w--1aWbBA7Tpm5f57e58hrvwbLhjscYsQd--F4daGDUICJAR2YUJGnjc5jAiaHJdra2SeI2dUteN1xl4b4W4KfScfI2oJu6m9kuQgbdJJGGCrT5cKxXEpglzVnJEakykOI9CN71R53jlNGttsYwjURGmA3nszf7Q8Yep2s31ksmonxmKvprVGlCXSKbON9aLwkP0d-1bUpa4fqiNCqFXyFK7UsMI1ZfCm7QATvpBOTLQyG4SvZMFW20cI0w1Rpo2PswfhOjGBHp46z_OV6a-O7fnocon6BUNgtJqEPQD3nCrn4m8AEr9fAw_ED4AQBkgUECAQYAZIFBAgFGASgBgKAB8-UgjOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBDTlAHSCAkIiOGAEBABGB3yCBthZHgtc3Vic3luLTQ4MjM5Njk5ODUwODIxMzaACgPICwHYEwrQFQGYFgGAFwGyFx4KHAgAEhRwdWItNDkwMzQ1Mzk3NDc0NTUzMBiLuXc&sigh=LjjNajIQb10&uach_m=[UACH]
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.185.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s52-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H2 200 i Show response
api.purpleads.io/x/a/3f736a557f704b5fe38b24c59a4844ec:00ece8fcf12dd5df43ba8071bd3e08d08828717a8d002b3cf1143e4786f343a5d7797ce81e94ca723ac83d016422fb2e84214e1c93c2a08d45654b2920b307d6cda97e089554957... 0
199 B 125ms
123ms Fetch 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/3f736a557f704b5fe38b24c59a4844ec:00ece8fcf12dd5df43ba8071bd3e08d08828717a8d002b3cf1143e4786f343a5d7797ce81e94ca723ac83d016422fb2e84214e1c93c2a08d45654b2920b307d6cda97e089554957fe0c54c358b34eabb7b8e3fad5898bf6546379c24c08e46d1384439f68f954ca55e7449c54a5c80aacc5d0d1616b77440bf5cd3cd86eb2469fbdd0d0ffa0e85b16988d24be4d95af2/i?id=e9b09f31-1655-4ea2-893c-8111a20eaa09&ts=1647249244039
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 0bdefe8e-33f3-4dfb-8286-f8da2910a1b1

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 439C 624 B
974 B 48ms
29ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNXZPHY0RKt01IZbWkui1rEeuYQvB8JAoF1je6jVGcSNGtD5MPgKrBOkmNfcKqaaCuoYTU5iiWNhQcacfJQdBj4vaTfX8HWGINsdocsjbwuMkd27COrhtF7Kj7N7lo6BuVQevoy_-YGK0dOas-cbuONEWRUAwaCbtb77eFp648ft6oRRZbs

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 09:14:04 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame FF2D 27 KB
16 KB 100ms
82ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTJ_cl4okkLavtH9RW44kc8rlGg3V_P7mFSqTe2-W-qdgsDZPyk2rmMYkUijWj1U-cCuRSkosdrdIoje-Ap-_o7aEJUf5ZjQCmb-Di8ZkJtBFwrAAjqItjq8MBfh1S33eo3SHpjb9MrPcgQxv3O8Q_86ezAg&cry=1&dbm_d=AKAmf-CddU7vje5gglegx_9QFHc6l3rKyfdhWbKM2Av6PxFbZ_fGZ2LXaBXqq7OdSOmC2onrBZNc4qyX0wVLFSEnVyA2McdqFQuGCamtTqveyIBLlqr2OG8sfS9ZOyskZX6ZyQy4slzG0RSDiGGLoQCCvCTCCZc3qsxxjc6amp5Pd9bslGSKvBgKEgxEwLWIxuCajRQvMfZsPfkMtTolStWZiQpT1tc4wVDOYeyssA91ncdSG9mS1YLkNEpS3NogZvdaB3genB1Dpgi5RXl89ZEX_WGoCFMoy7mK35IKIu9Ln9qLsCAr3DF_ceJqUwPH2WDY38qCQs_9xdjG6yjw0hm2VBJFkD3mWgKMaGxWzHJ5b7YarWzyjdRrAmAF_EQ6uSA_u0W5N3nfTK9-sHVOIyNlA3Hy9Ctn96vhk7wfRfbqmSbolbOB3aa1yF584QoVhjRo1Evoxcm6I-R8Kzl_XAwsTy5eENBI5n6NO-KrnvmiLasvpG0on5LFrNCCNxCnRHwY4A1e6IcXzQ_E4LpIGzlQHYHH3uyq_jPUazUK3pZFwW_fiA0lqf9PbZCetRGvKpoS6a4y-1BXsRbWhTn0nK4miXdVsdGGrRom3M-poVT4gF5wZieZjBGrsDMEQogxjxifDmUMCVl-_Xvbb73OjB21qGEizbdegXxl7K9OpofbRmpzJWAeS3hd6VYxvDYL63xfMEZiRHhPlroqVjIHfJuPBKHSA6j2djz0uk8XChXdvtBusuwncke-YboR_4GyeTrpQ0s5zCu-nGDByrK7kBWCa1r9mhwKRoPefThfgf2sTvXN1vngkdBbeTJ5-a2WXaomoGQkoO__gIoESdbJ98ponWiC49PKK73UAa3SHCgYji14PD8nQrtTcFrIddCt38VoNDj_oZflU3AEIDJE_u3lLfcakDv3Rcejg27S1ovCVSzSvBUre03Te8OyT68GmdlNOct8CF8TkstuivipGoh8mWbgrYqup-myf06TcwB6C1UwkfVRm-_dNwT9y4VtEaEkrYg24uU3mc1suBslphxPbc9lH1Ef_J0Hecrfjrsx4tIDLOuKuv6HmrIsxQ9KwwowbkcVI3PziZXtuZGo4HKaTHsShNSM8GLKibfRrtlsceSF0b6rxqIPWUnksydFxqOBnSb0LIBUqf3pV3yuQcCMX0RzPO_zHMTW1BKUFja2j5GFMPtC-1KknN-xeyN8MpYBB7jlMPry1t93McqBNufe8baMY0Z9B_UuIqw-iLMksnOLj64T4KkEVidWFEUOvkJ9I9k3kfQHrTQAlze8vwsLuZMZDTDBwDu9xQTQFk4N9yElqjHxNU6WqhTSI0D_OyvEH6wLMeQ6hyHK_Qo0dsVPI_dUSZ0QEAo9N1lGbwRamaDQF4PwVzjkMUu1Bl3HJBUN-gClDMalHmzOjHZ3tdZUZxmU_xU4WpqdhGo4XF4x0tOixMccHSU-M5wza0W944y1pgDwV_saBFwE-dqlNZSAD3912GhkCRwDPC0hspVAZpNhXxbjMQij5Mo-ruWc-ESoy-OlCDWMl83HO4FsTlF1KzzXz9EQqHDsEeEGAv_3VzMPhWX45p1uiAjY5GHntV9P_XUxTB6f3EXoB5-HrQKKAqr2pMvAWzTmikleUCgA_Mi-iP3aDeYJvIhMSdIf_EVf1ZMd5FUJCEmdL2soNCW4AZ5BKHojB1HCTKR6EB2xOXEkRrq1HmOzY_FRXOXFcBAs6t0IcETWe9VuKK_XD9i0e2fLpdU6uru7digCrA8OCzzgQmljwhQ-NXn7_vrK6omfI8FK29e8HrWdCuAVPevvWFi2w0l8How6BXQZ9sJzpNuqKlgP8TWk47_UUeIVTtrKv-7CkUR03P185Z1hWDnxoO5oSfL-Y0SHeh6KnUP57mTPfcesb5sW8ftx5W64O7eQ6iWxUpqNJ-knJwDKCoJxjtI7u3YPFZaw_g5jG82wkHbhfIz45r6as5hZXKAcw3JZcxOdQLRvxcrmNXb1_agqsOP40S1eNfc5djraxW660rZeUM-aS8XLSax0fSJFVK4XD5jxCDUcB-clb56lQVzcAgE-P8_RnCTgAZeaWR-CPhvvoRVrE3PNm23jaBvWgvHQY13wVdQkOczcgu3veAlau_7eVdxCDZvxZlMjtuIpvorWdTbbC9i1mWxc0byKCT_HIgUKsGor0AqWZipsTgDJWFQC_bbOvebEdY20QRHSPWE8fe_hDft5DqF2fJcJ8u-OlSOf0mXfpfflwPc5f_w09xv-Tk0M6o6bZEkojHBaXbrKVo-ZN0Gu9ZH2mgCPHRH1bR6OhsfqNzSDuqyyjeGla6ELsXt0rXZcAX-fifBte3DM8zfrXs3GGvOz-MtSD1ZvKgXkWeValqlThpgPL_DStJ6qyVOSqLqCu-k-gfW5nF7ezlPIhVi7qyESi8SPE9moSRZhOp_8a92IcXDZtsrqGkirZXkHEzZ-l2R1-bieUK2Bs_1ZZ10ymmzMpWJY-9pNg5-u_ZxZKohNa4JhYYTlCjmteYZWThFGPHYrgwX0UWckEG_p5rT_mZtpQyqJiKHyrEKu2tm_RZGlwMu8n1q86AZ3WM-BAS8oDspxQfnlTIXSCo_Exu5lTEyXFOkhJbt02zIagJffNc9WGQ-K-jxVHOE6cjqIML2L2fgwL1hQpvOaE6XAtENPzuPJw-Zl7fkZujw3qna-Vk7XrBgFxcKdt7D88qDH9l2_Z77tAXbCjHeDntRWI7ZTnvo4rcnbVagzm1c1be_kNWJcsc8M2fCAq3beFOhrXiANmvN7mGgsHFtcgPX5Dh5QWiC1GXMF3EQhKIcK_9dcy1JwsHrOuIy4mHmM1Ie91NTUbllt7wx-vceXacfwTGrjh_MV3bK-ly7oVGv5c5FfTRitVvl07aZYojqMT8bmg6TCiyqAk7eDV5vtsZHBylilTM7tbB4XlLuf_Kz8oCGGV_TvZgTigLyiUo_3sPIsKgKngNJumZIa6g57IrLBY7p2LxQKl_nY6QXR-NwkKaEokHBuHgng-5NEzUrgcssCoCK1Tg4e-It3jjsDOMVo1kc8SqsOk35xQ189PE_96yT_A7EUzY0jYAqt-Ygj9NZCkw0MCnY2ZjN8NsR_QoAsi1vvaNqvDlDV_QKGuUSTpJINByxtbf-qNFCJn7rA8dh7LRRvQjisEU2erKTJYC_1lRjdPievyhIWfXwIFlwHFRVzsCbEyPdY0e25bXtfvAwTE6t6IzvdzObd4L3B0gBw5_N3Oa-HoKcsxzaX_YwRUw6HbxgcayRlkj0JHpxkHLefn0yJsZd7Z512CbMm5jKk3Uw&cid=CAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9b83a0254585c8941ae1e2b4d6498c46d0a5367d626b4b386bf52dbd66ea82f0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16273
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame FF2D 42 B
63 B 38ms
38ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-Ak_1zQKtwVGOScxfQvJR4yx3hPDXQj1x_UQm14oG8L6MXFngQIHHDKTYkKeR8P6vHIbpM3mtJlBvoC4adeA7PSRCYVI-7SsBFgugdTSGqWIr2dWyM

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame FF2D 2 KB
1 KB 25ms
24ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:58 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame FF2D 117 KB
36 KB 86ms
66ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame FF2D 15 KB
6 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:03:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:03:40 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame F8B2 0
0 71ms
70ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030801&jk=975772244215284&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 15DC 0
0 74ms
72ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030801&jk=3057188931031487&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 9824 0
0 75ms
73ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030801&jk=2849320462233273&rc=null
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 6E2E 0
0 76ms
74ms Image
text/html 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2022030801&jk=231340852023047&rc=null
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 7E60 35 KB
13 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame DDCB 35 KB
13 KB 22ms
21ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 91B0 35 KB
13 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 422A 35 KB
13 KB 32ms
32ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9CCF 0
9 B 17ms
17ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?5K1LuQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 container.html Show response
e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 065A 6 KB
3 KB 21ms
19ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/45eb6a4adc3080f1350a5a8abde31b67:88fb7d03e9a14d8e22f1e91d2c9b03e0963ae52513018fbf812527e4b52f9b3a374197e5bbea0ea21bd3df835ff4d78d937d8ad5e116bc8d5ee1e318dd5d8a31539a47324d5a571... Frame 0
0 101ms
101ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/45eb6a4adc3080f1350a5a8abde31b67:88fb7d03e9a14d8e22f1e91d2c9b03e0963ae52513018fbf812527e4b52f9b3a374197e5bbea0ea21bd3df835ff4d78d937d8ad5e116bc8d5ee1e318dd5d8a31539a47324d5a57103fe062ed57af532f8744e7da20e5c73b3fe6664c374fee68f198d22af640996a8bfdaf45fd27775a21d5ed9a0d94a2d168f8caa172e00ded1532183a061f28ce34b1e72a1a5e2204/i?id=31451987-3728-4b7a-bdaf-79abfd332ce5&ts=1647249244115
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: 0d03fbaa-c086-449e-b511-27b947068234

GET
H2 200 i Show response
api.purpleads.io/x/a/45eb6a4adc3080f1350a5a8abde31b67:88fb7d03e9a14d8e22f1e91d2c9b03e0963ae52513018fbf812527e4b52f9b3a374197e5bbea0ea21bd3df835ff4d78d937d8ad5e116bc8d5ee1e318dd5d8a31539a47324d5a571... 0
199 B 176ms
175ms Fetch 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/45eb6a4adc3080f1350a5a8abde31b67:88fb7d03e9a14d8e22f1e91d2c9b03e0963ae52513018fbf812527e4b52f9b3a374197e5bbea0ea21bd3df835ff4d78d937d8ad5e116bc8d5ee1e318dd5d8a31539a47324d5a57103fe062ed57af532f8744e7da20e5c73b3fe6664c374fee68f198d22af640996a8bfdaf45fd27775a21d5ed9a0d94a2d168f8caa172e00ded1532183a061f28ce34b1e72a1a5e2204/i?id=31451987-3728-4b7a-bdaf-79abfd332ce5&ts=1647249244115
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: e6af084a-b3c2-452b-b721-9205d6677001

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 439C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsKPWhHHJfNWjyJS9WSwMc&google_cver=1

43 B
1014 B

66ms
33ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsKPWhHHJfNWjyJS9WSwMc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNXZPHY0RKt01IZbWkui1rEeuYQvB8JAoF1je6jVGcSNGtD5MPgKrBOkmNfcKqaaCuoYTU5iiWNhQcacfJQdBj4vaTfX8HWGINsdocsjbwuMkd27COrhtF7Kj7N7lo6BuVQevoy_-YGK0dOas-cbuONEWRUAwaCbtb77eFp648ft6oRRZbs
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 09:14:04 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIsKPWhHHJfNWjyJS9WSwMc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 439C
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi8HXHC0mcpfNMP0FEBvoQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

43 B
894 B

27ms
27ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNXZPHY0RKt01IZbWkui1rEeuYQvB8JAoF1je6jVGcSNGtD5MPgKrBOkmNfcKqaaCuoYTU5iiWNhQcacfJQdBj4vaTfX8HWGINsdocsjbwuMkd27COrhtF7Kj7N7lo6BuVQevoy_-YGK0dOas-cbuONEWRUAwaCbtb77eFp648ft6oRRZbs
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 09:14:04 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 439C
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOawQmdcy50drIBW58zaNRM&google_cver=1

43 B
1020 B

75ms
25ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOawQmdcy50drIBW58zaNRM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYvNLFlQEwAQ&v=APEucNXZPHY0RKt01IZbWkui1rEeuYQvB8JAoF1je6jVGcSNGtD5MPgKrBOkmNfcKqaaCuoYTU5iiWNhQcacfJQdBj4vaTfX8HWGINsdocsjbwuMkd27COrhtF7Kj7N7lo6BuVQevoy_-YGK0dOas-cbuONEWRUAwaCbtb77eFp648ft6oRRZbs

Protocol

HTTP/1.1

Server

185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 5af59e5d-8f76-46aa-860e-64b4d55e7bf4
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOawQmdcy50drIBW58zaNRM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 439C
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

170 B
188 B

33ms
31ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: b1c7a528-8932-482e-9e16-00c089bc7319
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 74CD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBPnZzFMN6VWt403L7mV52U&google_cver=1

43 B
1014 B

54ms
22ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBPnZzFMN6VWt403L7mV52U&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjbh_LEATAB&v=APEucNVAvD3ivnzUetS2wsdM1mgWXGSDW7UnA6FqiOHDY4ciRhZ9Fw18jYomGxe7aT_ZqdrD0tkA-qY9WnT5X1gpr4poVU6CyvdVegkd6f97hvwavgDg3jvUK2kd7cmfwfsFbk-97M3gVcYZDs7I6K8hHluROg-p_Ekq8AUYyR8MPUsSU2N2Kyk
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 09:14:04 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEBPnZzFMN6VWt403L7mV52U&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 74CD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi8HXHC0mcpfNMP0FEBvoQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

43 B
894 B

36ms
36ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjbh_LEATAB&v=APEucNVAvD3ivnzUetS2wsdM1mgWXGSDW7UnA6FqiOHDY4ciRhZ9Fw18jYomGxe7aT_ZqdrD0tkA-qY9WnT5X1gpr4poVU6CyvdVegkd6f97hvwavgDg3jvUK2kd7cmfwfsFbk-97M3gVcYZDs7I6K8hHluROg-p_Ekq8AUYyR8MPUsSU2N2Kyk
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 09:14:04 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 74CD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1

43 B
1020 B

78ms
37ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CLOokgEQ4p3QAhjbh_LEATAB&v=APEucNVAvD3ivnzUetS2wsdM1mgWXGSDW7UnA6FqiOHDY4ciRhZ9Fw18jYomGxe7aT_ZqdrD0tkA-qY9WnT5X1gpr4poVU6CyvdVegkd6f97hvwavgDg3jvUK2kd7cmfwfsFbk-97M3gVcYZDs7I6K8hHluROg-p_Ekq8AUYyR8MPUsSU2N2Kyk

Protocol

HTTP/1.1

Server

185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 466e9834-6b3a-48fc-b547-82cf7408cf98
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 74CD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

170 B
188 B

31ms
30ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 767e683f-e6eb-40ea-8445-e5c284a3db7c
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 skeleton.js Show response
fw.adsafeprotected.com/rjss/st/985734/61500682/ Frame 77AA 46 KB
12 KB 154ms
44ms Script
application/javascript 54.72.219.124
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://fw.adsafeprotected.com/rjss/st/985734/61500682/skeleton.js
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.219.124 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-72-219-124.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 9f1af6cc37dc61ec618efe4e3ca084350204c33aa203cc393c69dc98269e7f99

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
vary: accept-encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: fw.adsafeprotected.com
cache-control: no-cache
access-control-allow-credentials: true
expires: Wed, 31 Dec 1969 23:59:59 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 77AA 106 KB
38 KB 91ms
27ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
Origin: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 11:36:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 77883
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 11:36:01 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 77AA 8 KB
3 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CEBL-KMpeoRH2VK8DFrM5T-vLG8zI6T9TE5MlvvJncgTfqdQ36RZ3aeKvhrYnop3D-KYiHPoE-mRs7PdFfhwWQIwOEOgOLJsbPl8UT89TMbzvgx0rnnXS7ysO1HrnWRL2C9Q57kMK_lMxtBe1vSJ_WH6YweA&dbm_d=AKAmf-D-xYE18XsaMKCEjWHl7ynCdPwQuxq4tj3lfrIfgpTZ7TIdkZ0BjKZENZpBZLyTkXRQOyRPBdRqSbwZFWLC9QsBaYhGB6OXpNels8JfIDzTYzb7hTlnkO-UguFfXRvmi59_MqSQ_N-8ERjd5VhHoQy0yKUnHwdmnZ32yoFtJxVw5WU7yzt1zPz35QMPEa9ANcNuxwzOlqPrr3-cx6kOu6ID2lB_K8IpvygFv5j0iA44eOxyrAhtX5w91H7xNGEgSEkfbGq9Jak_5jb2RUxu5u9gtgUQeaPMGImLQX4AOvmlBt28xpAIqX_U4NlgVWojpcblRMolfXnEMFwLTZ7Heue-nh9ehmRIhpMA_UdZWfCOq6n96ldoQjHJ41TYV0n6BM1pguW09aU0qgpd4Nm4eEAA8ZxPnbT4usHVI7vu4x4WjLa1Hr28csZQaBDih6-B-2mTeEQBfpHo38LqeLdmSi9pG57ms9CnE8uIq3pXF69E6uqyF9spfhpgvtLEK10Csa7jRHdewDp4TpuZZG5rRp_eaAjQqL4mTJUEXvdIE5Zem0WczUqdFm7WbHFqHzrH-G00qOs2DNF6WRv7p4IXtx3nGXCceu50eSrgAnjXl0Dz8U0-IM6pVgy499oSTvEQ62oy7wvIfpgPZ-9_Bcn7_YbnLcD_iGkhnuNbC3lGO2Ge6ANr1CcjNGMCAxB2nwh9NnTkng9H8QfeMWu5OVBToixt8vdjdJixvBmQIt42kzQhx0_WlPG2bY9hgN2K4Zqojoehr-B9r0t3rcijReFIbPsb3aqwX72_guT5jZAopqomB1qJ7uZrp2FRdKkJ6JDnxn0-6mPcfAjIFfMPReqZzntQQfFACr5Ma5KjwMyRbgkCncaVBrsoInqPY2O2_-QpwEtzn3OLhy0b2J8G9n6abAfk8QlPqFOCFGn3zX4pq75lQHeyAUaP64Q_3zTqSL2xrHIfd-QB4Ng4UL_9iH-652sUlULyrLNm7jrkZVawQLEVph4ubzbniYVeu2qAHoQhj9p1OlJNGnifuUHHW7gGvWsjjD_OtVUKTKnOtCAzDpnTaXAyTKPCiCCKBQk43Jnu2lzNPk18mX_DZfLzrjVTkl9IzqBqQ08M2NV47hnLbN7Ird9s62yayxMkBtBoAZpSd5n2hUIGBhmGGr3qRYeg29FSC2wqE9VLaGYaLkErwkWivAQAp2_AknHhkS5AxqXkiMQ_K2gJUmeCPn_1Nux2cKkNkPOjbf-sjYrBzeRajt0HNxpgbfSU2jjrAWqNOqAhIGrylVk7wm9hsQvJYuppFWSt5d3vE7AMRCKU6VmYiUCmqBBxpJGLRVto6pxDjFwU0VX6FDiprBgW0MI9rQHhoJzzZ4LWWCyW-VmMJrcKiWhzQW61OmJaCi66ag4ghG_LRhRiHXdDoDpenUysbHxFni-_Dkn7ZsufzNGkYhCCDupogvGEphoKKT8JSWArE4mhd8GsI6qIhKnutulDD_wMm21Fah131SZlJXIi0Mv2J8ZbaGuWr2NCy9-mloL9JxuQ76ElWAhQthIAL5Yk5xtP1ZXDQDzf9yC9EUkHiH0n5B-oUbM7o7HDPTlbSdktgK8X6yxv_eLKJ4ygBMGfFjxDEssXjZozMxh58SQq9canLkisjmixh57p--jA-NjokpCw6UWiMUaa9bVFXcONJYY8SVLsIy2gdtBo_0DQRiwBgaerVB6HnYFreUls3Woi-2_HEuRdHhZkQKk091co58SblLUAt4f7WcujSWYjOV-6ghVzP7jFTZiKQTx53XuUbKibrjfE6ZJ70YqrnU1plk2iquV8HNvd6sZBe7GBX8B32zp9j7Z95Re1W7Eem5zBMavGDmi-lPEF9wAc1AXjr3C2r13nnoi5vRoXL0Xan4vJWhfp5XdO_54-7YmRN7HuVhqesP5vCtB3Ik83fifCo8MbCyeRal_C6VGn1tLSmpUVSeEMC5uQmdZpMpL5cdxIBu9hW3yjYh5CWyRc6BCYtnyDT6pOApNOmdA2bz9Bi8dtkUEG45c8RVroPZdBU5MWkOI_lYzRIf3k2AnYyxv1IhpITfr_H853Sr-GPHbiuGwQikafit2SZv_kjXYelCxRdspSZIYierA4wV3Ubk77aP-DJ1nkpORyHwhtIl3eaZi3lhsxyhyfzP5fAUylvajb7vOZlI0lpsvZI9FldzLpb3xyYzu85uf1NX77CUPsgj-UJegm98CbQkjqYz8PSb1SLASbnBbiZqATmij-uzEa71QQ5Z1N0uoJRO170Vg3IxjQ3__vhyJRbSeml6M073RYLulZjxuLN8ZX_fVW3JaMsPN43gjGYzzaAmaBjikPPm94IwCqL1nMmwWSYrkD9muRGe5IBByOaKONILozgHDA5MCgZeYCFVLwbvhBkM5CSHg_LijPj8hYzTK6yIbHKYrsZFJ4U6HzO69QT1ifsxk5wOIEE2vpfbj00X42msqZaJDg3dNLez0cZeOR676A9wwwEvjBazOBcLCACJTLGXKqNpqxygHcV5-NQ6cxFdu0_0H4-_TbEBtbvUUjr2Zh8YYWlKQ_23EtPHBmYsr6ojOVmohJSzQyBjAwIJFY99r4qMsEUCAEpHGVtwi6rWBZIH3DB3OMYy0pCK1yfNkvJ2GemEMwPjH3KOtCBpJ4Xm2R5fVg2ayDIbqhwj9fbuYqAO9MS-cc7I7u7p_uFg04aopIdH_PFS3IjW2N9YHoG6Tvmitb4vox22Z2l9WF8UUl_YDR65DXK-ksLOFukKAfXDqFWjB23l7iOvvE5atdhwJDGaEPhVPNdLNeJESObiRrI_3EnXYwN6tl5e94bnD6vDd-WgrrlCxj_3vjvJVHI1IzxDuSTlPODtgeYV-NGMOTMKC6ycLaghfGrKKJmwqZF7Ly0U0GRapY20o-_R52cQRMMsLFN8hAXkkCBmaOg20eHweNuBuOPtcKpx2ipqcJLylA37My5IKh_Xr9JV5VOmndTnxXYkk1KkU0iE265TWoSLE17CmBX6rrS1zy9JDTIR2W9_7ze0vbBXnvNLKgsTX-vm4ump6RESmCB8rvcMaYwFygY07YT1O3z5pok4jy5xULGTcQgd2AakgQQIHLadf9qGhgiU6enVPTQJ_HFQQ558jUESewqKaHC53eWaQMw81ZuPwf7jlDog7EyUmdnPZ90aNtWNQc3YO5jHEQShwEHD0sYFN05HGsInhUwQRO_7Y3mR8cSxrtOYF77Q&cid=CAASKORoykxYpCY3aVj-3Df61yIuyQcDOUf0JdNYyqRK-ytOCBUfIKzUw4I&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:12:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:12:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 77AA 25 KB
9 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:35 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame FF2D 25 KB
9 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CTJ_cl4okkLavtH9RW44kc8rlGg3V_P7mFSqTe2-W-qdgsDZPyk2rmMYkUijWj1U-cCuRSkosdrdIoje-Ap-_o7aEJUf5ZjQCmb-Di8ZkJtBFwrAAjqItjq8MBfh1S33eo3SHpjb9MrPcgQxv3O8Q_86ezAg&cry=1&dbm_d=AKAmf-CddU7vje5gglegx_9QFHc6l3rKyfdhWbKM2Av6PxFbZ_fGZ2LXaBXqq7OdSOmC2onrBZNc4qyX0wVLFSEnVyA2McdqFQuGCamtTqveyIBLlqr2OG8sfS9ZOyskZX6ZyQy4slzG0RSDiGGLoQCCvCTCCZc3qsxxjc6amp5Pd9bslGSKvBgKEgxEwLWIxuCajRQvMfZsPfkMtTolStWZiQpT1tc4wVDOYeyssA91ncdSG9mS1YLkNEpS3NogZvdaB3genB1Dpgi5RXl89ZEX_WGoCFMoy7mK35IKIu9Ln9qLsCAr3DF_ceJqUwPH2WDY38qCQs_9xdjG6yjw0hm2VBJFkD3mWgKMaGxWzHJ5b7YarWzyjdRrAmAF_EQ6uSA_u0W5N3nfTK9-sHVOIyNlA3Hy9Ctn96vhk7wfRfbqmSbolbOB3aa1yF584QoVhjRo1Evoxcm6I-R8Kzl_XAwsTy5eENBI5n6NO-KrnvmiLasvpG0on5LFrNCCNxCnRHwY4A1e6IcXzQ_E4LpIGzlQHYHH3uyq_jPUazUK3pZFwW_fiA0lqf9PbZCetRGvKpoS6a4y-1BXsRbWhTn0nK4miXdVsdGGrRom3M-poVT4gF5wZieZjBGrsDMEQogxjxifDmUMCVl-_Xvbb73OjB21qGEizbdegXxl7K9OpofbRmpzJWAeS3hd6VYxvDYL63xfMEZiRHhPlroqVjIHfJuPBKHSA6j2djz0uk8XChXdvtBusuwncke-YboR_4GyeTrpQ0s5zCu-nGDByrK7kBWCa1r9mhwKRoPefThfgf2sTvXN1vngkdBbeTJ5-a2WXaomoGQkoO__gIoESdbJ98ponWiC49PKK73UAa3SHCgYji14PD8nQrtTcFrIddCt38VoNDj_oZflU3AEIDJE_u3lLfcakDv3Rcejg27S1ovCVSzSvBUre03Te8OyT68GmdlNOct8CF8TkstuivipGoh8mWbgrYqup-myf06TcwB6C1UwkfVRm-_dNwT9y4VtEaEkrYg24uU3mc1suBslphxPbc9lH1Ef_J0Hecrfjrsx4tIDLOuKuv6HmrIsxQ9KwwowbkcVI3PziZXtuZGo4HKaTHsShNSM8GLKibfRrtlsceSF0b6rxqIPWUnksydFxqOBnSb0LIBUqf3pV3yuQcCMX0RzPO_zHMTW1BKUFja2j5GFMPtC-1KknN-xeyN8MpYBB7jlMPry1t93McqBNufe8baMY0Z9B_UuIqw-iLMksnOLj64T4KkEVidWFEUOvkJ9I9k3kfQHrTQAlze8vwsLuZMZDTDBwDu9xQTQFk4N9yElqjHxNU6WqhTSI0D_OyvEH6wLMeQ6hyHK_Qo0dsVPI_dUSZ0QEAo9N1lGbwRamaDQF4PwVzjkMUu1Bl3HJBUN-gClDMalHmzOjHZ3tdZUZxmU_xU4WpqdhGo4XF4x0tOixMccHSU-M5wza0W944y1pgDwV_saBFwE-dqlNZSAD3912GhkCRwDPC0hspVAZpNhXxbjMQij5Mo-ruWc-ESoy-OlCDWMl83HO4FsTlF1KzzXz9EQqHDsEeEGAv_3VzMPhWX45p1uiAjY5GHntV9P_XUxTB6f3EXoB5-HrQKKAqr2pMvAWzTmikleUCgA_Mi-iP3aDeYJvIhMSdIf_EVf1ZMd5FUJCEmdL2soNCW4AZ5BKHojB1HCTKR6EB2xOXEkRrq1HmOzY_FRXOXFcBAs6t0IcETWe9VuKK_XD9i0e2fLpdU6uru7digCrA8OCzzgQmljwhQ-NXn7_vrK6omfI8FK29e8HrWdCuAVPevvWFi2w0l8How6BXQZ9sJzpNuqKlgP8TWk47_UUeIVTtrKv-7CkUR03P185Z1hWDnxoO5oSfL-Y0SHeh6KnUP57mTPfcesb5sW8ftx5W64O7eQ6iWxUpqNJ-knJwDKCoJxjtI7u3YPFZaw_g5jG82wkHbhfIz45r6as5hZXKAcw3JZcxOdQLRvxcrmNXb1_agqsOP40S1eNfc5djraxW660rZeUM-aS8XLSax0fSJFVK4XD5jxCDUcB-clb56lQVzcAgE-P8_RnCTgAZeaWR-CPhvvoRVrE3PNm23jaBvWgvHQY13wVdQkOczcgu3veAlau_7eVdxCDZvxZlMjtuIpvorWdTbbC9i1mWxc0byKCT_HIgUKsGor0AqWZipsTgDJWFQC_bbOvebEdY20QRHSPWE8fe_hDft5DqF2fJcJ8u-OlSOf0mXfpfflwPc5f_w09xv-Tk0M6o6bZEkojHBaXbrKVo-ZN0Gu9ZH2mgCPHRH1bR6OhsfqNzSDuqyyjeGla6ELsXt0rXZcAX-fifBte3DM8zfrXs3GGvOz-MtSD1ZvKgXkWeValqlThpgPL_DStJ6qyVOSqLqCu-k-gfW5nF7ezlPIhVi7qyESi8SPE9moSRZhOp_8a92IcXDZtsrqGkirZXkHEzZ-l2R1-bieUK2Bs_1ZZ10ymmzMpWJY-9pNg5-u_ZxZKohNa4JhYYTlCjmteYZWThFGPHYrgwX0UWckEG_p5rT_mZtpQyqJiKHyrEKu2tm_RZGlwMu8n1q86AZ3WM-BAS8oDspxQfnlTIXSCo_Exu5lTEyXFOkhJbt02zIagJffNc9WGQ-K-jxVHOE6cjqIML2L2fgwL1hQpvOaE6XAtENPzuPJw-Zl7fkZujw3qna-Vk7XrBgFxcKdt7D88qDH9l2_Z77tAXbCjHeDntRWI7ZTnvo4rcnbVagzm1c1be_kNWJcsc8M2fCAq3beFOhrXiANmvN7mGgsHFtcgPX5Dh5QWiC1GXMF3EQhKIcK_9dcy1JwsHrOuIy4mHmM1Ie91NTUbllt7wx-vceXacfwTGrjh_MV3bK-ly7oVGv5c5FfTRitVvl07aZYojqMT8bmg6TCiyqAk7eDV5vtsZHBylilTM7tbB4XlLuf_Kz8oCGGV_TvZgTigLyiUo_3sPIsKgKngNJumZIa6g57IrLBY7p2LxQKl_nY6QXR-NwkKaEokHBuHgng-5NEzUrgcssCoCK1Tg4e-It3jjsDOMVo1kc8SqsOk35xQ189PE_96yT_A7EUzY0jYAqt-Ygj9NZCkw0MCnY2ZjN8NsR_QoAsi1vvaNqvDlDV_QKGuUSTpJINByxtbf-qNFCJn7rA8dh7LRRvQjisEU2erKTJYC_1lRjdPievyhIWfXwIFlwHFRVzsCbEyPdY0e25bXtfvAwTE6t6IzvdzObd4L3B0gBw5_N3Oa-HoKcsxzaX_YwRUw6HbxgcayRlkj0JHpxkHLefn0yJsZd7Z512CbMm5jKk3Uw&cid=CAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame FF2D 41 KB
15 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2721 624 B
299 B 60ms
32ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYwc3jwAEwAQ&v=APEucNWSflqzWWgR8BZIYs9FL_XU2Ha72U-w5JQypMwuuwBXQUpoFF_fnySv8o8unJaCzCgn7p-X9LZI7AXSE4-qkD0FFW-JseU1m2EbwiLkOo0V8sjmvLbRlrHRn6K4G9kLfsgF4h6iqHdnU6VaH_s0gttBJc0XLGjIWjS4LigkDnMaq9WgEo0

Requested by

Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 09:14:04 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 065A 80 KB
33 KB 106ms
80ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BfVzT2h8cnahmwfyH9YGmzGQcehtWCik-PtiKxYrezS-1c1ESjv7LGZYj9bfjSb4AgbfyQdtO2a4AdqGWkQdW4Ero_gsn0XtXy3BEVeeb6bPH05OH2zBvm-tkNF-DJhRFHH_JUTq9PlqwEdijB6fg0cKBcUA&dbm_d=AKAmf-D9uQ3tmR2m26sN_F5PJmt99SAQqGLMzxv4mK5Rnk9tVzxOXKzJpBMa1vyvIZCxG45Or748wqnQS8O5O21M-i2k9679yEeF1Yu6ziKCAqnFlWhytCcXDmrdVHvyLUxiMyl5jtozC3XrTvDD9waOUGQdJwYNi4JZhypzLWQbvcXoDMH7woJQovsV4hW4p3GzliH-jcxZpWsfMb0HuzQIqM77pljd6Tq-LuhEeffHLiRJ5EqpCSM65cK0H-uCblwK8IBNizD-Tt9mkt68HRVxe8Fq1dNCoST_zBAl2iEo3RotYRhiFlAUATOTt0HLzVnkghwE7VWx_6HKi7BsKBrJgjggm2bCpMYdKf64-7Gh0-e_XBvCXgknf1rHNqwJZLkCjdofFmZ-MHMsKVmOjhSEyLgt2o0Vk-F7TWrVPS6ZkSnpUer1jGyvJWR1kj7jV5cwEB2UZJ_v-Psskf8spgGPHjytq6RTVWtoBEPdlcK_0MJR8pHA3QMWi0FuaaPo8exKzxZIlTVYrqWgzJ-8LjShfYrgOKGBVSCYdkVcLk6UwHs4Sxg1qlqk2IkDXCNgtQCiRDq3mMmtAakNc0CeIlgPfDFH9Qsj7eP9UBhAqAm5V6DJHv_z8uN3Qge2NaNAu9VaJvp2i1xG4Nx4OnEbVs4R8viohJXwjEshFnJGjE5PcWwNSZy5zl_J89cioHkjlmncpy4aKbEoitJeIMDrqKrBFfXD5uG2ghlA0v3mA0fjLwJku--xOVtSCAT9nu9tO-mPsaS0RyeGyUp2uUAmBQBhxRvo4NM6P_ESqiQdJpEx4jY9gTth-0oMTXvH6fHiwHf342CnDlzpH35ZBDwtZFANKfCkuIxZVGZDRoVrT4wH1HtULec9MUDGKjneO3gwYXeAVneJElGpy-dj6e2WURLEspQw67zD96lBAqUiY6OIlQfXF8zePV8uuRErSeBOq1pcVZObKw2eRwA0hFREjGKEs-4YrqvwhMcoYj2oxtkrFhvhOzNoKo1slYd4dOBBNnXoqluaYk00F4-rHjE__pr0YiLEFv3XAMOYegbDW5RfiGxQv3UjgHpLwwweGHIvbApvRAR0VUyxajeA-nnESNvYRI32g_mIncAtBg-5ST6QAq5mlC0D5smMj1DKCB-Hrzx2D3IYvOExJsiAqU3rS3n6zPkfi-Wqyi0yLoq7SfXiUXSzeGTGGvomllOgmAHguJjeA5exvOqAGe1puEjW1oewd3tcrtuuGnLPL_nN4mAnhEFkc2HRZ4AlplcqctknOcr0Beaf6M5V0jpy_X9Rs_rW015Y-DT5hKyfCrzquRUMm5sReWvlCZFIJTtKvovHgo_Y1sqbfHkoXMoHCtvK5vSB2uy9LPN-r3l7a9DwnLQz18ACiEc2BX6HROEoN7WSvqAdX5o3KihXonMFZdHjYEi3iOQ-mtut_mf4XP8fde9SbFka-DpD3DyCFkMniYmsvMzbSHX0ZvnlCU0oaiYZ0GPkHvgvgwIfDDkZ5JIPIlL61D_hoMoTU-Hzj2q7hj8aWKoegPAl2LT5Vm6QmyLWarFH2-rYoboMMbHDZLiQrfJW2X9LwX77lSjqlNJBakWnqYBQlMljQIi_E1neJ0NgaUCJQ25mJVoSyZvnO5XfQdkSB2OgTGL-vRfAwB8yFZlgUnUSZGeEEsdz5voAClc5hyMFVzmyEheqprCTJ2eSy_VwAgskJ6AaMx1kmdyK6pWP45GPVSgZrwVyCCs50sK7UeuVS9Y_rlh7nCK1YGdeNTlLQiAOVaky4EGjy81fYndGjVoKRo-6yGsJHzz1IW_h3jknniNQm5vm3O7vPn3hfrS-HnJxTe7Go_yF7gZueG_2U-JckdGgkCxXsxp2n8cjhdzU1uOvN-hezzlNVhGLsCBPZMB15sMUkdQDn7-a9k3sSnUX2APDmYwIKMwvODvcp1yNrcQ3e4-LgsesDG1oGSfWY_hey12hPmZlYHhZXeFeLGIz0SOs7vBaQ32dA74ajI8jXOd3fGSqrPoy3cJDDWTmYqvN3zvSRbedxW6G0OYj9VOzUC4ovGzxaw7_R-zNaqtKgqQyK8Mxjdq8zR3MPtNqx3EGZkRuFhbVvvEVF7_yqd7UDwQYG-vUtfJ0Ux7Mm8jO8EHm9qysnLZ_FPDAPsbal1f3UWt4gFBkfQrmsN4x-qBMDjD8Hhh-wzQOTJ7U_Ld6AL3gYk5JpE-ajer8p0CImf2on6fLi-VVt6ItemT88kd9hKM7jnY_4305KuEUKUjaPLu8EofOp6Zovj4kCYbYWZYnQ11z-pFwkU7Ob8GueSBVYuxiVb9fk5_-32HF6f4nUv73eqNh2YVK22on1qqRhxjYfNw0rZ-66WtcYatA-uFNGqGbAYQChlOqjoRBWN-9xfyRSbVvjVxYmmsqftbXXzhRS0IDPiSiF35SiaIpUVrzJ60Bw99mcYJnqT798k2jQdpqpr7LaakFE5FtUwH9S81pbqgVAM5IssqrlH9teG8znN83SQj0EdAtMJ9aTqBhxtZM_zghEuab1O7MVX6RS-_7CJGTEypTHc6UPm0utD3TJjYeMWHoBD8hHHiAhkn9j3jZdtctGBwygh0gS0RxAspwBaosPAgOGyhpQ1nxt5Q8_RqgCVX2Cisrdh6mNFV6CaiRFMBh1lF8-uQPh1GjhdXsmjLKnjR7Z9GIRBhAiwWOXKetLjrOjCm2-uq6shkzDAZCcXFdBXHicshp-TBM_EPbZRPQmoV1ryTN1mdVYI774jPaV78HQZChY4yun8_x0JNnu4r401w8mhjK1CaxwGV3AYGawHOqqIHM1ELCPdtA-Xk_fs3-WB0rJaXzozV0zfCtIEHice2h_PGzXFhKvYuldFFvueGOWdODp5eo8koow3WaHy4pAxEQaB1Maxhr6z9LLijij7DsEIc3Z9EXZSusn-O6TcWgJn8OH-kOu_JWM3hil1pd4RkF1YBzqH5Nn3lcsOW3xOYVyO0LiS1S9HN9-3EG77YMAMqzh6CD6DfE-PEe5V6wQsCSW1iH9uLsHTM-PZl2dk7dNg9PNk3G0hQI1MaHbHNdFLYF0MgjRO5bbfzAntchCg74D2YKQ47SQ5UHAAjl3Jc_znjDNucPaKR2kQSiAgRGLokxqdEyOuLIoGHA8n_1Ma0sNbDmDwovfagVtgzM5aYpUmjqxtH3xLpbfBRa4WQFprsB6QNSSUBxonUM1IXt9dE_vwT4UxS5NPMCkihslt4YKI_l1asVU2F7xF1UcfzzsEiIZ2l73F1k0HYrp9v6HL7Fa13sT32hs6MMD4Okvy-KJeq7-zK8M_n2Q8IekeYiZdeWUwEYZudaija7zwgiAspTWUqdNtWc9dUJ4LkZgdowQb7qZoFzFJyc786kPcs&cid=CAASKORoEWYfPJAokfZbrf4mjRE4hrh6LFae_H3LrdOSaJ0CTj2pIes_SU8&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

daf064e245abe4fc5553b1a6b580687dfeb2e60fa846f0deee5b4e5bad312543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33515
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 065A 42 B
63 B 38ms
37ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CiPlCOo-9k4YXJ6MYe6rCvLywZx2GC0TB7gGMTxzOJdWNZqEFXIEyfraTkw6m1Rnig4Qkkj99pABlu_iAv2tuezNABLUKzPLbVwT0H_0_xu3IgGUs

Requested by

Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 065A 2 KB
1 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:58 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 065A 15 KB
6 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:03:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:03:40 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 065A 0
0 26ms
26ms Image
text/html 2a00:1450:4001:82f::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSPlQhRAbvoLSf7Jn3aS13Y6iAlJrP216TRywcqLS9B9BzUNpy2IwRRCfiLW7USIdPji0M7Kw9KaFkd-_HXoQcGAS72PQ
Requested by: Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 065A 117 KB
36 KB 56ms
31ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H3 200 container.html Show response
c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 587A 6 KB
3 KB 20ms
19ms Document
text/html 2a00:1450:4001:812::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022030801.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 09:14:03 GMT
expires: Tue, 14 Mar 2023 09:14:03 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
content-type: text/html
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

OPTIONS
H2 200 i
api.purpleads.io/x/a/a047a23e4d8f50dadf9d63a50ac82c2d:25e650f220eadb75bc8ad62ab4fe154b9a4ed86e9d2eac5a25eacf1ab5f1f166268daf831774d0f80e64780032b3c16044c770a0bccce2dfa7e38e6e7e8593a490400d23277f564... Frame 0
0 132ms
132ms Preflight 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/a047a23e4d8f50dadf9d63a50ac82c2d:25e650f220eadb75bc8ad62ab4fe154b9a4ed86e9d2eac5a25eacf1ab5f1f166268daf831774d0f80e64780032b3c16044c770a0bccce2dfa7e38e6e7e8593a490400d23277f56487aed488f63f6651924b0ec91ca8772f6c9d61802ceaca84f245afb738aca4f8492b9162eb180962f2a342c7c4f93b1735dab3d76af70b4cff75c0745985bca249c1cf7860bbafbb4/i?id=d7959960-65b3-4743-96cf-a19543d76c07&ts=1647249244332
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-purpleads-version,x-request-url
Origin: https://nets4.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-origin: https://nets4.com
access-control-allow-credentials: true
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-headers: authorization,content-type,x-purpleads-version,x-request-url
x-request-id: d1cc1a54-801a-4a1e-9a18-b8a3fa419970

GET
H2 200 i Show response
api.purpleads.io/x/a/a047a23e4d8f50dadf9d63a50ac82c2d:25e650f220eadb75bc8ad62ab4fe154b9a4ed86e9d2eac5a25eacf1ab5f1f166268daf831774d0f80e64780032b3c16044c770a0bccce2dfa7e38e6e7e8593a490400d23277f564... 0
200 B 126ms
126ms Fetch 3.94.45.13
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.purpleads.io/x/a/a047a23e4d8f50dadf9d63a50ac82c2d:25e650f220eadb75bc8ad62ab4fe154b9a4ed86e9d2eac5a25eacf1ab5f1f166268daf831774d0f80e64780032b3c16044c770a0bccce2dfa7e38e6e7e8593a490400d23277f56487aed488f63f6651924b0ec91ca8772f6c9d61802ceaca84f245afb738aca4f8492b9162eb180962f2a342c7c4f93b1735dab3d76af70b4cff75c0745985bca249c1cf7860bbafbb4/i?id=d7959960-65b3-4743-96cf-a19543d76c07&ts=1647249244332
Requested by: Host: cdn.purpleads.io
URL: https://cdn.purpleads.io/agent.js?publisherId=148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.94.45.13 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-94-45-13.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Authorization: Bearer 148b38f0f95a731cbf1c8362eda62623:cb9905c126417e4e76044c94bca6111761c74aa38a9bccdbbca25c8b94de4eca9878a9b8fe9f1cfc5ac5e9a141490cb70199107536e1da5cdf88bd8ac50fbb02
x-request-url: aHR0cHM6Ly9uZXRzNC5jb20vYW5kcm9pZC1hcHBzL2NvbS50ZXJyaWJsZXRveWJveC50aGltYmxld2VlZHBhcmthbmRyb2lk
Accept: application/json
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json
x-purpleads-version: 2.0.26

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:04 GMT
access-control-allow-methods: GET, PUT, POST, DELETE, HEAD, OPTIONS
access-control-allow-credentials: true
x-request-id: 29756149-eddc-4a6f-9d7d-26da375bb6d6

POST
H2 204 collect Show response
e.clarity.ms/ 0
48 B 110ms
109ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: e.clarity.ms
URL: https://e.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:03 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H3

200

si
googleads.g.doubleclick.net/pagead/drt/ Frame 55EB
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
0

105ms
104ms

Image
text/html

2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Server: 2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Redirect headers

date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H/1.1 200
OK 4727t6qteyti Show response
hal9000.redintelligence.net/zone/ Frame FF2D 11 KB
4 KB 147ms
22ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/4727t6qteyti?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D
Requested by: Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 6313b7c2121bd182a484113efac078bcc15073de8ec167008c3088bc1bcae472

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3984
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2721
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

43 B
894 B

21ms
21ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYwc3jwAEwAQ&v=APEucNWSflqzWWgR8BZIYs9FL_XU2Ha72U-w5JQypMwuuwBXQUpoFF_fnySv8o8unJaCzCgn7p-X9LZI7AXSE4-qkD0FFW-JseU1m2EbwiLkOo0V8sjmvLbRlrHRn6K4G9kLfsgF4h6iqHdnU6VaH_s0gttBJc0XLGjIWjS4LigkDnMaq9WgEo0
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 09:14:04 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2721
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yi8HXHC0mcpfNMP0FEBvoQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1

43 B
894 B

24ms
23ms

Image
image/gif

23.218.208.246
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYwc3jwAEwAQ&v=APEucNWSflqzWWgR8BZIYs9FL_XU2Ha72U-w5JQypMwuuwBXQUpoFF_fnySv8o8unJaCzCgn7p-X9LZI7AXSE4-qkD0FFW-JseU1m2EbwiLkOo0V8sjmvLbRlrHRn6K4G9kLfsgF4h6iqHdnU6VaH_s0gttBJc0XLGjIWjS4LigkDnMaq9WgEo0
Protocol: HTTP/1.1
Server: 23.218.208.246 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-218-208-246.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 14 Mar 2022 09:14:04 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEKSwY4G172cdMcpXhwSZzBs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2721
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1

43 B
1020 B

58ms
57ms

Image
image/gif

185.33.220.145
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COGKFRCp6RsYwc3jwAEwAQ&v=APEucNWSflqzWWgR8BZIYs9FL_XU2Ha72U-w5JQypMwuuwBXQUpoFF_fnySv8o8unJaCzCgn7p-X9LZI7AXSE4-qkD0FFW-JseU1m2EbwiLkOo0V8sjmvLbRlrHRn6K4G9kLfsgF4h6iqHdnU6VaH_s0gttBJc0XLGjIWjS4LigkDnMaq9WgEo0

Protocol

HTTP/1.1

Server

185.33.220.145 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: d11b048b-1295-43b0-bc3c-56f26c6b633b
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECkSxRH5yLVxdKD3e9Q2cZM&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2721
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

170 B
188 B

26ms
26ms

Image
image/png

142.250.181.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D

Requested by

Protocol

Server

142.250.181.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
X-Proxy-Origin: 217.114.215.133; 217.114.215.133; 623.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net; adnxs.com
AN-X-Request-Uuid: 10ee9dd9-21b3-41a3-ba09-6425c1d43b9e
Server: nginx/1.21.3
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTgyMDk0MDk4OTA4NDE4OTY5Ng%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5BA9 640 B
316 B 33ms
29ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWWZztybAUK05-re94AXT9ny-4qZFP7qpshNcSg6bCIoyPhsWb8Uq5jYAsGD60OHt9nQ2c4I268u1Lx8CR54kZhmmIj1M2NQfWZFThoXcyIMnIBzPKYffEvUptw7bKOENE2zb3aSv37EOldeD3F_vnG0iFcDLOIwJdIooXhyJGUyNYCwL0

Requested by

Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Mon, 14 Mar 2022 09:14:04 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 587A 27 KB
16 KB 68ms
68ms Script
text/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3-ipIV97kAtrQbrLFzoiWnpWZ8vDqGRhS5_5nLmMa722f8oNV5_wlyaad8hNoVLbF2OMTlF8wIrx3aYFDMVXqAWJBlGAJCIwS_RaPlmpsA03eenZrI9quby358FJZNpdHZ1jUQaVx_SBbvMg9UV-k4ZtlkQ&cry=1&dbm_d=AKAmf-CQdLHNj8ABAb1SdN2s4mIWS_hXwXwR2qVxY5hq-mnORuhA5xifCWK3z270OZ5oXi-E3_CvmHvLo38OP0NoqS6N8hFBbb8g8V_zfAYGxQlOWBP1q2ZEwi4mVl_zqOpOlV8OAeCRvHTRF1fNP17jyA0V1kHjiw81cFuTqiMG79pqBZnqL37y2vZ9jQIDKS3GegPnB_cs0aMxe0rY7sZ13dkawiXysxkeeyr1x5z3eh3bXCXK6Pv2_duwyVbTAkYBqvrz8_Xxnylz3Ax0UFIEF23ehDkIGRD5iQ7fkar-LOPpgdNDLTzPNmJzeeX34EHLlfBjBDq2Neqt8VG0fuHVpVptlwnrHva-5W6UqQCaJGqYGTX1SLMt7Y-DD-mhOX24Le87I6bp6ZvhAeTdjcTeoo1URBd_d6ezC-0sdTgRBIaMExPQsJqxZUogc_IN9w8Xz_xDJRaKTlQhTroZwcp47lEzgUPlzxXqLny_C3xHnn7Wi1ckWvkZbTkzJYRwp-pViPJSkHhgoMPGstLp1mf29Pt3pESyQq4WCUdkrPQXN0v7S8yzWt-qpUhbb65ZsM4ebRSvKVODolvmZ933ZiLv-A25aPPZdyjmMkiYAIc1bDLovsQhyS2rjnjPOiN5Hb3kzfHWW6ECETH89dypujS9moCHdcHADkdmzoe7-C7aUWr37d14bD7eLgVULytyOFCJsW16LSgiiezZCMLUZF60r6GjqYRkbqqqNYpcQ41X6FOOPzSxntdUAW8KIt0FCYhOUBskECJDq3d4tiTc6wOXtWqar3pmF9LmKVXUXPQTuItsugWSLgJvXNDAZN9fIRMMcgf0eCnt3gThRYZqmXc8zhHlSy8wrkujifnecFW155J9I1dhXVX1so93S18JfeIHpI-4-0K0wKDEpWhLURZFIhKWeboqBIXmFd6IOEfaaZq9BHW3FF-MufU2kZYc0rI8xMOiHq7U2zTbIqgPniwIZ3ILWe6mS1RLhNzhxRNxOFRSiIrVMY9WmOL_BB0hH-cXUXrCAqYxc-Y8LCqcOxDQqXeThDBvjqQKX2dIej-aNBu-M07nfI1ia8bQSsLa9bRtOXHuOR9Koqof4rCQPgabNDZS1tW9GhZXaH6C6t2q-8zIL4FAQuakrvD0RGUqhtTA_LDRBhlMngl0iau14r3jzPxUWrLAAQNuYQmc_IN_5-y6wcfMnDHrzwJoOVQHjqsAfGa6o-O-JJzDt__kdG7VZp1djvRhYbRvU8xP_7DhCaTfV7IbIi51Z7pybl7EXfI2XcAlfs6YE4gYdA13Pu4YOVSR7dyKdRWzYZh0XqhI9gJnMQjmnHQ9DiwFFpgqXykbK3GEfjKleWr_dPF-XvmXbXVfxX0DEfl7ti5TQwAN5ZdBJd96i-VlJo7BxLpnKI5DgWehIcj_rkekxfa8DXrunZ8ry0lN7pP0T668wV9MgYDCaxTAqb3uVHLydBDPuU5evR1vHfIqVpxrtMDXggcq9Bx8p_lunh8kjG43AYcaD3VobiYpLDh0-0p89w2kBZeCZosyxcP1VK3Z3XtT7WQLfoldYa9LqqEbceLn6qzAiTs34jud90ttHw0pJEV0HGybmpqKtDGymcdonrDnYj7dXTQEqoop_OhgLUwvtVl_zYtLzHIGVzLWRL5d1T_h3JbD6S2BGqVXHsfaqYcjcdNUIeAz8PR-OvaNjVjXUvrH0DX3GP_hbq5svaKy15UgMwCqKDv3ZwEmcC6p0QU19fh_lP1F1NsJpxJXo58E72tPrS3KzDJ7bYQdAB1RiziOYHufHjQgi4JpcFvGjUt9cKLtVlMnAJa8XdI-jLO5EjbB0v-vNCWfEhkF_C5raf58AyVEnCb5J6RU0biOdYO5MQISo5JVRy2X0pmDNS5s_t-LrjD4vR4IiOrbczVxWO2O_Ol6YbZGmGdp0-7wZ4eqvt4DKA8nX5kkn8R3mMq3gi7fwwCc-Y-vu2vLs2sDb2l59eFHo6YtYfXEre6bPmxyxXXfql5hxnzbTTNgmgtnzsuudSCfTK5r_SCJ2dHM15SEZ89Ns_5wQP1VbaVQRa5jZhAHUDmVHjRDeIjfpQFjmFUnbXjejLrJH5eWrd7yp2tpOjMZ4P9ai_4S7R9TEHW5LzBaz0k0MQEOQnMh4zmzc4BUcwg-ePG4HFkCcuBr9Hr0kRiqlCcrnmG_DF1KKj9rp_pWAzAj6BloEW5he05pEGOgJrCuPmSn3_MWaeoyJ-Jk2BDIkMspO6gr8Wydz_K4UrfBpnxrt0EZZnNhwNZ4V5wFj38PG0xXM14eKbRpbdnOZJq6RihKIz7PvtVuo2mbFyQBaALzKpZIn6fFhD6ZU8SYYYvYT5N0XXzEKuAXG1IQbIu18C_TIVIKNOXaEo-bgUhcHEG8wURVsYOAWCDuiu75WbJ72W-Fha_R30b9plcVlaqK1f9nECNSHRA33WfQeLIGhNK5c3-xfIHLIoI7EgukJzWDbCAMNYfTEXjoSHXPtHh8rKjujFUWJsTnIQeJJEJIGVwHci4eZAilmSOF68o-odftVsPl5oQjAWfvslhw5ZBlSi-mjcB_5V5U28VhGCO7fWfEFg_Krb100xsSeob5I-j3yG8mC_z9ZDfip40LFNciWbTxdhpJ17JNuw0T0fVO6CUP5JS9ItNCpuqBqAGpeoWuSQJmCTX9blVOLp45_F1CfqR8epp5JpnUbiq-krgTFa51ScNbRSo5KCt70MeNeXLIssDUNqE7coOBGvSG9F3E1zae82SXrjDtcDRJqDMLbx_umxuJ3AinpsUsIhxtwjbuyl2IgikuQ21nWxYf6bCwOsEic5yWp_S4Ui71R1ktjTOFnjmxpLVWGFJVD-ujNrU6KPgD9ZIcYIWOP5zClWa5LXBhm_FD62blR6qATeCDlheRhL-tg-IhFlOkctUdPUkdb8lrBG7MxNYyH9lPZw7x1PIHSYFt1Jiyg72JmhoLPq1lraKA0Q3ENvW8FtRaD7TJMac6BD9wB7jhOP75LhTCG_0dAX2xCVgZJ8ZRQrozwbUbjdsQt39ZnT_pM6v04QpPiA5Y3nb6dc_c5tvbU-jqxnu75R1sKzF7FLq-MAV2ywqOL1CyY7Eppu_fSoo29lbSl3CxFpKvJiqJhM-18Q36mdGo1pie-rFFmSZGYovx6LUvAStB7P1q-uE1_IRkJsCC5OfBifUYcSKA-XiOtTm1HVMTJ68mWyh9lFNL5j-uO1iKxuNJJtwbtu4xIlolSI808uL5qPxAJh4YUtHFO3RqbdwHPOnUXkbVTDZrODnx2C0QFjSH9_OErtFYIXCT2eKHazY-qvWfBYfKYibj1oX-LDDVgdm3HT3197PNxRNwATuwnTbKGg&cid=CAASKORoswUAExqYBsXF7AFXLGzTQux3AoQp18i3LLEvoxjcRHwrIYZx5og&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

44add8fe3709838941acbb8b052999c145bd5d81b87173059a6c73c4fe4ddb6e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16263
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 587A 42 B
63 B 39ms
38ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AJ1Q-VWqqZxF7PCA3P9GYvHFA_AUyzT6XEbCLg9ntfISqFl9QpCt7Q78t9aJnxp7c5gZetLxT3GO1UE60tq-iuemarZBQFAkAshRqFNoTRv_8Rii4

Requested by

Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adition.js Show response
imagesrv.adition.com/js/ Frame 587A 32 KB
8 KB 134ms
34ms Script
application/javascript 217.79.188.11
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://imagesrv.adition.com/js/adition.js
Requested by: Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 217.79.188.11 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: imagesrv.adition.com
Software: /
Resource Hash: 70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: br
last-modified: Thu, 21 Oct 2021 06:32:42 GMT
etag: "4043560335-br"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
accept-ranges: bytes
content-length: 8355

GET
H2 200 js Show response
ad13.adfarm1.adition.com/ Frame 587A 3 KB
2 KB 121ms
21ms Script
application/x-javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/js?wp_id=4285695&kid=2954778&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCYw8gWwcvYsnsK6yV7_UPrqe_mAa1kNfhaJ28pLS8D_AuEAEgudvzJmCViv6BlAfIAQmpAhjxi0TITrI-qAMBqgTdAU_Q1kFdo4NyXzOwLRFJ_ncTzKgjfKN6jgwk013CE3Z_NqcHUC6mIBAlja7ximtuzpwxkRo3p3DuPwECN-fAow9QkOdCGAnYJYYZ5nrslFep5F8V1jw9D_wjCTrW8LDuIWIxQw5XDTbb-uUgY9TJe7zC8kbpWKsv6uAbTqzdK6c4O1H22GhnL5gQMVWG5znwsFDLHeEUNCtKJwMCxIi-PvEX4jvoXtMTD5wDgzVN72DD1MaJHBJ_WQ1Ld0kgVQHmvrW7eaKKmYqU-9awMNghOqxeBV-nar4vjCzrhWm1wAT85M-Y0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORoswUAExqYBsXF7AFXLGzTQux3AoQp18i3LLEvoxjcRHwrIYZx5og%26sig%3DAOD64_3xqLP4CKXHZqzx4nx9WCYkJPPRCg%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DYI5W7hR53ObdCf6YgE3du3zIYnhkyQDXsjHM2HXRqcv6-jEwIlqKTSY5ztm7S-AswmgSE-BA7ViDrwqCd-cVQWflkfY1V6hGqG17zwPV_Rn_oUkBT2dTAbOoUBoo_3oBkbyrw_7RyGL3SHFCJ40bdzVoRDQ%26cry%3D1%26dbm_d%3DAKAmf-DBP4aq21CnThRxKjsww6G3p5TxtXjp_JuwqyrvB1JlwiNQdxuVuxSmkxIEc2gwYO3PLbU0pUf1fDB_Po3-elFRBaR-HTPJI0lsBesJcWExF7ECjH_FDjAWD9BtjH46MADz8h2f5YpaDLklVFRLcPbDYKsVGdqP3Wiq582k3Y_90nirGWisToBPzm9os6Q-B901EGSeCaTzISEflrr_XatUFm5lYxnSMKUtLSVLM7nU0BX_SVRRaQUHgRoGPdHHk_fIrN4Tnnpf7YBgsH_lOxJfPYhGgP5j96zPl0-C6n5DR4Nc2z67a0XeX3c0CPuxT0rc0iLc7kglCZ6QNsIX1-fi2joDVuHgCSOAjYywr6PtjkEvksppAWSJPQqRHPAIxJABbtzzhTJqtJKEDFgx_y451tEwc2VbQuL_0fiZ8tfxGZxwtkrf_6bq0KNHslN4af9ooi0n7goF6fsb8NdEorIlZXdPASV6La35RdPeHiG2EMEfQ-xU14VWYImzT_HxC5mgpKym%26adurl%3D
Requested by: Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: 4776f74f19ff20faa356f2a4c8fc47e3a3959ca6342e46a567af3f2a62ae97f3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 10:14:04 +0100
content-encoding: gzip
content-type: application/x-javascript
server: ADITIONSERVER v1.0
cache-control: max-age=600
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 587A 2 KB
1 KB 21ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/window_focus_fy2019.js

Requested by

Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 366
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1233
x-xss-protection: 0
server: cafe
etag: 16517525077337815633
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:58 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 587A 117 KB
36 KB 54ms
53ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36343
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1646830771070120"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H3 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/ Frame 587A 15 KB
6 KB 21ms
20ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220308/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:03:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 624
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6397
x-xss-protection: 0
server: cafe
etag: 14404976697706490601
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:03:40 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/ Frame 2860 6 KB
2 KB 42ms
17ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f7d61ba23f60b53e637eeab02ff9ba7227f58da8a7667d1aeef9d4ef3b09198

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 1994
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 08:07:50 GMT
expires: Tue, 14 Mar 2023 08:07:50 GMT
cache-control: public, max-age=31536000
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
content-type: text/html
age: 3974
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 77AA 0
562 B 111ms
46ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2sPasLcRaLCYp6mXlJQjiikzKyGwNIMhJGJsUMATzC4otZq0XKEjhg2D-ZEdf8kGSfdKEPWRaeoqiB_qYWb-M-ICDb6DK1xR2tEmQKaQrTf37Oifd0Esw6kHGGgTuNmaWzpEMw2BGAs1GRBGFlbEVWiMCZ5GnRxmBWOEF3f9_Rtju1Oaorsq7NsIEEQRZkuyC1d_3dJATZInQS2JYrohX7C0W9twzz6XaCQOUL-fdJ2CF_-Im-LDIh5B-8Iw8JCVkdgzYrxFOyfTYrpZltMawI-5mWVoX0BHHzsy-UV_7R0bbsfySRRa2JC829NZux80BeN3uBWk3otJva2UvSNdSoeJV6wX1hNv2Rs01zO65FF7Jua5CsaZ6PJyz8y3OjJ8dtNO_F7rLPjbDAti0ZYBDtC5BM0cJKWfdfnuopqh2ybEKZZRZ3HzHGcVbJ7-S6fFWDz5qQBUKBPLmg5s1ZgoGCUhUVRJmcrKXRxA_dy9UXnRxOcLeN5jk9Es12FoMLRWaUo8SDWVbKdCeBCwdU9WYy00h_U5L3oXApCbvlE1cfHXNEk45eN07Sb_VaO0Os9aLYROUf-VlNFiZ6XSkuVcGtVBXi9sWr-Unk0cN3cuvesiD-TOj7_TfVEr3NrGyF-5QLyGW2j38TBgIzvXcySkfD_v_McjJO2fczMiK0Rw4JvmLugnfK3nPpcKN9mosSTrAfxe-G3br0Kzt5jeyf9jOEYnM5a2G0mCLFj0EUT0NVcGa8IIT7pFugE9Lb1OCtVxZhFHK4rGfwyivogZzFps19JZojZpAZx4nLiW9s5EGjGqhvjQJ6jecXhdhkMXvJ6uPVe5ajY5SpeIrj9tSu0u0HXNFPKh0bnvp6kbEmskMbCod2BNKW6GXiGlaTGjTk9qOUHLnjcFIySVKgSGPHJ8Mqjy8GsuYggb8SBTFGBKI5ebHsYMrcJdx_6_KMBLuF68i5QQuHpVqy5yC9i7r3TK9lkRgHn_ovZC_qjvF2YdKUPRAJU1da-gYfIgl98jqoqRbiBCDAexBKali8cBRBvI_6IAlRL0sPdxbyNcMLBZJAPyzeJ70OSyADg8kqZNAmVw6gNGBEoAY3ZsitdrOWrd1OC7JgIGfNlanstHfv6ny-2SHF4JeIoirYSZs_y_63TL0E03tu_W0vSI68EDB_3Uky5X2qYCh8372VK_4KQbycELFhv9v&sai=AMfl-YRpLKCC2MXH78RAQkrS0WQsNxBZmkouZ_9hWmZUPz-mIImE-QqV0Z5flOwS1NxfSgZRXBv2VAFJGR1pp8zu0s1JNzwwG5K0nUOP2vkaLhVeF-lEFSCKBhGj7r1TWGoKxQ9NEIGWX_iB77ywsJIWuYeqgOCVWFaloWKZrsdFZqTwcxfL9saSYHADW_YJWZyjYfMi4BQ0tv84WACJB-5aUG-IBu9oIzEzeg&sig=Cg0ArKJSzFbuZ2GZSx_0EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=252&cbvp=1&cstd=249&cisv=r20220308.04325&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Mar 2022 09:14:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 065A 169 KB
59 KB 43ms
17ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
Origin: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 19:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 48531
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 19:45:13 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/ Frame 065A 8 KB
3 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BfVzT2h8cnahmwfyH9YGmzGQcehtWCik-PtiKxYrezS-1c1ESjv7LGZYj9bfjSb4AgbfyQdtO2a4AdqGWkQdW4Ero_gsn0XtXy3BEVeeb6bPH05OH2zBvm-tkNF-DJhRFHH_JUTq9PlqwEdijB6fg0cKBcUA&dbm_d=AKAmf-D9uQ3tmR2m26sN_F5PJmt99SAQqGLMzxv4mK5Rnk9tVzxOXKzJpBMa1vyvIZCxG45Or748wqnQS8O5O21M-i2k9679yEeF1Yu6ziKCAqnFlWhytCcXDmrdVHvyLUxiMyl5jtozC3XrTvDD9waOUGQdJwYNi4JZhypzLWQbvcXoDMH7woJQovsV4hW4p3GzliH-jcxZpWsfMb0HuzQIqM77pljd6Tq-LuhEeffHLiRJ5EqpCSM65cK0H-uCblwK8IBNizD-Tt9mkt68HRVxe8Fq1dNCoST_zBAl2iEo3RotYRhiFlAUATOTt0HLzVnkghwE7VWx_6HKi7BsKBrJgjggm2bCpMYdKf64-7Gh0-e_XBvCXgknf1rHNqwJZLkCjdofFmZ-MHMsKVmOjhSEyLgt2o0Vk-F7TWrVPS6ZkSnpUer1jGyvJWR1kj7jV5cwEB2UZJ_v-Psskf8spgGPHjytq6RTVWtoBEPdlcK_0MJR8pHA3QMWi0FuaaPo8exKzxZIlTVYrqWgzJ-8LjShfYrgOKGBVSCYdkVcLk6UwHs4Sxg1qlqk2IkDXCNgtQCiRDq3mMmtAakNc0CeIlgPfDFH9Qsj7eP9UBhAqAm5V6DJHv_z8uN3Qge2NaNAu9VaJvp2i1xG4Nx4OnEbVs4R8viohJXwjEshFnJGjE5PcWwNSZy5zl_J89cioHkjlmncpy4aKbEoitJeIMDrqKrBFfXD5uG2ghlA0v3mA0fjLwJku--xOVtSCAT9nu9tO-mPsaS0RyeGyUp2uUAmBQBhxRvo4NM6P_ESqiQdJpEx4jY9gTth-0oMTXvH6fHiwHf342CnDlzpH35ZBDwtZFANKfCkuIxZVGZDRoVrT4wH1HtULec9MUDGKjneO3gwYXeAVneJElGpy-dj6e2WURLEspQw67zD96lBAqUiY6OIlQfXF8zePV8uuRErSeBOq1pcVZObKw2eRwA0hFREjGKEs-4YrqvwhMcoYj2oxtkrFhvhOzNoKo1slYd4dOBBNnXoqluaYk00F4-rHjE__pr0YiLEFv3XAMOYegbDW5RfiGxQv3UjgHpLwwweGHIvbApvRAR0VUyxajeA-nnESNvYRI32g_mIncAtBg-5ST6QAq5mlC0D5smMj1DKCB-Hrzx2D3IYvOExJsiAqU3rS3n6zPkfi-Wqyi0yLoq7SfXiUXSzeGTGGvomllOgmAHguJjeA5exvOqAGe1puEjW1oewd3tcrtuuGnLPL_nN4mAnhEFkc2HRZ4AlplcqctknOcr0Beaf6M5V0jpy_X9Rs_rW015Y-DT5hKyfCrzquRUMm5sReWvlCZFIJTtKvovHgo_Y1sqbfHkoXMoHCtvK5vSB2uy9LPN-r3l7a9DwnLQz18ACiEc2BX6HROEoN7WSvqAdX5o3KihXonMFZdHjYEi3iOQ-mtut_mf4XP8fde9SbFka-DpD3DyCFkMniYmsvMzbSHX0ZvnlCU0oaiYZ0GPkHvgvgwIfDDkZ5JIPIlL61D_hoMoTU-Hzj2q7hj8aWKoegPAl2LT5Vm6QmyLWarFH2-rYoboMMbHDZLiQrfJW2X9LwX77lSjqlNJBakWnqYBQlMljQIi_E1neJ0NgaUCJQ25mJVoSyZvnO5XfQdkSB2OgTGL-vRfAwB8yFZlgUnUSZGeEEsdz5voAClc5hyMFVzmyEheqprCTJ2eSy_VwAgskJ6AaMx1kmdyK6pWP45GPVSgZrwVyCCs50sK7UeuVS9Y_rlh7nCK1YGdeNTlLQiAOVaky4EGjy81fYndGjVoKRo-6yGsJHzz1IW_h3jknniNQm5vm3O7vPn3hfrS-HnJxTe7Go_yF7gZueG_2U-JckdGgkCxXsxp2n8cjhdzU1uOvN-hezzlNVhGLsCBPZMB15sMUkdQDn7-a9k3sSnUX2APDmYwIKMwvODvcp1yNrcQ3e4-LgsesDG1oGSfWY_hey12hPmZlYHhZXeFeLGIz0SOs7vBaQ32dA74ajI8jXOd3fGSqrPoy3cJDDWTmYqvN3zvSRbedxW6G0OYj9VOzUC4ovGzxaw7_R-zNaqtKgqQyK8Mxjdq8zR3MPtNqx3EGZkRuFhbVvvEVF7_yqd7UDwQYG-vUtfJ0Ux7Mm8jO8EHm9qysnLZ_FPDAPsbal1f3UWt4gFBkfQrmsN4x-qBMDjD8Hhh-wzQOTJ7U_Ld6AL3gYk5JpE-ajer8p0CImf2on6fLi-VVt6ItemT88kd9hKM7jnY_4305KuEUKUjaPLu8EofOp6Zovj4kCYbYWZYnQ11z-pFwkU7Ob8GueSBVYuxiVb9fk5_-32HF6f4nUv73eqNh2YVK22on1qqRhxjYfNw0rZ-66WtcYatA-uFNGqGbAYQChlOqjoRBWN-9xfyRSbVvjVxYmmsqftbXXzhRS0IDPiSiF35SiaIpUVrzJ60Bw99mcYJnqT798k2jQdpqpr7LaakFE5FtUwH9S81pbqgVAM5IssqrlH9teG8znN83SQj0EdAtMJ9aTqBhxtZM_zghEuab1O7MVX6RS-_7CJGTEypTHc6UPm0utD3TJjYeMWHoBD8hHHiAhkn9j3jZdtctGBwygh0gS0RxAspwBaosPAgOGyhpQ1nxt5Q8_RqgCVX2Cisrdh6mNFV6CaiRFMBh1lF8-uQPh1GjhdXsmjLKnjR7Z9GIRBhAiwWOXKetLjrOjCm2-uq6shkzDAZCcXFdBXHicshp-TBM_EPbZRPQmoV1ryTN1mdVYI774jPaV78HQZChY4yun8_x0JNnu4r401w8mhjK1CaxwGV3AYGawHOqqIHM1ELCPdtA-Xk_fs3-WB0rJaXzozV0zfCtIEHice2h_PGzXFhKvYuldFFvueGOWdODp5eo8koow3WaHy4pAxEQaB1Maxhr6z9LLijij7DsEIc3Z9EXZSusn-O6TcWgJn8OH-kOu_JWM3hil1pd4RkF1YBzqH5Nn3lcsOW3xOYVyO0LiS1S9HN9-3EG77YMAMqzh6CD6DfE-PEe5V6wQsCSW1iH9uLsHTM-PZl2dk7dNg9PNk3G0hQI1MaHbHNdFLYF0MgjRO5bbfzAntchCg74D2YKQ47SQ5UHAAjl3Jc_znjDNucPaKR2kQSiAgRGLokxqdEyOuLIoGHA8n_1Ma0sNbDmDwovfagVtgzM5aYpUmjqxtH3xLpbfBRa4WQFprsB6QNSSUBxonUM1IXt9dE_vwT4UxS5NPMCkihslt4YKI_l1asVU2F7xF1UcfzzsEiIZ2l73F1k0HYrp9v6HL7Fa13sT32hs6MMD4Okvy-KJeq7-zK8M_n2Q8IekeYiZdeWUwEYZudaija7zwgiAspTWUqdNtWc9dUJ4LkZgdowQb7qZoFzFJyc786kPcs&cid=CAASKORoEWYfPJAokfZbrf4mjRE4hrh6LFae_H3LrdOSaJ0CTj2pIes_SU8&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:12:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 118
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3159
x-xss-protection: 0
server: cafe
etag: 1394524276809619753
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:12:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 065A 25 KB
9 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 77AA 41 KB
15 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
DATA 200
OK truncated
/ Frame 77AA 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b28b3c63b3f587cebf4e73ade5bc4e806c2b8f4f8bf1503b91cb75f1f5eab60a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F8C7 22 KB
8 KB 19ms
18ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 6407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame DDCB 0
9 B 17ms
17ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?0jN7Lw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 main.gr.19.8.299.js Show response
static.adsafeprotected.com/ Frame 77AA 189 KB
60 KB 104ms
21ms Script
application/javascript 2600:9000:214f:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/main.gr.19.8.299.js
Requested by: Host: fw.adsafeprotected.com
URL: https://fw.adsafeprotected.com/rjss/st/985734/61500682/skeleton.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 07 Mar 2022 20:37:01 GMT
content-encoding: gzip
age: 563824
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 01 Mar 2022 19:11:01 GMT
server: AmazonS3
etag: W/"587738d3e44b43a2620f42eb51d89fbf"
vary: Accept-Encoding
x-amz-version-id: kp2GPcLunARmvxyYiu0RKpd0_UaoR.nW
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: MFQtBRPP3Z5VsU_ArG6LC3VSvFvU-_-iQ3gozK70pdLmmk701MbTLQ==

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 91B0 0
9 B 17ms
17ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?FoHfVg
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 422A 0
9 B 17ms
17ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?515rIQ
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H/1.1

200
OK

request.php Show response
hal90008.redintelligence.net/ Frame FF2D
Redirect Chain

https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...
https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&cli...

4 KB
2 KB

125ms
84ms

Script
application/x-javascript

138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=6668936078491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.63.150 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: f74981da16193eb036148935c498f9e2d235182da16284c0750ff0edcc2aceb9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 95524800051189000710612011898008
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1246
Expires: Mon, 14 Mar 2022 09:14:04 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:04 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=6668936078491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 14 Mar 2022 09:14:04 +0100

GET
H3

200

sd
us-u.openx.net/w/1.0/ Frame 5BA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKGlXGEM3YfA-I-HnpWoYxc&google_cver=1

43 B
61 B

48ms
28ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKGlXGEM3YfA-I-HnpWoYxc&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWWZztybAUK05-re94AXT9ny-4qZFP7qpshNcSg6bCIoyPhsWb8Uq5jYAsGD60OHt9nQ2c4I268u1Lx8CR54kZhmmIj1M2NQfWZFThoXcyIMnIBzPKYffEvUptw7bKOENE2zb3aSv37EOldeD3F_vnG0iFcDLOIwJdIooXhyJGUyNYCwL0
Protocol: H3
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
via: 1.1 google
server: OXGW/17.2.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEKGlXGEM3YfA-I-HnpWoYxc&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame 5BA9 43 B
305 B 75ms
28ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWWZztybAUK05-re94AXT9ny-4qZFP7qpshNcSg6bCIoyPhsWb8Uq5jYAsGD60OHt9nQ2c4I268u1Lx8CR54kZhmmIj1M2NQfWZFThoXcyIMnIBzPKYffEvUptw7bKOENE2zb3aSv37EOldeD3F_vnG0iFcDLOIwJdIooXhyJGUyNYCwL0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/17.2.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
server: OXGW/17.2.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
via: 1.1 google
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame 5BA9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEAFZR4jtxJzhZ6XT3gfR7UE&google_cver=1

23 B
172 B

61ms
44ms

Image
image/gif

104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEAFZR4jtxJzhZ6XT3gfR7UE&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWWZztybAUK05-re94AXT9ny-4qZFP7qpshNcSg6bCIoyPhsWb8Uq5jYAsGD60OHt9nQ2c4I268u1Lx8CR54kZhmmIj1M2NQfWZFThoXcyIMnIBzPKYffEvUptw7bKOENE2zb3aSv37EOldeD3F_vnG0iFcDLOIwJdIooXhyJGUyNYCwL0
Protocol: H2
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Mar 2022 09:14:04 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEAFZR4jtxJzhZ6XT3gfR7UE&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 5BA9 23 B
172 B 122ms
46ms Image
image/gif 104.90.104.248
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CMmp1wIQ19vYAhidgrrEATAB&v=APEucNWWZztybAUK05-re94AXT9ny-4qZFP7qpshNcSg6bCIoyPhsWb8Uq5jYAsGD60OHt9nQ2c4I268u1Lx8CR54kZhmmIj1M2NQfWZFThoXcyIMnIBzPKYffEvUptw7bKOENE2zb3aSv37EOldeD3F_vnG0iFcDLOIwJdIooXhyJGUyNYCwL0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-90-104-248.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.7 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
cache-control: max-age=0, no-cache, no-store
expires: Mon, 14 Mar 2022 09:14:04 GMT
server: akka-http/10.2.7
content-length: 23
content-type: image/gif

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 7E60 0
9 B 21ms
20ms Image
text/plain 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?YeuOqQ
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 2860 60 KB
24 KB 28ms
27ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 09:14:04 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/js/ Frame 2860 3 KB
856 B 21ms
20ms Script
application/x-javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/js/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6923d2a280d7f185a9a971c0aeab060b17f8def039b1205aa60f7f929b82f2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255778
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 827
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:06 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/ Frame 587A 25 KB
9 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20220308/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D3-ipIV97kAtrQbrLFzoiWnpWZ8vDqGRhS5_5nLmMa722f8oNV5_wlyaad8hNoVLbF2OMTlF8wIrx3aYFDMVXqAWJBlGAJCIwS_RaPlmpsA03eenZrI9quby358FJZNpdHZ1jUQaVx_SBbvMg9UV-k4ZtlkQ&cry=1&dbm_d=AKAmf-CQdLHNj8ABAb1SdN2s4mIWS_hXwXwR2qVxY5hq-mnORuhA5xifCWK3z270OZ5oXi-E3_CvmHvLo38OP0NoqS6N8hFBbb8g8V_zfAYGxQlOWBP1q2ZEwi4mVl_zqOpOlV8OAeCRvHTRF1fNP17jyA0V1kHjiw81cFuTqiMG79pqBZnqL37y2vZ9jQIDKS3GegPnB_cs0aMxe0rY7sZ13dkawiXysxkeeyr1x5z3eh3bXCXK6Pv2_duwyVbTAkYBqvrz8_Xxnylz3Ax0UFIEF23ehDkIGRD5iQ7fkar-LOPpgdNDLTzPNmJzeeX34EHLlfBjBDq2Neqt8VG0fuHVpVptlwnrHva-5W6UqQCaJGqYGTX1SLMt7Y-DD-mhOX24Le87I6bp6ZvhAeTdjcTeoo1URBd_d6ezC-0sdTgRBIaMExPQsJqxZUogc_IN9w8Xz_xDJRaKTlQhTroZwcp47lEzgUPlzxXqLny_C3xHnn7Wi1ckWvkZbTkzJYRwp-pViPJSkHhgoMPGstLp1mf29Pt3pESyQq4WCUdkrPQXN0v7S8yzWt-qpUhbb65ZsM4ebRSvKVODolvmZ933ZiLv-A25aPPZdyjmMkiYAIc1bDLovsQhyS2rjnjPOiN5Hb3kzfHWW6ECETH89dypujS9moCHdcHADkdmzoe7-C7aUWr37d14bD7eLgVULytyOFCJsW16LSgiiezZCMLUZF60r6GjqYRkbqqqNYpcQ41X6FOOPzSxntdUAW8KIt0FCYhOUBskECJDq3d4tiTc6wOXtWqar3pmF9LmKVXUXPQTuItsugWSLgJvXNDAZN9fIRMMcgf0eCnt3gThRYZqmXc8zhHlSy8wrkujifnecFW155J9I1dhXVX1so93S18JfeIHpI-4-0K0wKDEpWhLURZFIhKWeboqBIXmFd6IOEfaaZq9BHW3FF-MufU2kZYc0rI8xMOiHq7U2zTbIqgPniwIZ3ILWe6mS1RLhNzhxRNxOFRSiIrVMY9WmOL_BB0hH-cXUXrCAqYxc-Y8LCqcOxDQqXeThDBvjqQKX2dIej-aNBu-M07nfI1ia8bQSsLa9bRtOXHuOR9Koqof4rCQPgabNDZS1tW9GhZXaH6C6t2q-8zIL4FAQuakrvD0RGUqhtTA_LDRBhlMngl0iau14r3jzPxUWrLAAQNuYQmc_IN_5-y6wcfMnDHrzwJoOVQHjqsAfGa6o-O-JJzDt__kdG7VZp1djvRhYbRvU8xP_7DhCaTfV7IbIi51Z7pybl7EXfI2XcAlfs6YE4gYdA13Pu4YOVSR7dyKdRWzYZh0XqhI9gJnMQjmnHQ9DiwFFpgqXykbK3GEfjKleWr_dPF-XvmXbXVfxX0DEfl7ti5TQwAN5ZdBJd96i-VlJo7BxLpnKI5DgWehIcj_rkekxfa8DXrunZ8ry0lN7pP0T668wV9MgYDCaxTAqb3uVHLydBDPuU5evR1vHfIqVpxrtMDXggcq9Bx8p_lunh8kjG43AYcaD3VobiYpLDh0-0p89w2kBZeCZosyxcP1VK3Z3XtT7WQLfoldYa9LqqEbceLn6qzAiTs34jud90ttHw0pJEV0HGybmpqKtDGymcdonrDnYj7dXTQEqoop_OhgLUwvtVl_zYtLzHIGVzLWRL5d1T_h3JbD6S2BGqVXHsfaqYcjcdNUIeAz8PR-OvaNjVjXUvrH0DX3GP_hbq5svaKy15UgMwCqKDv3ZwEmcC6p0QU19fh_lP1F1NsJpxJXo58E72tPrS3KzDJ7bYQdAB1RiziOYHufHjQgi4JpcFvGjUt9cKLtVlMnAJa8XdI-jLO5EjbB0v-vNCWfEhkF_C5raf58AyVEnCb5J6RU0biOdYO5MQISo5JVRy2X0pmDNS5s_t-LrjD4vR4IiOrbczVxWO2O_Ol6YbZGmGdp0-7wZ4eqvt4DKA8nX5kkn8R3mMq3gi7fwwCc-Y-vu2vLs2sDb2l59eFHo6YtYfXEre6bPmxyxXXfql5hxnzbTTNgmgtnzsuudSCfTK5r_SCJ2dHM15SEZ89Ns_5wQP1VbaVQRa5jZhAHUDmVHjRDeIjfpQFjmFUnbXjejLrJH5eWrd7yp2tpOjMZ4P9ai_4S7R9TEHW5LzBaz0k0MQEOQnMh4zmzc4BUcwg-ePG4HFkCcuBr9Hr0kRiqlCcrnmG_DF1KKj9rp_pWAzAj6BloEW5he05pEGOgJrCuPmSn3_MWaeoyJ-Jk2BDIkMspO6gr8Wydz_K4UrfBpnxrt0EZZnNhwNZ4V5wFj38PG0xXM14eKbRpbdnOZJq6RihKIz7PvtVuo2mbFyQBaALzKpZIn6fFhD6ZU8SYYYvYT5N0XXzEKuAXG1IQbIu18C_TIVIKNOXaEo-bgUhcHEG8wURVsYOAWCDuiu75WbJ72W-Fha_R30b9plcVlaqK1f9nECNSHRA33WfQeLIGhNK5c3-xfIHLIoI7EgukJzWDbCAMNYfTEXjoSHXPtHh8rKjujFUWJsTnIQeJJEJIGVwHci4eZAilmSOF68o-odftVsPl5oQjAWfvslhw5ZBlSi-mjcB_5V5U28VhGCO7fWfEFg_Krb100xsSeob5I-j3yG8mC_z9ZDfip40LFNciWbTxdhpJ17JNuw0T0fVO6CUP5JS9ItNCpuqBqAGpeoWuSQJmCTX9blVOLp45_F1CfqR8epp5JpnUbiq-krgTFa51ScNbRSo5KCt70MeNeXLIssDUNqE7coOBGvSG9F3E1zae82SXrjDtcDRJqDMLbx_umxuJ3AinpsUsIhxtwjbuyl2IgikuQ21nWxYf6bCwOsEic5yWp_S4Ui71R1ktjTOFnjmxpLVWGFJVD-ujNrU6KPgD9ZIcYIWOP5zClWa5LXBhm_FD62blR6qATeCDlheRhL-tg-IhFlOkctUdPUkdb8lrBG7MxNYyH9lPZw7x1PIHSYFt1Jiyg72JmhoLPq1lraKA0Q3ENvW8FtRaD7TJMac6BD9wB7jhOP75LhTCG_0dAX2xCVgZJ8ZRQrozwbUbjdsQt39ZnT_pM6v04QpPiA5Y3nb6dc_c5tvbU-jqxnu75R1sKzF7FLq-MAV2ywqOL1CyY7Eppu_fSoo29lbSl3CxFpKvJiqJhM-18Q36mdGo1pie-rFFmSZGYovx6LUvAStB7P1q-uE1_IRkJsCC5OfBifUYcSKA-XiOtTm1HVMTJ68mWyh9lFNL5j-uO1iKxuNJJtwbtu4xIlolSI808uL5qPxAJh4YUtHFO3RqbdwHPOnUXkbVTDZrODnx2C0QFjSH9_OErtFYIXCT2eKHazY-qvWfBYfKYibj1oX-LDDVgdm3HT3197PNxRNwATuwnTbKGg&cid=CAASKORoswUAExqYBsXF7AFXLGzTQux3AoQp18i3LLEvoxjcRHwrIYZx5og&rfl=2%2Chttps%253A%252F%252Fnets4.com%242%2Chttps%253A%252F%252Fnets4.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:07:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 389
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9657
x-xss-protection: 0
server: cafe
etag: 5177785407398320510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 28 Mar 2022 09:07:35 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 587A 41 KB
15 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/ Frame 48F5 12 KB
2 KB 26ms
25ms Document
text/html 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af18138f0b637528ef79542d0c017324886748e9abc5613e5835108935dffc63

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 1865
date: Mon, 14 Mar 2022 09:14:04 GMT
expires: Tue, 15 Mar 2022 09:14:04 GMT
cache-control: public, max-age=86400
last-modified: Sat, 29 Jan 2022 20:24:02 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 065A 0
24 B 75ms
49ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvqchVV5lzvjLWM6qAlzVaw7-4CV_v9ppiazDtKvL8T7rnhAvOKCL7Zxvd5L2drvZu-p01t5FeYzQh9JEApYW6DJ6Cio3YI-bVJkt4rw68HZSD7RUu1qL1aLNvE5QkLgVwT7D2nDR0S2erNgbIivk32J714dddDthTJvTQiWiSnrCalTyk23cCtoWXYoamH-RDN7wuHJykieNs5nVjm7LLwRZYYrE5Uy0uqCbkcxyVXlq55E-HYzE_6w15Yp1uJVv-wvK73u-6Y5N0ksN0kLfl5Y4ji2xrBwxbmWJxfsJjKYRum3BnzLyPLx-tVBWfOlwExa-Zbyt58qt15VSPyFPg4zLUeIdyRUh_7G11aKzO42cfnZrtuypFIrDYRPJCSfIkoXXveLSsIaG8sb_BY4rt9nNcdiL0UzgfDmnfIQFpfGVMjnzopasQDJdxfI33HnQdwtn9eaBd1F0dc66Pf80_lz9Fc5k841WUtj0gK0KbTUjSx1_MU9npC-1OTc-8V-6rrlAwCPzraiPFH0rk29Tny51Cl3vlFJU-QpHSM7KYn063eE85eZBiMbgWa8mCB58PqUnqRUlqr47G3zBwK2o_WYsTLwwKtoxWH0mrIbew1m37QTEc2YgE6I009_Xl5_xV6VjCXKk2PaHCqCNXJvNa5ZHsWH4nFuiz5vn9JaOsAJZ_BUyFTCRr2DZ1JoCf26AZplweVvbIqQOdVfY2HRp5_mpKREbu6SoYy962APV-_1r3QJjW9gIVw_z-SPTxH9KdLNpFSGcSgww1aSf2icGNDA-l89eyen4AkD20YM6iwXaOAcL8txX2dy7mRBKrXGVsWII1UsAD3HZRIRAmINccQ-v_xTFqJd4o7yNo9mrj8CU8AWT9PC5wDtMfDGz50NZ5-ABdtg9idyE4-VsULCcFw6SGPztGY-Gf5jbmihUbC9pu9jxRKX2kgkBnea4vgAO2z_XvmgftpTkwJQKAlKY2VINjcqy21wFdVAyYlYNMD4ycNQT_1Lw--RXoayPF8UDKr9WbcBaISA7MNyyjL6E5916XKVez1ItlrXbKsPFlEtmHXYrXjzMJVPc_vrB_r0nXHuFXzmJ3it4CgPajDerwOw6FSk1KVUtpT9mH--GR6ojNBKNMGyZr4a2C-k8rEtiippn1eh39Cy0yEL649vEwt7YZUsQtmbK4YDVJ8CMtwQKZYx6H8fApI63xa1nL7fUZt0_7R30gyx4MRoiQ&sai=AMfl-YSSwu2Y6PIU8YX-BcEEDkf_cyKJrE-r5In23kP7eHDZdT07xhenb0SVjPNumnyL5BB0X491Y1xV0AL-SGK0N_n48F6m2vt8OvItWEfTw6xgVqGV5bQHUE6MmKlxuG3-OSAiBzSYTf-IzHlQDy7r7Aadp0bLP1m4YLJ_93CpTqX47WToeiTrR_Ytooh1AKXI1-iSUrZknbjD8Q5ESRgy7RpMYgs9YWBDUA&sig=Cg0ArKJSzNnlV7-wjbaCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=204&cbvp=1&cstd=198&cisv=r20220308.76461&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Mon, 14 Mar 2022 09:14:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame EA35 22 KB
8 KB 18ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 6407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 065A 41 KB
15 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
URL: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 07:27:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 6407
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 14 Mar 2023 07:27:17 GMT

GET
DATA 200
OK truncated
/ Frame 065A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed5f8a37a9ba74f308e226ef1b2d53467d720553c552875370b31fedd3433cc4

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame F8C7 35 KB
13 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 200 1643485919913.css
s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/ Frame 48F5 8 KB
2 KB 19ms
18ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

273f55341c678dfe399dbb8b7b0690eb931a4b044a1afed9aaa2bc3ef1a8a070

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 15:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2085
x-xss-protection: 0
last-modified: Sat, 29 Jan 2022 20:24:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 15:57:29 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 48F5 118 KB
40 KB 19ms
19ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 12:46:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73653
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 12:46:31 GMT

GET
H3 200 1643485919913.js Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/ Frame 48F5 32 KB
11 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a0163cf949cea5a556b144eb406773e848d3f639848858e5eafa49657b5927f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 15:57:29 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 62195
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11115
x-xss-protection: 0
last-modified: Sat, 29 Jan 2022 20:24:02 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 15:57:29 GMT

GET
H2 200 banner Show response
ad13.adfarm1.adition.com/ Frame 587A 568 B
723 B 23ms
23ms Script
text/javascript 217.79.188.54
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to

Full URL: https://ad13.adfarm1.adition.com/banner?sid=4285695&adjsver=3&fvers=&iframe=1&ref=https%3A//nets4.com/&ro=https%3A//c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html%3Fn%3D1&uao=Mozilla/5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit/537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome/99.0.4844.51%20Safari/537.36&os=17&browser=11&userid=0&kid=2954778&screen_res=6&wpt=J&clickurl=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCYw8gWwcvYsnsK6yV7%5FUPrqe%5FmAa1kNfhaJ28pLS8D%5FAuEAEgudvzJmCViv6BlAfIAQmpAhjxi0TITrI%2DqAMBqgTdAU%5FQ1kFdo4NyXzOwLRFJ%5FncTzKgjfKN6jgwk013CE3Z%5FNqcHUC6mIBAlja7ximtuzpwxkRo3p3DuPwECN%2DfAow9QkOdCGAnYJYYZ5nrslFep5F8V1jw9D%5FwjCTrW8LDuIWIxQw5XDTbb%2DuUgY9TJe7zC8kbpWKsv6uAbTqzdK6c4O1H22GhnL5gQMVWG5znwsFDLHeEUNCtKJwMCxIi%2DPvEX4jvoXtMTD5wDgzVN72DD1MaJHBJ%5FWQ1Ld0kgVQHmvrW7eaKKmYqU%2D9awMNghOqxeBV%2Dnar4vjCzrhWm1wAT85M%2DY0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH%5Fp6xAqgHpKOxAqgH1ckbqAemvhuoB%5FPRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUB%2DBYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORoswUAExqYBsXF7AFXLGzTQux3AoQp18i3LLEvoxjcRHwrIYZx5og%26sig%3DAOD64%5F3xqLP4CKXHZqzx4nx9WCYkJPPRCg%26client%3Dca%2Dpub%2D4903453974745530%26dbm%5Fc%3DAKAmf%2DDYI5W7hR53ObdCf6YgE3du3zIYnhkyQDXsjHM2HXRqcv6%2DjEwIlqKTSY5ztm7S%2DAswmgSE%2DBA7ViDrwqCd%2DcVQWflkfY1V6hGqG17zwPV%5FRn%5FoUkBT2dTAbOoUBoo%5F3oBkbyrw%5F7RyGL3SHFCJ40bdzVoRDQ%26cry%3D1%26dbm%5Fd%3DAKAmf%2DDBP4aq21CnThRxKjsww6G3p5TxtXjp%5FJuwqyrvB1JlwiNQdxuVuxSmkxIEc2gwYO3PLbU0pUf1fDB%5FPo3%2DelFRBaR%2DHTPJI0lsBesJcWExF7ECjH%5FFDjAWD9BtjH46MADz8h2f5YpaDLklVFRLcPbDYKsVGdqP3Wiq582k3Y%5F90nirGWisToBPzm9os6Q%2DB901EGSeCaTzISEflrr%5FXatUFm5lYxnSMKUtLSVLM7nU0BX%5FSVRRaQUHgRoGPdHHk%5FfIrN4Tnnpf7YBgsH%5FlOxJfPYhGgP5j96zPl0%2DC6n5DR4Nc2z67a0XeX3c0CPuxT0rc0iLc7kglCZ6QNsIX1%2Dfi2joDVuHgCSOAjYywr6PtjkEvksppAWSJPQqRHPAIxJABbtzzhTJqtJKEDFgx%5Fy451tEwc2VbQuL%5F0fiZ8tfxGZxwtkrf%5F6bq0KNHslN4af9ooi0n7goF6fsb8NdEorIlZXdPASV6La35RdPeHiG2EMEfQ%2DxU14VWYImzT%5FHxC5mgpKym%26adurl%3D
Requested by: Host: ad13.adfarm1.adition.com
URL: https://ad13.adfarm1.adition.com/js?wp_id=4285695&kid=2954778&clickurl=https://googleads.g.doubleclick.net/dbm/clk%3Fsa%3DL%26ai%3DCYw8gWwcvYsnsK6yV7_UPrqe_mAa1kNfhaJ28pLS8D_AuEAEgudvzJmCViv6BlAfIAQmpAhjxi0TITrI-qAMBqgTdAU_Q1kFdo4NyXzOwLRFJ_ncTzKgjfKN6jgwk013CE3Z_NqcHUC6mIBAlja7ximtuzpwxkRo3p3DuPwECN-fAow9QkOdCGAnYJYYZ5nrslFep5F8V1jw9D_wjCTrW8LDuIWIxQw5XDTbb-uUgY9TJe7zC8kbpWKsv6uAbTqzdK6c4O1H22GhnL5gQMVWG5znwsFDLHeEUNCtKJwMCxIi-PvEX4jvoXtMTD5wDgzVN72DD1MaJHBJ_WQ1Ld0kgVQHmvrW7eaKKmYqU-9awMNghOqxeBV-nar4vjCzrhWm1wAT85M-Y0gLgBAOQBgGgBk2AB6yoy70BqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAffn7EC2AcA0ggJCIjhgBAQARgd8ggbYWR4LXN1YnN5bi00ODIzOTY5OTg1MDgyMTM2gAoDmAsByAsBgAwBsBPdr7EN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASKORoswUAExqYBsXF7AFXLGzTQux3AoQp18i3LLEvoxjcRHwrIYZx5og%26sig%3DAOD64_3xqLP4CKXHZqzx4nx9WCYkJPPRCg%26client%3Dca-pub-4903453974745530%26dbm_c%3DAKAmf-DYI5W7hR53ObdCf6YgE3du3zIYnhkyQDXsjHM2HXRqcv6-jEwIlqKTSY5ztm7S-AswmgSE-BA7ViDrwqCd-cVQWflkfY1V6hGqG17zwPV_Rn_oUkBT2dTAbOoUBoo_3oBkbyrw_7RyGL3SHFCJ40bdzVoRDQ%26cry%3D1%26dbm_d%3DAKAmf-DBP4aq21CnThRxKjsww6G3p5TxtXjp_JuwqyrvB1JlwiNQdxuVuxSmkxIEc2gwYO3PLbU0pUf1fDB_Po3-elFRBaR-HTPJI0lsBesJcWExF7ECjH_FDjAWD9BtjH46MADz8h2f5YpaDLklVFRLcPbDYKsVGdqP3Wiq582k3Y_90nirGWisToBPzm9os6Q-B901EGSeCaTzISEflrr_XatUFm5lYxnSMKUtLSVLM7nU0BX_SVRRaQUHgRoGPdHHk_fIrN4Tnnpf7YBgsH_lOxJfPYhGgP5j96zPl0-C6n5DR4Nc2z67a0XeX3c0CPuxT0rc0iLc7kglCZ6QNsIX1-fi2joDVuHgCSOAjYywr6PtjkEvksppAWSJPQqRHPAIxJABbtzzhTJqtJKEDFgx_y451tEwc2VbQuL_0fiZ8tfxGZxwtkrf_6bq0KNHslN4af9ooi0n7goF6fsb8NdEorIlZXdPASV6La35RdPeHiG2EMEfQ-xU14VWYImzT_HxC5mgpKym%26adurl%3D
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 217.79.188.54 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: aa.adfarm1.adition.com
Software: ADITIONSERVER v1.0 /
Resource Hash: a7d4139a86f5c5467ae6cb400f0ae7b95995f6ed3da681d17ce1cf8fdc6a0ca1

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 10:14:04 +0100
content-encoding: gzip
server: ADITIONSERVER v1.0
p3p: policyref="https://imagesrv.adition.com/w3c/p3p-ssl.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
cache-control: no-cache
content-type: text/javascript
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A488 0
20 B 41ms
39ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030801&jk=4263479940061606&bg=!UFOlUxfNAAb7UztL-1M7ACkAdvg8WsKY1_uCHUeJUqLoz9KvI3vTI3_rf9WlIkbaEzArWKK9J0OfZgIAAADYUgAAAAJoAQeZAt7z-yz229CuSZ4pJHn09alb6YdaCpQTL6NImRx39NVrmGCm_NwSfJ80bzF2o7xg7K5bzm3B--Z6Dm7Ls_bpaYiNqeHKmta_dFb1NxQsTYg_hMEJ_MSm8BUW70rQ-Mr589M7G2qvYSPwE0OJrUwkio6HuXMBM7S8tmSO-rcKaZ58jv7KmJgqohuLTCVeR4gl_z__x8JhyedxF2XXckblP65EsUUeE5BzirGzs6T1DtbgFn19r92P8KmJw55GPGwF4x6Nl4YXzhVFqpREqxO9KpmV4JCrHKyc62cTrtIXxyZSCmHPaWRFMxERL9toxdbU4Efvvvs9Ur0rZ8o0lMYICCDR_Le_8T1iXN7wDruIeaMMgGGeJdktE4TQ1b0vYPSM5NGzDwc5_oOLEmRG8zGI8Uar0J7ToAwPz8HnH56fBmuQEZH1FE599U4QsbbkkUrWygVdTn5QHwNqvjvtiPzUCTqmef1tNay7kIwzf8BJDGFnTaKvRqbW-VbU0W-CfIqGlLOsDHIAvRSyQ3ZUItVjMBo4lPU2ymKRrqvxUU1NodvhWfmguet23pFbLdHJgj5Hm_G1Vtb5-eEbnOcqoKIiKHn9hh4utPb5iQTFjnWuT48mbaZU8NPMeeM31gsPisNcl_LHZwlj9_MXA3SYz1zd4-sHolnqGG6FzkOcDrkZ2jAqSUFB_mTohp1VgEi3yK6muTx5m51A7OyetrJArWsyXBSSnmv85myZlxg1P7f3YeJj8VR39j5ydJRSwhH8W1s6LnrvnX-CcvBtoRf-YwWZy2-Cx-TuXFOPlcLRQz3fd-xu1u_YYmxlayNCJ67Y8Hc51xnf5VFjzRZrRhVqZ396B7FR7PfGBHJTpYe5s6nSXPZM2QSCcBAii5vSDIzqg1h1iJPLIcjwLuUiv1oqtyYwXLcWfi92eKdj97fQ7xe5P-wktDxA2bQIPEKQ64_39jju_Sc3YJnUl2iM79d8w7LXmA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 77AA 0
23 B 40ms
40ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2sPasLcRaLCYp6mXlJQjiikzKyGwNIMhJGJsUMATzC4otZq0XKEjhg2D-ZEdf8kGSfdKEPWRaeoqiB_qYWb-M-ICDb6DK1xR2tEmQKaQrTf37Oifd0Esw6kHGGgTuNmaWzpEMw2BGAs1GRBGFlbEVWiMCZ5GnRxmBWOEF3f9_Rtju1Oaorsq7NsIEEQRZkuyC1d_3dJATZInQS2JYrohX7C0W9twzz6XaCQOUL-fdJ2CF_-Im-LDIh5B-8Iw8JCVkdgzYrxFOyfTYrpZltMawI-5mWVoX0BHHzsy-UV_7R0bbsfySRRa2JC829NZux80BeN3uBWk3otJva2UvSNdSoeJV6wX1hNv2Rs01zO65FF7Jua5CsaZ6PJyz8y3OjJ8dtNO_F7rLPjbDAti0ZYBDtC5BM0cJKWfdfnuopqh2ybEKZZRZ3HzHGcVbJ7-S6fFWDz5qQBUKBPLmg5s1ZgoGCUhUVRJmcrKXRxA_dy9UXnRxOcLeN5jk9Es12FoMLRWaUo8SDWVbKdCeBCwdU9WYy00h_U5L3oXApCbvlE1cfHXNEk45eN07Sb_VaO0Os9aLYROUf-VlNFiZ6XSkuVcGtVBXi9sWr-Unk0cN3cuvesiD-TOj7_TfVEr3NrGyF-5QLyGW2j38TBgIzvXcySkfD_v_McjJO2fczMiK0Rw4JvmLugnfK3nPpcKN9mosSTrAfxe-G3br0Kzt5jeyf9jOEYnM5a2G0mCLFj0EUT0NVcGa8IIT7pFugE9Lb1OCtVxZhFHK4rGfwyivogZzFps19JZojZpAZx4nLiW9s5EGjGqhvjQJ6jecXhdhkMXvJ6uPVe5ajY5SpeIrj9tSu0u0HXNFPKh0bnvp6kbEmskMbCod2BNKW6GXiGlaTGjTk9qOUHLnjcFIySVKgSGPHJ8Mqjy8GsuYggb8SBTFGBKI5ebHsYMrcJdx_6_KMBLuF68i5QQuHpVqy5yC9i7r3TK9lkRgHn_ovZC_qjvF2YdKUPRAJU1da-gYfIgl98jqoqRbiBCDAexBKali8cBRBvI_6IAlRL0sPdxbyNcMLBZJAPyzeJ70OSyADg8kqZNAmVw6gNGBEoAY3ZsitdrOWrd1OC7JgIGfNlanstHfv6ny-2SHF4JeIoirYSZs_y_63TL0E03tu_W0vSI68EDB_3Uky5X2qYCh8372VK_4KQbycELFhv9v&sai=AMfl-YRpLKCC2MXH78RAQkrS0WQsNxBZmkouZ_9hWmZUPz-mIImE-QqV0Z5flOwS1NxfSgZRXBv2VAFJGR1pp8zu0s1JNzwwG5K0nUOP2vkaLhVeF-lEFSCKBhGj7r1TWGoKxQ9NEIGWX_iB77ywsJIWuYeqgOCVWFaloWKZrsdFZqTwcxfL9saSYHADW_YJWZyjYfMi4BQ0tv84WACJB-5aUG-IBu9oIzEzeg&sig=Cg0ArKJSzFbuZ2GZSx_0EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=579&vt=11&dtpt=327&dett=3&cstd=249&cisv=r20220308.04325&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:04 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 txt1@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 3 KB
3 KB 19ms
19ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/txt1@2x.png

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

75a78072b6693324154063fec9bd719b13427c109796e632f7677f81884ef316

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:55 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2845
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:55 GMT

GET
H3 200 disclaimer@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 1 KB
1 KB 20ms
20ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/disclaimer@2x.png

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b58826e6e8364bd38047e63ddef0f1a8c4f29926d9622d2902f6615a75ef77a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:55 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1464
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:55 GMT

GET
H3 200 cta@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 706 B
733 B 21ms
21ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/cta@2x.png

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f6ded28a1c0c06b0bddf65b5d390b0471dfd31f069435d19c2bb3f739cfae90

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:55 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 706
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:55 GMT

GET
H3 200 logo.svg
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 2 KB
1 KB 22ms
20ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/logo.svg

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e9b62726c16a24a6c96dfdf09813ae3f6d676bec3d70d8665035e138711e4d91

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:07:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3974
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1053
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 08:07:50 GMT

GET
H3 200 bg1@2x.jpg
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 37 KB
37 KB 22ms
21ms Image
image/jpeg 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/bg1@2x.jpg

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7bf66779741ff23e29accfb5a42df4df52ef56eec47ae7984f90ccbdff196ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:55 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37567
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:55 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6CA9 22 KB
8 KB 17ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 6407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2

200

skeleton.js Show response
static.adsafeprotected.com/ Frame 77AA
Redirect Chain

https://fw.adsafeprotected.com/rfw/st/985734/61500682/skeleton.js?adsafe_url=https%3A%2F%2Fnets4.com&adsafe_type=g&adsafe_url=https%3A%2F%2Fnets4.com%2F&adsafe_type=e&adsafe_url=https%3A%2F%2Fbcb91...
https://static.adsafeprotected.com/skeleton.js

17 B
465 B

19ms
19ms

Script
application/javascript

2600:9000:214f:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/skeleton.js
Requested by: Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Server: 2600:9000:214f:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Wed, 07 Jul 2021 08:35:57 GMT
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
age: 21602288
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 17
last-modified: Mon, 17 Aug 2020 23:54:35 GMT
server: AmazonS3
etag: "53fab767ecbd3bf07990b10246befbd4"
x-amz-version-id: nylqTweorRThFHMBJSrf_fHcWx3KVKN3
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-type: application/javascript
x-amz-cf-id: 3mlXx1avcm4Jo2ytY9kI4_VFfNleuFumGFjk7QfowCKwNt6WkCxsYA==

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:04 GMT
x-server-name: app13.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.js
cache-control: no-cache
content-length: 0
server: nginx

GET
H2 200 sca.17.5.12.js Show response
static.adsafeprotected.com/ Frame 2FB4 80 KB
21 KB 21ms
21ms Script
application/javascript 2600:9000:214f:f000:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.adsafeprotected.com/sca.17.5.12.js
Requested by: Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:214f:f000:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Tue, 15 Feb 2022 13:58:04 GMT
content-encoding: gzip
age: 2315761
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 19 Aug 2021 16:31:24 GMT
server: AmazonS3
etag: W/"9304f57298c3834ff107ea7ccb547996"
vary: Accept-Encoding
x-amz-version-id: 9YodSBhG3Q8HTUbQ_WDUpcPK09tSZ5ja
via: 1.1 73f3a23156999272233949c078c30858.cloudfront.net (CloudFront)
cache-control: max-age=315360000
x-amz-cf-pop: FRA53-C1
content-type: application/javascript
x-amz-cf-id: O8s059Z1nqwPI7NTJ_ZiGNPKUYQTR1Q7nO2rmF-E7sYGnhuBA7ldJw==

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 417A 22 KB
8 KB 18ms
17ms Document
text/html 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 14 Mar 2022 07:27:17 GMT
expires: Tue, 14 Mar 2023 07:27:17 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
content-type: text/html
age: 6407
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 77AA 43 B
301 B 314ms
98ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=985734&asId=f4a73a82-cd92-803d-7c7a-b38988bf1497&tv=%7Bc:6PfkM8,pingTime:-3,time:314,type:v,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:279%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:314,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:279,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B50~0%5D,as:%5B49~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t02RXtc+11%7C121%7C122*.985734-61500682%7C1221%7C1222%7C1223%7C131%7C141%7C142%7C1431%7C1432%7C151%7C152%7C1531%7C1532%7C161%7C162%7C163%7C171%7C172%7C1731%7C1732%7C18%7C19,idMap:122*,rmeas:1,rend:0,renddet:na%7D&br=c
Requested by: Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
X-Server-Name: dt55.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 77AA 43 B
301 B 312ms
98ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=985734&asId=f4a73a82-cd92-803d-7c7a-b38988bf1497&tv=%7Bc:6PfkM9,pingTime:-6,time:315,type:i,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:315,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:279,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B51~0%5D,as:%5B50~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t02RXtc+11%7C121%7C122*.985734-61500682%7C1221%7C1222%7C1223%7C131%7C141%7C142%7C1431%7C1432%7C151%7C152%7C1531%7C1532%7C161%7C162%7C163%7C171%7C172%7C1731%7C1732%7C18%7C19,idMap:122*,rmeas:1,rend:0,renddet:na%7D&tpiLookup=ao:nets4.com*%2Cnets4.com*&br=c
Requested by: Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
X-Server-Name: dt46.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame EA35 35 KB
13 KB 20ms
20ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H/1.1 200
OK 0s3p1fkb96mt Show response
ad.ad-srv.net/zone/ Frame 587A 10 KB
3 KB 75ms
22ms Script
text/html 46.4.10.47
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.ad-srv.net/zone/0s3p1fkb96mt?subid=&redirectClick=
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 46.4.10.47 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.47.10.4.46.clients.your-server.de
Software: Apache /
Resource Hash: ed45fba354557d5f470306d013ef3314b24b5740d6cdf9c6be31a92a37ceeaab

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:04 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 2661
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 77AA 43 B
301 B 298ms
99ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=985734&asId=f4a73a82-cd92-803d-7c7a-b38988bf1497&tv=%7Bc:6PfkME,pingTime:-2,time:346,type:a,im:%7Bsf:0,pom:1,prf:%7BbdA:374,bdZ:561,beA:707,beZ:708,mfA:968,cmA:969,inA:970,inZ:973,prA:973,prZ:981,si:987,poA:988,poZ:1000,cmZ:1000,mfZ:1000,loA:1021,loZ:1023,ltA:1052,ltZ:1053%7D%7D,sca:%7Bdfp:%7Bdf:4,sz:728.90,dom:div%7D%7D,env:%7Bgca:false,cca:false,gca2:false%7D,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:279%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:0,o:346,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:279,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B82~0%5D,as:%5B81~728.90%5D%7D%7D%5D,slEventCount:1,em:true,fr:false,e:,tt:rjss,dtt:0,fm:t02RXtc+11%7C121%7C122*.985734-61500682%7C1221%7C1222%7C1223%7C131%7C141%7C142%7C1431%7C1432%7C151%7C152%7C1531%7C1532%7C161%7C162%7C163%7C171%7C172%7C1731%7C1732%7C18%7C19,idMap:122*,pd:0YtC.internal-nacl-plugin,rmeas:1,rend:0,renddet:na,sinceFw:65,readyFired:true%7D&br=c
Requested by: Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H3 200 logo.png
s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/ Frame 48F5 1 KB
1 KB 18ms
17ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/logo.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bec18ada6631a132ac08e06cadc41662c34442d10596b7bfd27862ed7157b5c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 15:57:30 GMT
x-content-type-options: nosniff
age: 62194
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1417
x-xss-protection: 0
last-modified: Sat, 29 Jan 2022 20:24:03 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 15:57:30 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 1FD0 930 B
931 B 70ms
19ms Document
text/html 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=6668936078491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:102::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/

Response headers

server: keycdn-engine
date: Mon, 14 Mar 2022 09:14:05 GMT
content-type: text/html
content-length: 552
x-accel-version: 0.01
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16b3be00-gzip"
vary: Accept-Encoding
content-encoding: gzip
expires: Mon, 21 Mar 2022 09:14:05 GMT
cache-control: max-age=604800
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame FF2D 1 KB
2 KB 313ms
152ms Script
text/html 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=95524800051189000710612011898008&nw=1
Requested by: Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 07b5f92df996337bfc2b1438c0180d660a203528e7b4d7d554a0fcfd318616c3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
Last-Modified: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Content-Length: 1231
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3

200

activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228 Show response
5994599.fls.doubleclick.net/ Frame 6ABE
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228?

391 B
345 B

63ms
36ms

Document
text/html

216.58.212.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228?

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.212.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f6.1e100.net

Software

cafe /

Resource Hash

a9146864b77d6766fbe12dfd0a9f558476353af27e4f0a74703c16a81759f31b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 14 Mar 2022 09:14:05 GMT
expires: Mon, 14 Mar 2022 09:14:05 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 322
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 14 Mar 2022 09:14:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal90008.redintelligence.net/ Frame 7F17 7 KB
2 KB 61ms
20ms Document
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request.php?zone=4727t6qteyti&nw=20&renderingType=javascript&namespace=06807608e5&subid=&uid=e22ca40e0ad694b1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCrCvvWwcvYunhLo2H9u8P4ZiiwAS1zfmDV_zYuavlDPAuEAEg8tO5e2CViv6BlAfIAQmpAhjxi0TITrI-qAMByAObBKoE4wFP0DsPH1KqG5r-7BwM9YNCrwTuf6MnzZlojE1AM7X6-MaKeqLkJrRnzzIDbtgICnQHA3FomZZdYnO67BOHoR85YHJmGlL5OLGvWtwDHJeMDWjF5_8QA78XptavL-9RemLlWTh-8n910YM8nfknj8L2mXTmKcicNu2mr_Lb-aIQz3M9ZfVP57KUSozPldJV8fB_ey92qbIfFIMnb19_08sQAarPT7ukYYskoaI7KINqpFVgK-L8yY0SKFcPY341iYulqjQHfsusMOgYUORSTA5VlZBv46QkGFvwAKN_1VZWsxtyUMAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB_PRG6gHltgbqAeqm7ECqAf_nrECqAffn7EC2AcA0ggJCIDhgBAQARgdgAoDmAsByAsBgAwBsBPcmesN0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSLQCNIrLMgUJiJPOUBXB9oI32AfQQ-Ivvu_EfHsiDvldaVJns0b7fqnpnlq88Hg%26sig%3DAOD64_1xPr96MSmWX1SzUrNt2Sn9fLyy1w%26client%3Dca-pub-5413329544040947%26dbm_c%3DAKAmf-BHrc9oVHxraayrYcAA8uOm4jA1Zm_oGyvEECNagxGeKCfZ8-2-rZDgpKe0KBzOvzYiAW2P-gtoPwD79wo2CMRHfap7DbF3uOXP1sqQ2etHYaRtnohx6Ae0rpn-s7BGd-zRhDHMJ95k-RkDOOfhA9uJj5FMzQ%26cry%3D1%26dbm_d%3DAKAmf-A8pQiiX3JfCY2ulaTNCGIPo9MVlCzVO1u9B1Zu7BgPoRnkuTOiBES9bNsij7qXTXdNcv0Zwn6gNhtF8LWDoIyoPFKmXh5a6TiNym28GaGvNPxhPm8iC81PM7qjtQZJIgSz1jNrWHFM7KcKSiVeZrY_KDLxegV3lZQbdxC2stTAOexLGLhrWaeFEY1BTPTVJnHp5M7jOIvT3wXxFdeHlO4QBjHXIboQ1EGn5H4LSushAy3CYOl-L9w-8X9kIzXqprOivHxgJixY0Mu2QD0IsTU4HXXqB8JSWGwcidRkvSFbkDMxFx6s8ZtbSwBlWHBFiEOV4nDw-qo_wfRTJxbIs69muQ6ar-nZBVLY_4tb243QtSfFwD19bYxwnHkhV5Gv9kydeZZhegYSJDwRt_rCm0KGGF8Wu_ASJ6qffcyNA_MeItYoKjxzpPJps5gfQhYUS-tzt2lgnz8Eg9ICiBv7tsBHZ7_jzil0Oy31fvJ9pkTXkjvaQM--oMc_FSMzkZ-kpb3yBNkE%26adurl%3D&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=6668936078491&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 35c06f175466a0e90ee4e2be4a22c47b68d662fe853682a939f879b0dfc14ef6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 14 Mar 2022 09:14:05 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2070
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame FF2D 43 B
705 B 77ms
32ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2874697&v=22610&q=408799&r=296283&pref1=95524800051189000710612011898008&pv=1

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame FF2D 43 B
702 B 70ms
24ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=95524800051189000710612011898008&pv=1

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6CA9 35 KB
13 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1549
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
DATA 200
OK truncated
/ Frame FF2D 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 49d1ce328e23cad4f2708ac8d19febf13cb9da62b30da917d6526c1849f32219

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 065A 0
23 B 42ms
40ms Ping
image/gif 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvqchVV5lzvjLWM6qAlzVaw7-4CV_v9ppiazDtKvL8T7rnhAvOKCL7Zxvd5L2drvZu-p01t5FeYzQh9JEApYW6DJ6Cio3YI-bVJkt4rw68HZSD7RUu1qL1aLNvE5QkLgVwT7D2nDR0S2erNgbIivk32J714dddDthTJvTQiWiSnrCalTyk23cCtoWXYoamH-RDN7wuHJykieNs5nVjm7LLwRZYYrE5Uy0uqCbkcxyVXlq55E-HYzE_6w15Yp1uJVv-wvK73u-6Y5N0ksN0kLfl5Y4ji2xrBwxbmWJxfsJjKYRum3BnzLyPLx-tVBWfOlwExa-Zbyt58qt15VSPyFPg4zLUeIdyRUh_7G11aKzO42cfnZrtuypFIrDYRPJCSfIkoXXveLSsIaG8sb_BY4rt9nNcdiL0UzgfDmnfIQFpfGVMjnzopasQDJdxfI33HnQdwtn9eaBd1F0dc66Pf80_lz9Fc5k841WUtj0gK0KbTUjSx1_MU9npC-1OTc-8V-6rrlAwCPzraiPFH0rk29Tny51Cl3vlFJU-QpHSM7KYn063eE85eZBiMbgWa8mCB58PqUnqRUlqr47G3zBwK2o_WYsTLwwKtoxWH0mrIbew1m37QTEc2YgE6I009_Xl5_xV6VjCXKk2PaHCqCNXJvNa5ZHsWH4nFuiz5vn9JaOsAJZ_BUyFTCRr2DZ1JoCf26AZplweVvbIqQOdVfY2HRp5_mpKREbu6SoYy962APV-_1r3QJjW9gIVw_z-SPTxH9KdLNpFSGcSgww1aSf2icGNDA-l89eyen4AkD20YM6iwXaOAcL8txX2dy7mRBKrXGVsWII1UsAD3HZRIRAmINccQ-v_xTFqJd4o7yNo9mrj8CU8AWT9PC5wDtMfDGz50NZ5-ABdtg9idyE4-VsULCcFw6SGPztGY-Gf5jbmihUbC9pu9jxRKX2kgkBnea4vgAO2z_XvmgftpTkwJQKAlKY2VINjcqy21wFdVAyYlYNMD4ycNQT_1Lw--RXoayPF8UDKr9WbcBaISA7MNyyjL6E5916XKVez1ItlrXbKsPFlEtmHXYrXjzMJVPc_vrB_r0nXHuFXzmJ3it4CgPajDerwOw6FSk1KVUtpT9mH--GR6ojNBKNMGyZr4a2C-k8rEtiippn1eh39Cy0yEL649vEwt7YZUsQtmbK4YDVJ8CMtwQKZYx6H8fApI63xa1nL7fUZt0_7R30gyx4MRoiQ&sai=AMfl-YSSwu2Y6PIU8YX-BcEEDkf_cyKJrE-r5In23kP7eHDZdT07xhenb0SVjPNumnyL5BB0X491Y1xV0AL-SGK0N_n48F6m2vt8OvItWEfTw6xgVqGV5bQHUE6MmKlxuG3-OSAiBzSYTf-IzHlQDy7r7Aadp0bLP1m4YLJ_93CpTqX47WToeiTrR_Ytooh1AKXI1-iSUrZknbjD8Q5ESRgy7RpMYgs9YWBDUA&sig=Cg0ArKJSzNnlV7-wjbaCEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=461&vt=11&dtpt=257&dett=3&cstd=198&cisv=r20220308.76461&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 417A 35 KB
13 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H/1.1

200
OK

request.php Show response
ad11.ad-srv.net/ Frame 587A
Redirect Chain

https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x9...
https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x9...

3 KB
2 KB

91ms
46ms

Script
application/x-javascript

138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 2b6f1eb36a20dba643c7dd756ff378dc44e95baa20a61a30be9706e16835508c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 80384500055665200383828011898011
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1016
Expires: Mon, 14 Mar 2022 09:14:05 +0100

Redirect headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Mon, 14 Mar 2022 09:14:05 +0100

GET
H2 200 css
fonts.googleapis.com/ Frame 7F17 1 KB
921 B 79ms
32ms Stylesheet
text/css 2a00:1450:4001:830::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 14 Mar 2022 08:45:47 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 14 Mar 2022 09:14:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 14 Mar 2022 09:14:05 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7F17 17 KB
17 KB 67ms
23ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/59171/creativesup/vega-1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: d10c5878ffaa543f270227e1b7a2c12e93d24b76b9b7996f98aa62ddb19be0e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16815
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7F17 16 KB
16 KB 72ms
26ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 09410de2bdd6b63d7e02e4c71f582bb1d5a2c7b128c5852426421ba7dcaf378b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16531
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7F17 17 KB
17 KB 72ms
25ms Image
image/png 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 5e2427fe5b7af1999b6641be9c00c26275b448ad842912f3e0001454717b6773

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16858
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1/ Frame 48F5 13 KB
6 KB 66ms
22ms Script
text/javascript 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 17:36:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 229051
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5437
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 11 Mar 2023 17:36:34 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 48F5 7 KB
5 KB 34ms
33ms XHR
application/json 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa2cb0f5bc4821f026a2a942630d9d9342271e59aa6d3f20f67a9ae349ca8900

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 14 Mar 2022 09:14:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5539
x-xss-protection: 0

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 1FD0 83 KB
32 KB 75ms
26ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3e8387df6ed7a0f09a18bac8cfaff2ad241f4fd8fcc34a8fb246fa540cf8a41f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 32674
x-xss-protection: 0
expires: Mon, 14 Mar 2022 09:14:05 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 48F5 17 KB
6 KB 33ms
33ms Script
text/javascript 2a00:1450:4001:82a::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Mon, 14 Mar 2022 09:14:05 GMT

GET
H3 200 dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228
adservice.google.com/ddm/fls/z/ Frame 6ABE 42 B
63 B 44ms
43ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CLia7dChxfYCFZtEHQkdQhQIvw;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=872796512144.1228?

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK viewability Show response
hal90008.redintelligence.net/ Frame 7F17 0
150 B 61ms
21ms Script
text/html 138.201.63.150
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal90008.redintelligence.net/viewability?s=95524800051189000710612011898008&a=77b51fd4&vb=m
Requested by: Host: hal90008.redintelligence.net
URL: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.63.150 Reilingen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.150.63.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://hal90008.redintelligence.net/request_content.php?s=95524800051189000710612011898008&a=9f51ac40
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 congstarfont.woff2
s0.2mdn.net/creatives/assets/4234010/ Frame 48F5 98 KB
98 KB 24ms
23ms Font
font/woff2 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4234010/congstarfont.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:03:39 GMT
x-content-type-options: nosniff
age: 626
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100772
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 09:13:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 09:18:39 GMT

GET
H3 200 86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff
s0.2mdn.net/creatives/assets/1881029/ Frame 48F5 57 KB
57 KB 19ms
18ms Font
font/woff 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/1881029/86bef0b5-fa75-4ca3-8394-cb7b5a474a45-3.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:03:23 GMT
x-content-type-options: nosniff
age: 642
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58447
x-xss-protection: 0
last-modified: Wed, 15 Feb 2017 10:23:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 09:18:23 GMT

GET
H3 200 cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js Show response
pagead2.googlesyndication.com/bg/ Frame 5D57 35 KB
13 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/cYUZDpkDTLiaCxFKW6PIDwgD40qdhgxPHck_a-4gLzE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:48:15 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1550
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13775
x-xss-protection: 0
last-modified: Tue, 01 Mar 2022 17:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 14 Mar 2023 08:48:15 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F8C7 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJFSJXAcvYtLUBeOM3gOHqJaAAwAAAAA4AeAEAg&bg=!enmleT3NAAb7UztL-1M7ACkAdvg8WkjpHAeo4BeVYhQERNYOVX7eFeXn7iHh3K77jz-TzH7DNlW2sAIAAAE3UgAAAAhoAQcKAFWtVshF2be4LWAYvzx2MYZwRTljkk0PPgY6htpp5sa0rrR_tSKWcyP3AbjM3npaleEP-RyIzMiDeQEKbY_uJarcwk4YmOIIQLwicm_DSOe3qHf97y23mQM4sSu5uifUu3XOCuR86E73Xx8Mma28DheiJBqLNxFWRxoD7gAWIhUz6BSbS-sLxkZIXeFnUhjcij4gR-B-hI_sLVvitteQGOpdKpyNl_Z7kjDpPiN1yauFqZlukrRqRzx-hcoVYVL52rWoJkM29sUIvoHGZZyqM645z6pM8CsnFBsJpWiyNrSaqNDFwEDay5EDTDtse4otGwXeZ76Hz94P9w8PD7nhW8h2sst5lccgnyMkps_S83RUI_XUXX-2AfWKbexxBUdbL0bamTrVFzEBFGXqMafBdLuEQXgPktgFv68AKuCq6FCmgsIfK65EPl1oLdD4MsYuEgBku3gAeQZ71zoNpd_OJRcv7t_ckdIqFbq1sY32Jpy-M0km1fTJpbUpaegeRQNJRqPFd-M7nI45jEtKzClWFYD-tGfJwbCCoOOdUvprM_oAnHJCiZL2_Icw0sIyjVeE3PrgQhhZ_4n2itBqxsQEH3AvblOyH85uCIu0Nr3BTmKOgj0Stl8t5VtrBFnKJexV_cloLFh-ClR7HngyTRjOGF1oMIwlCjjyUR9c_omCO5-mltxBAj74YB8ZDj5Zp3RWifFSj_-wjHfHDdpan2KU6-cpMRzp299mrotFMS8puoJWLTTWnqWMlkZbaEW4T_cGNmfxthIcTK00omQCShGWxKGxQgVAaWNtPicZckPQgbI-WabPaFYjijwFbWWLcItTN9zlcE9JSd_9RY7y94uZioR8J1bO9IRxCWawT2dwEIRsvJ_9ns3LlCN4T0jqivcfLu0Cpp4dWQ34j_ZAXZJ0MaDURAGL7hS131IlzCxCT3t3Pvw8qvEvMTGZE68uWb__tnEyNYDWCuJLxS4Jju9toh02oF637PnEH48iVJeok_1S634VwgG1tzZKsoL2eMmM_pGFTZrbvm74jCalDZWdMaHFERi4TqeYju6GswIjA3aS-WFKb4cbW_ondx6IUGeGsph8AiUjMZq29uU55el5fheNQtSkKsPf_uMjZlRDncFJrgmfKGwHZa3PGu-certiyQwbOIcZR2uemh9pvpk9H-3HbPgsbVj1arDfFAjiTvsOt68QFD4DGjgBoWcY4GOdWKQ

Requested by

Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 77AA 43 B
301 B 99ms
98ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=985734&asId=f4a73a82-cd92-803d-7c7a-b38988bf1497&tv=%7Bc:6PfkTI,pingTime:-10,time:784,type:s,mvn:ZnNjPTEyLHNkPTMsbm89OCxhc3A9MQ--,sd:MTcuNS4xMnYxMjAwfHwxNjAwfHwxfHwxfHwyNHx8MTIwMHx8MHx8MHx8MXx8bGFuZHNjYXBlLXByaW1hcnl8fDI0fHw0LzN8fDQvM3x8MHx8MTYwMA--,no:MTcuNS4xMnZNb3ppbGxhfHxOZXRzY2FwZXx8bnx8bnx8MHx8bnx8TGludXggeDg2XzY0fHxHZWNrb3x8MjAwMzAxMDd8fDB8fE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS85OS4wLjQ4NDQuNTEgU2FmYXJpLzUzNy4zNnx8MXx8MXx8R29vZ2xlIEluYy58fG4-,ch:n,fsc:17.5.12v220002022000220000022002220000022220200000222200022220002022022022222202002220222022222022222000220200000022220222220222222222222202222222222222222222222222222222222222200000022022020020000002022202022022022222222000000000020222202022022222000000020000000000000000000020220202220000022200222202220022200200222022202220022202220020222202000220000222202222202222000002002002222222202220022202200022002220222202,asp:1647249245382%7C%7C2c256c4528606b586dd00d6595bca674%7C%7C6b9a00393fb1607b0ada13520f814ab5%7C%7Cedcfb7253e541443be13533b3cf2311b%7C%7C39614021a91e290c0e07e27b0379e55b%7C%7C6dd21fef5e2260408c5e3b4ed8673cdc%7C%7Cc4659dd875793f0e437fe4129908ebb4%7C%7Cab7d9e0565da02b2ab8c138e9fdff168%7C%7C1629390669,im:%7Bimprf:%7Bttecl:744,ecd:20,tsecr:46%7D,pci:%7Btdr:475%7D%7D%7D
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2

200

ztpv.php Show response
www.conrad.de/ Frame 3E50
Redirect Chain

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pv=1&pref1=80384500055665200383828011898011
https://www.zenaps.com/cshow.php?pvr=18cbae00-a377-11ec-81bc-2262d3a2196d&v=11354&r=473322&q=371931&s=2470208&viewref=80384500055665200383828011898011&pv=1
https://www.conrad.de/ztpv.php?awc=11354_473322_1647249245_18cbae00-a377-11ec-81bc-2262d3a2196d&insert=AW

0
728 B

115ms
56ms

Document
text/html

2606:4700::6812:7e05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.conrad.de/ztpv.php?awc=11354_473322_1647249245_18cbae00-a377-11ec-81bc-2262d3a2196d&insert=AW

Requested by

Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:7e05 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/

Response headers

date: Mon, 14 Mar 2022 09:14:05 GMT
content-type: text/html; charset=UTF-8
server-timing: intid;desc=da73a740688b4a93
cache-control: no-cache
expires: -1
p3p: policyref="http://www.conrad.de/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
x-varnish: 81287164
age: 0
via: 1.1 varnish (Varnish/6.6)
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000
server: cloudflare
cf-ray: 6ebbe5a8bddc91f6-FRA
content-encoding: br

Redirect headers

Content-Length: 0
Location: https://www.conrad.de/ztpv.php?awc=11354_473322_1647249245_18cbae00-a377-11ec-81bc-2262d3a2196d&insert=AW
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Mon, 14 Mar 2022 09:14:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

GET
H2

200

/ Show response
htlp.emp.de/ Frame 42FC
Redirect Chain

https://www.awin1.com/cshow.php?s=2481850&v=14172&q=372911&r=473322&pv=1&pref1=80384500055665200383828011898011
https://htlp.emp.de/

3 KB
3 KB

73ms
20ms

Document
text/html

2600:9000:211e:d200:c:6264:8240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://htlp.emp.de/
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:211e:d200:c:6264:8240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6bb77d20dd85b4bfae78affeef6ee91869bffa0ef53ed9c8ab9c2a526d0180c5

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/

Response headers

content-type: text/html
content-length: 2647
last-modified: Wed, 08 Jul 2020 09:51:56 GMT
x-amz-version-id: Za5k1aCF3b8ugAP1.Dh5UJVd_ViDWDOf
accept-ranges: bytes
server: AmazonS3
date: Mon, 14 Mar 2022 09:14:05 GMT
cache-control: max-age=10
etag: "81767a046d18dbeec7092a1dbdc70325"
x-cache: Hit from cloudfront
via: 1.1 84f381696dd33e92960b92250106e464.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C2
x-amz-cf-id: P4ojRS7JhzKFDQgp1d5NwvZHXtlNbIXwRfVZyFZmNMKdAW5gLwM8Uw==
age: 8

Redirect headers

Content-Length: 0
Location: https://htlp.emp.de/
Node: Helix
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Date: Mon, 14 Mar 2022 09:14:05 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=86400
Awin-Akamai-Rule-Set: default

GET
H/1.1 200
OK up_loader.1.1.0.js Show response
js.adsrvr.org/ Frame 587A 4 KB
2 KB 67ms
19ms Script
application/x-javascript 108.157.1.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://js.adsrvr.org/up_loader.1.1.0.js
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.1.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-1-118.dus51.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 07:38:16 GMT
Content-Encoding: gzip
Last-Modified: Thu, 24 Sep 2020 15:15:34 GMT
Server: AmazonS3
Age: 11605
ETag: W/"98d98b3499058b76d58073cf8ede2f10"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/x-javascript
Via: 1.1 7ef588f1ad9c3a185cdaf4119943040e.cloudfront.net (CloudFront)
Connection: keep-alive
Transfer-Encoding: chunked
X-Amz-Cf-Pop: DUS51-P2
X-Amz-Cf-Id: gN8LV4anG4ZJW6KU2A9ijzp1oxb7jrmZdVAjHuLdJtHKrX39i5DCtg==

GET
H2 200 pixel_loader.js Show response
static2.creative-serving.com/ Frame 587A 527 B
694 B 76ms
24ms Script
text/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/pixel_loader.js
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request.php?zone=0s3p1fkb96mt&nw=11&renderingType=javascript&namespace=4264a744c2&subid=&uid=cad188227617c24c&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=728x90&scrollPos=0x0&extData[]=&envData=&gdpr=&gdpr_consent=&ud=&redirectClick=&documentReferer=https%3A%2F%2Fnets4.com%2F&ancestorOrigins=https%3A%2F%2Fnets4.com%2Chttps%3A%2F%2Fnets4.com&random=9383376222715&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9bbde4e879f5cc6d8e98b1e5605898a933825190f867b66285b084bc3ee785e9

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:05 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 21:32:00 GMT
server: UploadServer
age: 0
etag: "68faa1738e44f8aabb6f53cba51f29d3"
x-hw: 1647249245.cds167.fr8.hn,1647249245.cds290.fr8.c
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 320

GET
H3 200 rum.js Show response
securepubads.g.doubleclick.net/pagead/js/ Frame 77AA 61 KB
23 KB 18ms
18ms Script
text/javascript 142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/js/rum.js

Requested by

Host: bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
URL: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

cafe /

Resource Hash

62ab857ca9839ee735919642d7a9af19237b879c0f81bf2124679a1ddf68b086

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:21:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3139
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23343
x-xss-protection: 0
server: cafe
etag: 5785843725437630539
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Mar 2022 09:21:46 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EA35 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BNRh7XAcvYsepBZuU3gPV67PQDwAAAAA4AeAEAg&bg=!09Cl0JTNAAb7UztL-1M7ACkAdvg8WoFCCCl8yMJPJRbllEwWakMsZr_p-mof92rsP3L5yhzFRpM79QIAAAE0UgAAAARoAQcKABA27Yrm9kfHsLlhtx0fSCpqmQM8atSmrIviYOUWly8viempgY6LXGv60xZgDwFHclokm4gfUo-AbO3gjo8YNVs2j-t5giplHV-uJ3GWpqOs0iV-18yy6xSaLBPE2GeMb_pf_k1jWArGcc9NTS4cXPkHULqPP-lHEZeSXmDB2glqXNL6grGo-0S8PVL9QMTwPofQAOViPia2QU5KjV7pbuZH4zItPOOpjwR7UCgir7VxSYzI4W65LssVdN5qote-C4XuGTTaGe5lrkI-D3kGll5vuoi6yN5JuQnbNsl3-14RKhCS-DdIv8VoqoJKlrTpvJcKs28kupGvlV0KjVPIqqqYQc6uHpzz0OEJClLtCgrQ35FDC9YWSEjeKplmGUe89GX_xB-i20ugGkNDaF8q7aa4XDhXmnoO8qKAGyj1QxpcI_I-WDqO7_YVB8SdG3JFHzZ6HFBhidEmDNb4pxBPgyMRC39_ixBuBtXHcmw9exGAqYjw97BDOsUTYF3E41PijUKN5AeN2cjM8aBvBwOmvZjZcHfC9UKelHy1WhdyNCxKv9WhQpgbJ84jAwXN7nZAZKpOPhDz47lHkzUOQ4PpX27d6Cv8ujfMa_5ovwSnbwSCBLKVXMvyL88r7h9vFMBRgWpwryzTToRi4ZphDhfoRy0H3vFHJmxzXgie5bvzJpI9QiALbBCEYXKfOTFhChgGY4tWfBfMOJqudaiwmKAwVReI1O9VVeFptIhYRexmJ5rvvHtsmquB2g8OcbR5IaEfBjufGUpmQB2HHs-V200Qwofhtyn_vIyHL9IZ7P9cpZeNB4O_aYJAG-8Pz-wl-colMhzA9eCjw8xVlzQ1_JJxMJ_xcovKNY6Vgcw-xGIve0VEbonRc1NjcYgZfzo1d8v1AKWxO9D5uGsjPzZ1rr6lMgGvFlPFVBJzzy8bz9WRdU05PIrDu8J0Xt1Hggrej-UuJQCAEH6agq8cMeSsx47scyI3IStz3CayNyuuMSXGlpCkaKUikI1MAUsz0Ree9jhOn6Py2VsbkT8FIfBXyVg2EMx3MSQlS-_y2UZPcRCLONRwEU_SydE1gCg8KhCMtdBO_fbVV9yNoOmMCxOgIjBGV4Q-2dXfAH1xVb10oBZyYgh7

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame FF2D 51 KB
51 KB 87ms
19ms Script
application/javascript 143.204.215.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=95524800051189000710612011898008&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.215.68 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-215-68.fra53.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

x-amz-version-id: wvDglZsFnxZ0eZ1mUErJkFMo1VNidWYJ
via: 1.1 a4a46c5a6cdf81ec1d08cf6e63389764.cloudfront.net (CloudFront)
last-modified: Tue, 09 Nov 2021 11:05:10 GMT
server: AmazonS3
age: 15660
etag: "ec0ced40cbb5211db06b8a36f209e442"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Mon, 14 Mar 2022 04:53:06 GMT
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
content-length: 51794
x-amz-cf-id: 4tusNLnKeVwA7jrcW4oJ1UFYo5OGTWCWo7IuRpG51C0B1lQcwyUfGQ==

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame FF2D 85 B
541 B 121ms
43ms Image
image/gif 46.236.13.147
PULSANT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=16520200046257700951393011898010&wglinkid=498343
Requested by: Host: ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
URL: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN12703 (PULSANT-AS, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:05 GMT
Last-Modified: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Content-Length: 85
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 327A 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030801&jk=3057188931031487&bg=!c3ClcDTNAAb7UztL-1M7ACkAdvg8WtCGanSD5FaJqq3XbDRztStrG7XU2jz2f_B9Z7y-oHqh1IZV8AIAAAIaUgAAAARoAQcKAE6hJq2FXHKfd3SMl2Z-BOlGj56YICqxQh0bzfZi_Z7Q52RUo2020_La3T-Kxde-K-usqNFMqmnEEZVS7xertK9bvb-N7RDiUtGb0_MIZCWZAuFqYLiwoJ0TknBb7JaXKvsqMyzAKUsNTPCCdH5tGY24-j43gs39s0tub41pPm72BokW0mwiukOMwLmHM-3Bqi7BXgf7IFTlGavd_tfrgrjm3z6vhBVDYFuFZhp13Bp-5V6u5sDbTSZjoLzPQFsI25mpVv91jYhMB584L9uKT8_pdkydEt925tyZgmZRTCQO4c9BnUxXaSHAhv2izzJEMI8G7PQUgI91v19rHPOhsmyaxAjwYjOgAazNOGKJJ0oLoSGXpr1OT7FG3gI0-ZFZFrsv-eO0J053WosSA60OsUd94mUOcDtm8rtCpokimv0wHHDA79sHaAtpZwKLeYyFTF1G0M28C_1fCy6gZqleuQKpGSFS0Axq6O1p7bmDz1yLfCGDpbVn1eoDSyey7f5rnAIhyewLcJEibxZdpNi_pysqnpCaFeV5c_cjEeo8ZvLjw6_0SdBhLyKjrq3tzh5qzO3-2kP9KAHgp0ajH4as-XT6HbIEbEvzDlYzYrA57FikmRh4n2l-D-5RUVj5R9_PvHyBwXT0ns2jSv9i1Ii7chZJP_uzBmIs1naRMwgdrxfgVXgeUIcFEaBUXFcP5JS3j-k12sMBJeoWCj6daWHAHM-JQCCsmZVeLQFzl_9IIC1KjaZkdoNmEpo6YjlVsdndn1d5zc9en9-Un0UmioDZaPHRO-JB8OccrciTx73g7k-YI5fSlKt3UcXEAYzCnHZNcgnli5Y7-WPgmBTIMPZAd9Rwd3ZMfjBjvoaUvXWOnPZF6my-Pt-P3fU7NSnm_1LS32ZIBgxJBcGRi-c9mcme6E1fL34y7Yfjx3agAKrQHiz98JAtEizcT3OuF2CBU4x13YS-0vE0thjDtQEUgpdH80Sg4XXnba9Cku08c7pYQFrAWRruRhqN2lwyuJOLORs-ubuC1-GREqT21VS0fuH5kgG3k-UQNKHc5NjQpkPktzlb9TAF5TNXOwWMdhFGCSZpxjEhLA

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lquadratisch_allnetflat-l-fruehlingsaktionebe0225e-d655-4f38-a66b-8207a176994c.png
s0.2mdn.net/4528404/ Frame 48F5 78 KB
79 KB 19ms
19ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/lquadratisch_allnetflat-l-fruehlingsaktionebe0225e-d655-4f38-a66b-8207a176994c.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc75a8153b85babca97007c5bbc1770a22542b8588f847117fa175e8e5aefa56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 12:36:17 GMT
x-content-type-options: nosniff
age: 74268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80349
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 10:54:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 12:36:17 GMT

GET
H3 200 stern_1-monat-geht-auf-uns11e97c57-a91b-4fd2-a613-1f482934ff36.svg
s0.2mdn.net/4528404/1645205885684/ Frame 48F5 10 KB
3 KB 19ms
18ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1645205885684/stern_1-monat-geht-auf-uns11e97c57-a91b-4fd2-a613-1f482934ff36.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa9b9e9476912e73d9d1c2172e9091603d164d728c91c0e56f78023e861ec8d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 13:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71635
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3508
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 17:38:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 13:20:10 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B7B5 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030801&jk=2849320462233273&bg=!7O-l76vNAAb7UztL-1M7ACkAdvg8WtIG9GadH5CkWNszucJctbnPNhKM7S4H7lk44rKe_wGE48JN9AIAAAJPUgAAAAZoAQeZAvRwwtMxjdxx5_7ZuyfFBiWabNiZfVHYxa7S3J6B2M2wJGDjWVhjlBMyQgGAo3nH0NqI2ZiLAwoLG1DC6NQWPTO8SoQMQEiCLbaBUxjMuYLG0V0q0WvAMHylXYkzQTWDlia_i7e46ZvDuhbgjPDJfWTG8Gmq8xjd9Fwxpvi_P5HQ-o7QYPtHF0vzKwB2_Uf7eTklNIjRlDMXjJachDS805YvPfkno77TU5B8j-_stSXTC-mU5ASXJRdtEPe6LHUEAI-ltm2O-a1Y0J4WZjaOmXyS56QaP6tDX0jG1L24LtUVNVkMl648YKxmb_fngS4RI9ajLmixTFRbp4wbPIZ5a6SUF0DYgAgomlx64TIY_h0J01JKkhxsKBnzVJVTR6as7KJQYtsxMLerJC7V1wORMUtHo7QM1xzpQ-0wlrLz-w7Lz07Jus-1Tne7RrZpZhVPj9khe9Nz_X-aCrlXRDk8mgkDQrq9ZEt2_zugPRkhXCRhYCytj8Ri5ZRYUqzDYHuWOYyobxY2CmvWH7MfKNZtwyvDdcL1YYcCJxTG1tijowhxWPJF63ev30uTz-3hgcUPSsd610243H5iub7DRn853bn6jt9rvBUuFVBojhRntcO5-eGdUZq0aGpqK9YpMYHeagAUbZRPr39ocwTTCk2XKZhKaOuF1mg4UWTW4b4ClbgOGAn4SxEhZbbIX_qu7YgGH6R1r0ks-OQ08NISxtGSDHJdTw7hunx-u0loENpRtVmcuNIGcFiOPecIfdXD7rBh39WZJmZSMe98zFHk1cDeczrK-SclJA-LEHJACZssCclO-ghqdxnR7sw-86cSStr1HfCrbCaabi1DPLADpxqlBd-dP3x9fZ93gqc_wYO3M7XCzGHkWrqvS2JMFTvL1OtY7Fm9-DtafLW1_jqwHDmvu7td0cwsJwWKSHl60UxuUwPNTWZd5al6mAHj3BdXA__wrMl3xLKg_VyPvf4pdTfJW3SbRM--qRJxBJTWUnwwrcz7wpbk6oI

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 24BA 0
20 B 41ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030801&jk=231340852023047&bg=!CQqlCk7NAAb7UztL-1M7ACkAdvg8WhG3jskaA2umxGrHSs0miOT251BdmgX4jMegZC8KdA8ydTQhrwIAAAJFUgAAAAJoAQcKAFP3Kln1UrdMr0oyi6Y96GWmNRBukeP6gGuxH8qyf1vkjiBEOR8MpNv8j7VBFlmlLdEnqo03SgVeUB7NLrcYhy_r_EijO2ES1H-aoPaJAT-K2zpAwpkC9dst8xJ00o76472JQURel_Khw5NRt7ks0kWCAPDGKTeHgDXRAWUTXqZ8XfBm_gf2M8Xv-onXwsgTmWJVTYR92DC1OTuQUHX6bjtFCc85rM8DoaZQd0S26hcRGHMxI13GGjesuH0o9AW8WuZBnW5ChW0js3Y0LXh3ADxw8julBJY8HquwVzAyLxLZtRclUrhyNq_fKzS-W7ZGdRCUsOgA2Mqk3SKe014EOCfOt2TeuB-tj4Tw1Jp-quQgaC93iCiqsDgtKfN4Y_mhTJc9nUbM56440sqd3sh1s1Vg_ZfTQgLcmEzAYMRBALtNr9gCcPssP4RosI3qjcxCjLxogbPVV5VDtSDBMVK3M8OUKrA6L2FC4IANUm-eo5U69NiNKNkI4u3hM8toKOt_9undanNWUqk6JAKlc7A4TKm34aST8hEHx66Mk7fvR3OCDFdO9cuYxUWehQIkH1nL1LzbXN250tPyTVqkKg2Ht6moxFU6fLxGrWKC8mCRmFRvBmJQh8VLNAe4odBa-dxf8Uy6zzvPCA4JX2h71yL_xFS30jYHu92g6WEYpxHYj_kFMeXfltgpqGgfijl59abdj5AXsJoHD9Ndn5U2gM8ZTt9C9gXXFCMxZ6d3S2IED8_CRgN5wj4WkdMKGBbZTYBVilGfmw1wlF81NZogskqCbBoDfW0EjepDLYg9DD7nrBUwSFKEOHFCOnxfUZ9anL4o1F45626FX9AfKCERXRNtjsNv0buM8kCZNWfUaviX8WbMqOQ4koYK-5gQA3OM6v_9agKykvW__9j5qyZf5CRRVSthnhxhK82uclCUu69SlCRYulN90tz31k7LIU9tWYRn4CNaVXlrDGq1Dfyn8Ons-oaZLhSgB5VsPz1-smYGplgn9-2x6zMk4-KxHToIeyEXQH742xoDdD8rb_i8VlBYLUqT9835Nf3SUYsjJWbVJ3PGMkDxDpo1Usy6_pW-4YArUa6vMDbLx7z9BUV1MPjn4kBM6sDs90h9UAv6_yM

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame EDB5 0
20 B 40ms
40ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2022030801&jk=975772244215284&bg=!_f6l_rrNAAb7UztL-1M7ACkAdvg8WszNO6dORM3kYcgphHsRExESCXB1PyM-J1wll7xfNiCBzYLxaQIAAAKjUgAAAAJoAQeZAvSzOAqoY5FaqBWqu56ogHrvJVysjA2AjgqPS-jmfAIKhwkfrLI360pfmpiXyoFHgsvH9oPDIDXPgbtauzPv-Vfez9CkDxdsy1-M6Yf6WDOCh-LcUAljlWOoo2L2OHpoGXwqyqNOSeGKVeX_IzBVAUfOYT6nY_4_5B1a2mm07WoRSjQM04YfY8GNsQFpzVsrxY6yyK_DR5REi1FqfaPKg7Uzm51ayOSzpzyYtoUtTx4fMD4SyKvcvC91BSxcljTaBofRz7xlt_PAwMXAcuUmkjvqgcPgk-HcXRVC87WxPve_D7vQ1YVoqWwL0coytBYRbiYsU89Kd_whQctI-ifeTNlDuVCLWtrQbFe9nFboIxSB5Sx6QLIQHd_ObVtDSFegjO6yV9yKE0fYlTNpJ4hbl28O9i4oaeRRWD55ULeZ-RzMrg3UATXYeQVco1HSZoUQpEKkDKi-zKdAVeF46t-X9OH7WGPvsKhdkbjuVl6HDJ38caLHmCoC33sG0WnTECf6N83y-4TyZWlsMbhQAkdgBEFAS_ukP1xt4GVtPMCe0VwmWIej-Lhl64u2byt0ObGTYVekszCTS-9Vjv98CvEyzi8GelXN0exgduBexQWmQ5dKkuewptcV8CLTX4jL99DV4ESzTbw5Lst-HvPgu7xMWjaq4OsqXTql-sXkP7ihOTYOgao68VSnCAX0Le5EWTpdjBBpqYRBXgMhUs4sdBBWLMv1IoujJvfR3OQ5ANyA7jR00BuZVCa0owCUd_aNJmHgWUtb1EjrZ8chykjKmdUVXVqW6JWVopz93QsQljJ-dyK6Ass3F7qSh0_A9c1mf8Aa90Jy-zJyZa6fiQ50zS09J7XNnklHmAsBeQWJlcaHwrW7NOwbeyg5D4jxidAnojIGa5AZ7TX0E5RXIoP4C6QFKQi8Z7FatpJi7O84cQFMbLo1v42DF7WMZr8tRxOxya621X5KadLwFhTkJA-PGb-Wd7uu6IA_bdtSGCIQaFQpzvjT0mC_OKQ

Requested by

Host: nets4.com
URL: https://nets4.com/android-apps/com.terribletoybox.thimbleweedparkandroid

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://nets4.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 lquadratisch_allnetflat-l-fruehlingsaktionebe0225e-d655-4f38-a66b-8207a176994c.png
s0.2mdn.net/4528404/ Frame 48F5 78 KB
79 KB 18ms
17ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/lquadratisch_allnetflat-l-fruehlingsaktionebe0225e-d655-4f38-a66b-8207a176994c.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc75a8153b85babca97007c5bbc1770a22542b8588f847117fa175e8e5aefa56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 12:36:17 GMT
x-content-type-options: nosniff
age: 74268
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 80349
x-xss-protection: 0
last-modified: Fri, 25 Feb 2022 10:54:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 12:36:17 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 77AA 0
17 B 364ms
192ms Ping
image/gif 2607:f8b0:4007:816::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=pagead&action=csi_pagead&dmc=8&puid=1~l0qho4el&chm=1&c=4263479940061606&ctx=2&qqid=CMiBldChxfYCFTnBuwgdsAAD9Q&met.4=fb.3j~lb.id~ol.14h~idt.20~dt.-9s&met.3=733.ig~742.ig_1~749.iy~735.kl_1~740.l3_1~374.pq~113.196_4~112.196_5&met.1=1.l0qho35f~6.1~7.1~8.1~9.1~10.t~11.1~12.t~13.1c~14.1d~15.1m~16.k4~17.k4~18.k4~19.14f~20.14g~21.14h~22.b3~23.b3&met.7=CBsQCBgBMDA4sQtQAVgcYAFoHXAweNAagAGkGIgBzi-wAQG4AQM~CCgQBRgBIIABKIABMMwBOExQgwFYrQFgkwForgFwzAF4wASAAZQCiAHwBLABAbgBAw~CCgQChgBIIIBKIIBMIACOH5orgFw8AF495MCgAHLkQKIAbHBBbABAbgBAw~CB4QChgBIIIBKIIBMJcBOBVogwFwlQF4_QuAAdEJiAHSErABAbgBAw~CBwQBhgBIIIBKIIBMKkBOCdogwFwqQF41gKAASqIASqwAQG4AQM~CBwQChgBIIMBKIMBMJcBOBVohAFwlgF4qTSAAf0xiAHQdbABAbgBAw~CBsQBhgBIIMBKIMBMJ0BOBo~CCoQChgBIIMBKIMBMPMBOHA~CBsQCiD2Aji7AQ~CCkQChgBIPgCKPgCMOcDOG9A-AJIjANQjANYtwNgnANotwNw0gN4sKoCgAGEqAKIAcrMBrABAbgBAw~CBwQChgBIPkCKPkCMIsDOBJo-QJwigN4gxuAAdcYiAGeP7ABAbgBAw~CAkQChgBIPsCKPsCMI4DOBJo_AJwjQN45U2AAblLiAHvxAGwAQG4AQM~CB8QBRgBIPYEKPYEMN0FOGdQsgVYywVgswVoywVw3AV49hGAAcoPiAGcMbABAbgBAw~CCIQARgBIPcEKPcEMOcFOHBA9wRIhQVQhQVYuAVglwVouAVw5gV4rAKwAQG4AQM~CCcQChgBIJMFKJMFMKYFOBJolAVwpQV4k3mAAed2iAGKxQKwAQG4AQM~CBsQCiDEBTiDAQ~CCcQBRgBIPsGKPsGMI4HOBNo_QZwjgd490OAActBiAHqsgGwAQG4AQM~CCIQARgBIL4HKL4HMOcHOClovwdw5wd4rAKwAQG4AQM~CBsQBiD9Bzi7Ag~CBsQBiD_Bzi5Ag~CBsQCiCcCDgU~CBsQBiCdCDirAg~CBsQBiDVCzhj~CCgQChgBIOkLKOkLMPwLOBNo6gtw_At427gBgAGvtgGIAZHkA7ABAbgBAw
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/js/rum.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4007:816::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel.js Show response
static2.creative-serving.com/ Frame 587A 4 KB
2 KB 324ms
21ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/pixel.js
Requested by: Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/pixel_loader.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: df16ae2f3f4c003e55aa93796b78c0ab73e0155ae32bea72cee59d1e0832f92d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:05 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 21:32:00 GMT
server: UploadServer
etag: "ddebe66232ec2ff147a8664e2ecc6e4f"
x-hw: 1647249245.cds167.fr8.hn,1647249245.cds159.fr8.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1505

GET
H/1.1 200
OK request_content.php Show response
ad11.ad-srv.net/ Frame B7DC 4 KB
2 KB 69ms
22ms Document
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
Requested by: Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: c17fb610d7475b545627be2eab2ecdcb0db5ef9191df9652b58ae5956429b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 14 Mar 2022 09:14:05 +0100
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1480
Connection: close
Content-Type: text/html; charset=utf-8

GET
DATA 200
OK truncated
/ Frame 587A 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6a0d1d5c9fb2d04126bf1ee3e33f4fe25b41f507e7094d83cbc0c0728f1e1a13

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6CA9 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BZq5VXAcvYsGhH86LjuwPsoG4wAkAAAAAOAHgBAI&bg=!PT6lPnrNAAb7UztL-1M7ACkAdvg8Wl5-pjM6yQEtfUXtiHB3EZQpuQdWPoSAGT_JC0MXg9PXAxnz5gIAAAGoUgAAAANoAQcKAE_UA1TOqR2YMtCyPDb96CxZ3ois8qpAoy2DZrdNvcYD6751eB7aPEqA5DhaMSpiC7p2qLPmaGCT_b5G0h-9-0-6EIvo4o2A6ezRfzrF4ZlBmQM1VlxarsnaHR0FSF2U98Oc_G-ISYS5mymlaib-nVQq2wTuVaIBLWRiqcsj9JJQFc0vIaqqQwINEQIH3DENzQDwaNUScar9JFaAHaNNM0Vd09pgn-zFNPS1GQkRXGThBe6-MGXYwo0T3NK_L6kkHDW7dcABJWVaT7pqt5GSvg0DDkcQXEykxlvwV9C4MyHNmr-0wW5-hB9mjWE5NQK86g-Z35n1HIKDYAfXBPXarFQGRzPqK6JhwKEjj_mrbfWv-cbIl5aJno-IZ6SlCAlSH8WbB56dDq__AJDCvzqua281ZfZGc1QeA4ZXJFffahFilGbmZIsq_f3lMNQhr5HvpDsfgt39LzVhBaQXXO1FBk8PmlDtDx7k6K7coTJVtvMZAfps7LX2MkylGIZ90o4EFv7aJdIdgGjsrg_SaSEd-8jHlzJ-6uzvnU85swgmHLL2dwpYl_DxYqgnAsk7d0p0BnyaiLpUUNZNPwpP0GxrlwR78t7b-f3bU-gmVwKxC2CZxl28G9EPhuw8lImq70eAauntRy1wUGe8tkF4I8rTI2pLVmEHqNcdkB6Ib3ome3OnXQxykgbUNrttajbuXUBr8KEZFg78zRzhXKf0sXpW9SS-VDwvzalqZTS8PE6WrVG14lnO73vrvvO69kJ8ZPg0YnbqhpsZdeDj-adX0RSSv8KPPCqelGcEtNJyxQ2BfuZslxfb8paAIdcwCsfRwyeulG5O9TfqyM-1kohvBLd2exDnjGCc3trO6wAY1fyQEZ41IZr6Knfk_WIggOaSNfaX-MPgQDLPEqDsPbELuPiybqCCOGiMn0hw5Ifkk-ymD9bOLk_PbL40NMDgLxkLOX3jzy3pQxioEZwm36pCr80hGbaIxBzy0IQb439iga0_HG6weCfeT0D_DdkjYk1GVnYzVYMQmF2IQFLXSy0WJwn2v8-jLM4IqojRT-yo_yUbFUvgkVhl_W0_VLJZ4nu6ARQISogqIWvetV4ZQXFjYmm2tanx8o9zhAgM05mRD5h63T00cg39fdArC1RSzS0IrddPqqG2a0WnWmvTkNC3d4A8GbnbLSAbxJrrbfBPuIUU0vvz_jmrYDt70KM

Requested by

Host: c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
URL: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 77AA 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssQ2LWgO-4n42QdE8eOhYE38mQ6K1Fp6dxgrtHIlmwtVHclVPt6kcSiElwyn9we3WkjB0H4VHDwM4vxi7KD-i9ZgS4DgJs6RTOkVEB5E-P5MpHd3c1zxQ&sai=AMfl-YTp9DdZKaUlbni-AZOEZ5ZfQd7tH7-5XXY7L6UuwDJ--lBLieg8f-42hxOQkIoi_gZ2op-Iidoso-QGRWhkUmIJxZ_m-liKN7Ej8qU75qROVQUg4s4UBx3tHHtYfzxJ&sig=Cg0ArKJSzBlWTuosoDQYEAE&cid=CAASKORoykxYpCY3aVj-3Df61yIuyQcDOUf0JdNYyqRK-ytOCBUfIKzUw4I&id=lidar2&mcvt=1011&p=389,294,479,1022&mtos=1011,1011,1011,1011,1011&tos=1011,0,0,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=471609500&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647249243891&rpt=682&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 417A 0
20 B 41ms
41ms Image
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqWoBXAcvYqLYFtmIgAe244D4AgAAAAA4AeAEAg&bg=!HB-lH1vNAAb7UztL-1M7ACkAdvg8WgxqL25vs2K7kwMRn57w5AmiYC9wYzMv4PV06wa5-_7KMgzMtwIAAAHgUgAAAANoAQeZA0BT8wiNsaf_3rGeRxS6W45800ah4BX_3LxzMN9-kMG93H6poOaFzt6AmVKXYKDXH1ttvP3Y-Z5_SFazzYR_dv6wqXs-vOpzv2l0-e815qFZP2Fc0TS82317EVNKq3D2_dF9GuF50bULK_8UvGs6Hq3mB6yS5mNEAJ9udk4nOYIl93BXKu01fCbzmHCtNbnMb8dCBu2zz2v837opjD66wm0ScNq2mf1O8KLSgeKA4UlvxBCcR9diWqNSadH6ap1IPT_o3gml_bIn8Iqg5R4pQmvN5qFZdOeLlbhlS4l0hM5ansUvSrrSns1jkJeBa3w4U6YfQFhnbeBWtwULXTQP_2s73ICbw0PNbFK-gRnKz-76e-YsB6SV4E9zW2xh-pkKTq-X6BqELZYAkjzNRG24fYQU-8OtLISF-m5lftt3Duhvs9Z1ZBQ0qpYDvcCmq1Go89X5nGQ0UQKwX0uhSpgapdfwFCmTNkFrVqQx7qlLkCyEVulMvPuA-xOnGa3FxA9MBpiunqB9EcS15HY4Y58V0isIo4X_zlPDhZWyq7r6nkG7Qj4tw4033wZBVL2CVVbWU3YfjHScNYjLpFtl8xdyDVzQZftE3UnPyf5DODlLw0xL3etukmGFfzH9uCVVIkeQzGhHwLXCw_EkPowH1SDFP9eo-Coo6wZscR1HpXSk6g6-M2Ula0o4QwajgFPf06i5BAckRuaWqBoEYeIwv7RYHsNwAW2iMSfTikSNPZdb8dSnq3RuClfoo65icS1dHNN_bTLMvgLLmH2U9TXIjcYveYB2K6Q_venoGWxpHZsbHMPHXvD1qv7t6UHIyyS4K4PQHzZw3KUY_WWBXqX_F4Q-Ay0dEN-EpQq42BRK0oemC5AhxJWXQZZNkV4tqPz-jLq4s0qIhOtSxIYCML5BwQgbkrF26qLk_YXMpnmqGgBIwuKNZGq8RznyxxaKWpbMekvAi-Fhp7ExIy1Sc-Wf16Qwwk-Ztwz-j3DvhRCQ46GZoN0VqmEZSJCN8zxLDiMANzxrzOGpkcrD9jiRGKiJ8nSUsfA0qP2hwWewO4GTTyE0Dd79jLi8YnvdBDFyxhCZ2YSgmlso_IF2igKkDEVwq25ZTXZS

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

KuKa_234x60
asset.conrad.com/media10/isa/160267/c1/-/de/ Frame B7DC
Redirect Chain

https://www.awin1.com/cshow.php?s=2470208&v=11354&q=371931&r=473322&pref1=80384500055665200383828011898011
https://www.zenaps.com/cshow.php?pvr=18f926a0-a377-11ec-81bc-2262d3a2196d&v=11354&r=473322&q=371931&s=2470208&viewref=80384500055665200383828011898011
https://asset.conrad.com/media10/isa/160267/c1/-/de/KuKa_234x60?format=gif

22 KB
23 KB

101ms
16ms

Image
image/gif

178.79.242.245
LLNW

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://asset.conrad.com/media10/isa/160267/c1/-/de/KuKa_234x60?format=gif

Requested by

Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14

Protocol

Server

178.79.242.245 , United States, ASN22822 (LLNW, US),

Reverse DNS

https-178-79-242-245.fra.llnw.net

Software

Cliplister GmbH /

Resource Hash

a96a9acced3455fc947b63309360f7efa07455eeb1fbc158e11aff7a0fb13c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

strict-transport-security: max-age=15768000
etag: "622b00f7-581b"
last-modified: Fri, 11 Mar 2022 07:57:43 GMT
server: Cliplister GmbH
age: 90461
date: Mon, 14 Mar 2022 09:14:05 GMT
content-type: image/gif
access-control-allow-origin: *
cache-control: max-age=172800
x-server: c20
reporting: eyJjb25zdW1lcmlkIjoxNjAyNjcsIm93bmVyaWQiOjE2MDI2NywidW5pcXVlaWQiOiIxNjAyNjdiM195Y1lOTTNmVF83X0hBX0w2YVBfQVQiLCJ1dWlkIjoiMjc2NTAzNWEyZTA1NDQ5YTgxMDMyOWI4MWIxYjkxYTUiLCJhc3NldHR5cGUiOiJwaWN0dXJlIn0=
x-llid: bd9274a6254eb5fd914845734b4ff71d
content-length: 22555
accept-ranges: bytes
expires: Tue, 15 Mar 2022 08:06:24 GMT

Redirect headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://asset.conrad.com/media10/isa/160267/c1/-/de/KuKa_234x60?format=gif
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK 69250fcfc588cf5d8ffbc24dca91a6f6 Show response
pv.medialead.de/trck/epv/ Frame B7DC 960 B
1 KB 177ms
90ms Script
application/javascript 145.239.193.130
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=80384500055665200383828011898011&ctrack=https%3A%2F%2Fad11.ad-srv.net%2Fc%2Fcyeebauqr0xo5at%3Ftprde%3D

Requested by

Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

145.239.193.130 , France, ASN16276 (OVH, FR),

Reverse DNS

Software

nginx/1.17.5 /

Resource Hash

4e6915e96fdab4f4df0f6a040399d678eff68180a46da1563785430a8c5d472d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: D972D785:E0C2_91EFC182:01BB_622F075D_C7DECDC:F726
X-IPLB-Instance: 40027
Strict-Transport-Security: max-age=15768000
Content-Type: application/javascript; charset=utf-8
Cache-control: private
Keep-Alive: timeout=20
Content-Length: 960
Proxy-Host: pv.medialead.de

GET
H2

200

234x60.png
media.acfrg.com/banner/Affilinet/Logo/EMP/ Frame B7DC
Redirect Chain

https://www.awin1.com/cshow.php?s=2481854&v=14172&q=372905&r=473322&pref1=80384500055665200383828011898011
https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png

19 KB
20 KB

93ms
29ms

Image
image/png

2600:9000:225f:de00:13:99a2:1280:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
Protocol: H2
Server: 2600:9000:225f:de00:13:99a2:1280:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx / PleskLin
Resource Hash: 1af3b3d1d392da6c48dd7483de1db04f952f58bd852d7858144e9b61b6baf0a0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 04:25:44 GMT
via: 1.1 b4e6a1301a11439372334aa14fb7d310.cloudfront.net (CloudFront)
etag: "5c7d2f4f-4ce8"
last-modified: Mon, 04 Mar 2019 13:59:43 GMT
server: nginx
age: 17308
x-powered-by: PleskLin
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: TXL50-P2
accept-ranges: bytes
content-length: 19688
x-amz-cf-id: SeVNkfUUUdBIE5Ue33Yl1LIsQgsx-8gdy9mfEEirWcngesP5ewwt_A==

Redirect headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Location: https://media.acfrg.com/banner/Affilinet/Logo/EMP/234x60.png
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Length: 0

GET
H/1.1 200
OK viewability Show response
ad11.ad-srv.net/ Frame B7DC 0
150 B 71ms
22ms Script
text/html 138.201.64.38
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ad11.ad-srv.net/viewability?s=80384500055665200383828011898011&a=8634a0f4&vb=m
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.64.38 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.38.64.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK triple_728_ohneLogo.gif
cdn.contentspread.net/kupona/advertiser/845/creativesup/ Frame B7DC 8 KB
8 KB 106ms
22ms Image
image/gif 85.114.131.233
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.contentspread.net/kupona/advertiser/845/creativesup/triple_728_ohneLogo.gif
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 85.114.131.233 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS: srv21037.dus4.fastwebserver.de
Software: nginx /
Resource Hash: 10fca45d30096fc258d163583c77d4f1804eb9474de69a972394a0ea01b44be6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:05 GMT
Last-Modified: Wed, 05 Sep 2012 08:17:01 GMT
Server: nginx
ETag: "50470a7d-2068"
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 8296

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 065A 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstXiDAo4s5pT4QAbhUDBwK8dRziy7AzQjIMQPcx7XlyK7MjdKaFYEeqgAoGrhO8O-Ia-O8AF2ikJU4k-zuSCEWvPt8vzWYCc4SJY_8ecBhzl7bC2SVCqQ&sai=AMfl-YRXWogWh2BKCmIb-OL0P7W2mSlf184gI-y89lk3InRHhMiRYGcFo7wmLifj2LAuVOO1QHu6J7PCz7bC3y_ztT2R4Lap9lSZ_D9932A42-XzD4e1xByTYXD9LNno2Dd0&sig=Cg0ArKJSzM9Rzn1GjbSfEAE&cid=CAASKORoEWYfPJAokfZbrf4mjRE4hrh6LFae_H3LrdOSaJ0CTj2pIes_SU8&id=lidar2&mcvt=1000&p=1283,1128,1483,1328&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220309&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2211438825&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1647249244112&rpt=695&isd=0&lsd=0&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:05 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 view.aspx Show response
pb.media01.eu/ Frame F580 0
628 B 149ms
92ms Document
text/html 88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=50099&dt_subid2=80384500055665200383828011898011&actionid=981741&produktid=&dt_url=

Requested by

Host: pv.medialead.de
URL: https://pv.medialead.de/trck/epv/69250fcfc588cf5d8ffbc24dca91a6f6?subid=80384500055665200383828011898011&ctrack=https%3A%2F%2Fad11.ad-srv.net%2Fc%2Fcyeebauqr0xo5at%3Ftprde%3D

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Hamburg, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Mon, 14 Mar 2022 10:14:05 GMT
server: Microsoft-IIS/10.0
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Mon, 14 Mar 2022 09:14:05 GMT
content-length: 0

GET
H/1.1 200
OK pb_ratenkredit_234x60.jpg
ad-server.eu/wm/pb/rate/aktion/ Frame B7DC 23 KB
23 KB 245ms
80ms Image
image/jpeg 54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/rate/aktion/pb_ratenkredit_234x60.jpg
Requested by: Host: ad11.ad-srv.net
URL: https://ad11.ad-srv.net/request_content.php?s=80384500055665200383828011898011&a=f7df0c14
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 42305cc1b5e64926c5dde08e513f3697dc7ca902da6898fb6b42dc111351bdaf

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad11.ad-srv.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:19:40 GMT
Last-Modified: Wed, 02 Feb 2022 09:48:01 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "61fa5351-5b97"
Content-Type: image/jpeg
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23447

GET
H3 200 style.css
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/ Frame 2860 1 KB
453 B 18ms
18ms Stylesheet
text/css 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

602a0b79b114535596528d231d077eb839762a02895d40df2b4c4afb65433d37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255778
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 415
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:07 GMT

GET
H3 200 txt2@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 3 KB
3 KB 19ms
17ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/txt2@2x.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d8865fb54954d564f2f1025cc9f8fd5f8d8edcc27c0e8ce98d3509070a5bce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:56 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2804
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:56 GMT

GET
H3 200 txt3@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 3 KB
3 KB 19ms
18ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/txt3@2x.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4d3c1b2e5ce8406ffae9a1e36a8ef48ed74c96909cfe4d81bfc38f05b45f1f46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:56 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2579
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:56 GMT

GET
H3 200 txt4@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 2 KB
2 KB 20ms
19ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/txt4@2x.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

794bbab5a7491ecff0d2f74cd48697eba94a25e45d6027b67f86d5cab8d953da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:56 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1538
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:56 GMT

GET
H3 200 klimaneutral@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 2 KB
2 KB 20ms
19ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/klimaneutral@2x.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c7e2f7e6132fd1fcffd09eea9041f2bbd74feea33743c80b4fcaa27415b88eea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:56 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2199
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:56 GMT

GET
H3 200 stoerer@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 2 KB
2 KB 21ms
20ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/stoerer@2x.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

01e109e5c28d7c54fda378c4c9cdc9a50abf46b480060eefb14c0c76ec8a63d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:56 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1640
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:56 GMT

GET
H3 200 logo2.svg
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 2 KB
1 KB 21ms
20ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/logo2.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

60f0f055fc233f379cbcb4136087ea4d530b57731cce0d2998ae9ba45f6eae13

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 08:07:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3974
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1053
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 14 Mar 2023 08:07:51 GMT

GET
H3 200 legals@2x.png
s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/ Frame 2860 10 KB
10 KB 22ms
21ms Image
image/png 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/img/legals@2x.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb24ca1f3d18475b3bebf4cd30d587331ad1f946043d3b64d096981f830d29e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/8888155456709807922/18-IWE-eSUV-Leaderboard-728x90-Range_Phase2/css/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Fri, 11 Mar 2022 10:11:56 GMT
x-content-type-options: nosniff
age: 255729
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9872
x-xss-protection: 0
last-modified: Fri, 11 Mar 2022 09:01:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Mar 2023 10:11:56 GMT

GET
H2 200 up Show response
insight.adsrvr.org/track/ Frame 0599 0
182 B 133ms
45ms Document
text/html 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://insight.adsrvr.org/track/up?adv=4qqx4oo&ref=https%3A%2F%2Fnets4.com%2F&upid=t9831l4&upv=1.1.0
Requested by: Host: js.adsrvr.org
URL: https://js.adsrvr.org/up_loader.1.1.0.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/

Response headers

date: Mon, 14 Mar 2022 09:14:06 GMT
content-type: text/html
cache-control: private,no-cache, must-revalidate
pragma: no-cache
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame FF2D 16 B
232 B 98ms
98ms Fetch
application/json 34.242.207.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.242.207.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-242-207-34.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.25

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 14 Mar 2022 09:14:06 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.25
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 136ms
39ms Preflight 34.242.207.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.242.207.34 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-242-207-34.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Mon, 14 Mar 2022 09:14:06 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 204 collect Show response
e.clarity.ms/ 0
48 B 210ms
209ms XHR
text/plain 20.62.48.180
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://e.clarity.ms/collect
Requested by: Host: e.clarity.ms
URL: https://e.clarity.ms/s/0.6.32/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.62.48.180 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://nets4.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

access-control-allow-origin: https://nets4.com
date: Mon, 14 Mar 2022 09:14:06 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 77AA 43 B
301 B 98ms
98ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=985734&asId=f4a73a82-cd92-803d-7c7a-b38988bf1497&tv=%7Bc:6PfliY,pingTime:1,time:2350,type:p,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:279%7D,%7Bpiv:100,vs:i,r:,t:1349%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1349,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:279,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1085~0,0~100%5D,as:%5B1084~728.90%5D%7D%7D,%7Bsl:i,t:1349,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:168,fm:t02RXtc+11%7C121%7C122*.985734-61500682%7C1221%7C1222%7C1223%7C131%7C141%7C142%7C1431%7C1432%7C151%7C152%7C1531%7C1532%7C161%7C162%7C163%7C171%7C172%7C1731%7C1732%7C18%7C19,idMap:122*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:07 GMT
X-Server-Name: dt37.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H/1.1 200
OK dt
dt.adsafeprotected.com/ Frame 77AA 43 B
301 B 99ms
99ms Image
image/gif 104.244.36.20
ADSAFE-1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dt.adsafeprotected.com/dt?advEntityId=985734&asId=f4a73a82-cd92-803d-7c7a-b38988bf1497&tv=%7Bc:6PfliY,pingTime:1,time:2350,type:pf,clog:%5B%7Bpiv:0,vs:o,r:r,w:728,h:90,t:279%7D,%7Bpiv:100,vs:i,r:,t:1349%7D%5D,es:0,sc:1,ha:1,fgad:1,fif:0,gmnp:0,for:1,b11:0,cnod:1,intblk:1,gm:0,slTimes:%7Bi:1001,o:1349,n:0,pp:0,pm:0%7D,slEvents:%5B%7Bsl:o,t:279,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:0,obst:0,th:0,reas:r,bkn:%7Bpiv:%5B1085~0,0~100%5D,as:%5B1084~728.90%5D%7D%7D,%7Bsl:i,t:1349,wc:0.0.1600.1200,ac:NaN.NaN.728.90,am:sp,cc:0.0.728.90,piv:100,obst:0,th:0,reas:,bkn:%7Bpiv:%5B1001~100%5D,as:%5B1001~728.90%5D%7D%7D%5D,slEventCount:2,em:true,fr:false,e:,tt:rjss,dtt:168,fm:t02RXtc+11%7C121%7C122*.985734-61500682%7C1221%7C1222%7C1223%7C131%7C141%7C142%7C1431%7C1432%7C151%7C152%7C1531%7C1532%7C161%7C162%7C163%7C171%7C172%7C1731%7C1732%7C18%7C19,idMap:122*,rmeas:1,rend:1,renddet:XIFRAME.qs.dr%7D&br=c
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 104.244.36.20 , United States, ASN7415 (ADSAFE-1, US),
Reverse DNS: nyidt.adsafeprotected.com
Software: nginx /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Mar 2022 09:14:07 GMT
X-Server-Name: dt46.303net.pvt
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Server: nginx

GET
H2 200 id5-api-2.js Show response
static2.creative-serving.com/ Frame 587A 33 KB
10 KB 325ms
22ms Script
text/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://static2.creative-serving.com/id5-api-2.js
Requested by: Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: UploadServer /
Resource Hash: b9f590b71a56c0601f7977e5fb4a4126964a8324cae426e43d454ee92978f8eb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:07 GMT
content-encoding: gzip
last-modified: Wed, 29 Sep 2021 19:23:14 GMT
server: UploadServer
age: 0
etag: "43e554f8c9787fa63a85955c07ba1918"
x-hw: 1647249247.cds167.fr8.hn,1647249247.cds208.fr8.c
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9982

POST
H/1.1 200 101.json Show response
id5-sync.com/g/v2/ Frame 587A 213 B
582 B 93ms
19ms XHR
application/json 51.89.7.205
OVH

General

Check archive.org

Show headers Download Go to

Full URL

https://id5-sync.com/g/v2/101.json

Requested by

Host: static2.creative-serving.com
URL: https://static2.creative-serving.com/id5-api-2.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.205 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p28.id5-sync.com

Software

Resource Hash

7a3bbd57390e3cff47bb8ea9715efacb77a07fffd03e3d32681193b4c9bb9b63

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
Date: Mon, 14 Mar 2022 09:14:07 GMT
Access-Control-Allow-Credentials: true
Vary: Origin
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/json;charset=UTF-8

GET
H/1.1

200
OK

pixel Show response
ads.creative-serving.com/ul_cb/ Frame 587A
Redirect Chain

https://ads.creative-serving.com/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse

770 B
1 KB

165ms
165ms

Script
text/javascript

54.183.143.74
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
Protocol: HTTP/1.1
Server: 54.183.143.74 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-143-74.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: fa99af8e0b57b84ff300cf6216647726a29cc1f36fc9ad1a5f434f5224787c5b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 770
Content-Type: text/javascript

Redirect headers

Location: https://ads.creative-serving.com/ul_cb/pixel?id=3156564&id5id=0&type=jsonp&cb=syncResponse
Date: Mon, 14 Mar 2022 09:14:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H3 200 stern_1-monat-geht-auf-uns11e97c57-a91b-4fd2-a613-1f482934ff36.svg
s0.2mdn.net/4528404/1645205885684/ Frame 48F5 10 KB
3 KB 18ms
18ms Image
image/svg+xml 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/4528404/1645205885684/stern_1-monat-geht-auf-uns11e97c57-a91b-4fd2-a613-1f482934ff36.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/1643485919913.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa9b9e9476912e73d9d1c2172e9091603d164d728c91c0e56f78023e861ec8d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61865000/20220129122402882/index.html?e=69&leftOffset=0&topOffset=0&c=urkHyfwn5E&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Sun, 13 Mar 2022 13:20:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 71638
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3508
x-xss-protection: 0
last-modified: Fri, 18 Feb 2022 17:38:05 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Mon, 14 Mar 2022 13:20:10 GMT

GET
H2 200 activity;src=4528516;pid=327246225;aid=505716516;ko=0;cid=157146807;rid=157313453;rv=4;stragg=1;&timestamp=1647249248530;str=Show%20Slide%200;strtype=1
ad.doubleclick.net/ Frame 065A 42 B
118 B 42ms
41ms Image
image/gif 216.58.212.166
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=4528516;pid=327246225;aid=505716516;ko=0;cid=157146807;rid=157313453;rv=4;stragg=1;&timestamp=1647249248530;str=Show%20Slide%200;strtype=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.212.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s01-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

google_sync_status
x.bidswitch.net/ Frame 587A
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=202
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=202
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=rprP-VdbRdK3zBw5QD6OYg==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1

43 B
220 B

19ms
18ms

Image
image/gif

3.120.28.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1
Protocol: HTTP/1.1
Server: 3.120.28.2 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-28-2.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 587A
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=354
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=354
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a195a7-24f6-4882-9a64-da544fb676e9&gdpr=&gdpr_consent=&gdpr_pd=

1 B
492 B

85ms
24ms

Image
text/html

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a195a7-24f6-4882-9a64-da544fb676e9&gdpr=&gdpr_consent=&gdpr_pd=
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date: Mon, 14 Mar 2022 09:14:07 GMT
cache-control: no-store, no-cache, private
x-lat: amspug015:0:350
server: nginx
content-type: text/html; charset=utf-8
content-length: 1
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Location: //simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=93a195a7-24f6-4882-9a64-da544fb676e9&gdpr=&gdpr_consent=&gdpr_pd=
Date: Mon, 14 Mar 2022 09:14:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H/1.1

200
OK

google_sync_status
x.bidswitch.net/ Frame 587A
Redirect Chain

https://x.bidswitch.net/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=93
https://x.bidswitch.net/ul_cb/sync?dsp_id=4&user_id=96c9b330-f27e-4ab2-81e5-b7d5cffd6109&ssp=&expires=5&user_group=4&cb=93
https://cm.g.doubleclick.net/pixel?google_nid=bdsw&google_cm=1&google_hm=w6cEzkvNTFqc1uJ7ZS2bSg==
https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1

43 B
220 B

20ms
19ms

Image
image/gif

3.120.28.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1
Protocol: HTTP/1.1
Server: 3.120.28.2 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-120-28-2.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://x.bidswitch.net/google_sync_status?ssp_name=google&google_gid=CAESEOQz3leEDP8jD44EgmQu0wQ&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 316
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

cm_nst
ads.creative-serving.com/ Frame 587A
Redirect Chain

https://adadvisor.net/adscores/g.pixel?sid=9212282158
https://aa.agkn.com/adscores/g.pixel?sid=9212282158&&bounced=1
https://ads.creative-serving.com/cm_nst?cookie_id=165020604090000136577

43 B
220 B

163ms
163ms

Image
image/gif

54.183.143.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.creative-serving.com/cm_nst?cookie_id=165020604090000136577
Protocol: HTTP/1.1
Server: 54.183.143.74 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-143-74.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:09 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:09 GMT
server: AAWebServer
p3p: policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location: https://ads.creative-serving.com/cm_nst?cookie_id=165020604090000136577
cache-control: no-cache, no-store, must-revalidate
content-length: 0
expires: 0

GET
H/1.1 200 1.gif
id5-sync.com/s/101/96c9b330-f27e-4ab2-81e5-b7d5cffd6109/ Frame 587A 43 B
1009 B 19ms
19ms Image
image/gif 51.89.7.205
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/s/101/96c9b330-f27e-4ab2-81e5-b7d5cffd6109/1.gif

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

51.89.7.205 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

p28.id5-sync.com

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:08 GMT
Transfer-Encoding: chunked
Content-Type: image/gif;charset=UTF-8
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
P3P: CP="CAO PSA OUR"

GET
H/1.1

200
OK

demconf.jpg
dpm.demdex.net/ Frame 587A
Redirect Chain

https://dpm.demdex.net/ibs:dpid=393426&dpuuid=96c9b330-f27e-4ab2-81e5-b7d5cffd6109
https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=96c9b330-f27e-4ab2-81e5-b7d5cffd6109

42 B
945 B

42ms
42ms

Image
image/gif

52.208.115.171
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=96c9b330-f27e-4ab2-81e5-b7d5cffd6109

Protocol

HTTP/1.1

Server

52.208.115.171 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-208-115-171.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v029-06c8808aa.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: M82O6CODTtY=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v029-0d59995ac.edge-irl1.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: x3ilUOi+SBw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=393426&dpuuid=96c9b330-f27e-4ab2-81e5-b7d5cffd6109
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

gcm
ads.creative-serving.com/ Frame 587A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=platform161_direct_new&google_cm&google_sc
https://ads.creative-serving.com/gcm?google_gid=CAESEF0UQbs8N8j5wTF8ILi3ajg&google_cver=1

43 B
220 B

163ms
163ms

Image
image/gif

54.183.143.74
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.creative-serving.com/gcm?google_gid=CAESEF0UQbs8N8j5wTF8ILi3ajg&google_cver=1
Protocol: HTTP/1.1
Server: 54.183.143.74 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-183-143-74.us-west-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date: Mon, 14 Mar 2022 09:14:08 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Mar 2022 09:14:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.creative-serving.com/gcm?google_gid=CAESEF0UQbs8N8j5wTF8ILi3ajg&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

57 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

56 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.nets4.com/	1970-01-20 19:05:21	Name: _ga Value: GA1.2.250819088.1647249242
.nets4.com/	1970-01-20 01:35:35	Name: _gid Value: GA1.2.1423834813.1647249242
.nets4.com/	1970-01-20 01:34:09	Name: _gat Value: 1
www.clarity.ms/	1970-01-20 10:19:45	Name: CLID Value: cae8f8980f0a4e8789a9da0e1f62b5ea.20220314.20230314
.nets4.com/	1970-01-20 10:19:45	Name: _clck Value: 119nrh6\|1\|ezr\|0
.c.bing.com/	1970-01-20 10:55:45	Name: SRM_B Value: 13F0BFBB2F5C63AB2DB4AEDC2E8E624F
.nets4.com/	1970-01-20 01:35:35	Name: _clsk Value: 1dfae47\|1647249243476\|1\|1\|e.clarity.ms/collect
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 10:55:45	Name: MUID Value: 13F0BFBB2F5C63AB2DB4AEDC2E8E624F
.c.clarity.ms/	1970-01-20 01:34:09	Name: ANONCHK Value: 0
.nets4.com/	1970-01-20 01:34:11	Name: __cf_bm Value: rXYw8AFTUi4RKX4fAhJ4rKy.3pm00M5ndti_ZCC37DU-1647249243-0-Aa8JDIbwC/2ys4nBAmIEx1H5Up7P1x3y2ucJxcykAg9zw5BRMr7u0LaqS/j1ufooECXlR6YZY7u4dcDXaX1RJ8OBRaYlTaVN68Eh0hABN1O9IrPcsb1xr2umJQhAYx2Saw==
.doubleclick.net/	1970-01-20 10:55:45	Name: IDE Value: AHWqTUllHF_aKXsgKFXMsy9oN6-2fk-Q30F0Skknmu5xK7KWEIflftB9oLxQs_xTtq4
.casalemedia.com/	1970-01-20 03:43:45	Name: CMPS Value: 3194
.casalemedia.com/	1970-01-20 10:19:45	Name: CMID Value: Yi8HXHC0mcpfNMP0FEBvoQAA
.adnxs.com/	1970-01-20 03:43:45	Name: uuid2 Value: 1820940989084189696
.casalemedia.com/	1970-01-20 03:43:45	Name: CMPRO Value: 1190
.casalemedia.com/	1970-01-20 01:35:35	Name: CMST Value: Yi8HXGIvB1wA
.nets4.com/	1970-01-20 10:55:45	Name: __gads Value: ID=bfd8fc8063d597c5-22e0aabf5bcd00ce:T=1647249243:S=ALNI_MapoOdaSGEzBgl-foCzG-0H396UjA
.adnxs.com/	1970-01-20 03:43:45	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GTur_3j!!]tbPl1M>e)ZlrFUfJ+tGXxoaK(Xr6PQ@WaADN.ZQkKg1XQbet^NCcG7ZUOtbpRzqF1`b_VQ$Nzp
.casalemedia.com/	1970-01-20 10:19:45	Name: CMRUM3 Value: 2d622f075c2760CAESEKSwY4G172cdMcpXhwSZzBs
.doubleclick.net/	1970-01-20 01:34:12	Name: DSID Value: NO_DATA
.adfarm1.adition.com/	1970-01-20 03:43:48	Name: UserID1 Value: 7074881631374083301
.redintelligence.net/	1970-01-20 03:43:45	Name: 8lcfmzhxc8d6_uid Value: 7fb56862e7f3586d
.awin1.com/	1970-01-20 01:44:14	Name: awpv14098 Value: 296283\|1647249245\|18920060-a377-11ec-81bc-2262d3a2196d
.awin1.com/	1970-01-20 01:37:02	Name: awpv22610 Value: 296283\|1647249245\|189311d0-a377-11ec-98fc-223366d53764
.ad-srv.net/	1970-01-20 03:43:45	Name: pwzdy6wsn8n7_uid Value: f602e0964f5460b6
.office-partner.de/	1970-01-21 01:34:09	Name: source Value: {"webgains_webgains":{"timestamp":1647249245404,"clickCookie":false}}
.zenaps.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377134:2470208
www.conrad.de/	1970-01-20 01:41:21	Name: HTLP_timestamp Value: 1647249245
www.conrad.de/	1970-01-20 01:41:21	Name: CEAffHA Value: YD
.www.conrad.de/	1970-01-20 01:34:11	Name: __cf_bm Value: mdo6SzZicX2cLXHL1v2JI6nJ7ItZU1ViTJy0J5hsDyc-1647249245-0-Abh9XaOcyty1LuRdkY6TDxaPPfb+FPmn6auxCrTFwZ8vDY/FSawV/yBFWnNhEnXaZZ7j9TQElNjPCToK0SF6sVE=
.emp.de/	1970-01-20 01:35:35	Name: HtLpTx Value: Awin
.awin1.com/	1970-01-20 01:35:35	Name: awpv14172 Value: 473322\|1647249245\|18f88a61-a377-11ec-98fc-223366d53764
.awin1.com/	1970-01-20 01:38:28	Name: awpv11354 Value: 473322\|1647249245\|18f926a0-a377-11ec-81bc-2262d3a2196d
.awin1.com/	1969-12-31 23:59:59	Name: AWSESS Value: 377134:2470208
.zenaps.com/	1970-01-20 01:38:28	Name: awpv11354 Value: 473322\|1647249245\|18f926a0-a377-11ec-81bc-2262d3a2196d
pb.media01.eu/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: ofccnyoesqehebuxy3kwit5f
pb.media01.eu/	1970-01-20 19:06:47	Name: DTU Value: 2EB457B489E031F386D7280B5DCE07FD
.creative-serving.com/	1970-01-20 10:55:45	Name: tuuid Value: 96c9b330-f27e-4ab2-81e5-b7d5cffd6109
.creative-serving.com/	1970-01-20 10:55:45	Name: c Value: 1647249248
.creative-serving.com/	1970-01-20 10:55:45	Name: tuuid_lu Value: 1647249248
.id5-sync.com/	1970-01-20 01:34:09	Name: cf Value:
.id5-sync.com/	1970-01-20 01:34:09	Name: cip Value:
.id5-sync.com/	1970-01-20 01:34:09	Name: cnac Value:
.id5-sync.com/	1970-01-20 01:34:09	Name: car Value:
.id5-sync.com/	1970-01-20 01:34:09	Name: gdpr Value:
.id5-sync.com/	1970-01-20 01:34:09	Name: callback Value:
.bidswitch.net/	1970-01-20 10:19:45	Name: c Value: 1647249248
.bidswitch.net/	1970-01-20 10:19:45	Name: tuuid_lu Value: 1647249248
.bidswitch.net/	1970-01-20 10:19:45	Name: tuuid Value: c3a704ce-4bcd-4c5a-9cd6-e27b652d9b4a
.demdex.net/	1970-01-20 05:53:21	Name: demdex Value: 90571250299572234893199256309585798109
.pubmatic.com/	1970-01-20 03:43:45	Name: KRTBCOOKIE_466 Value: 16530-93a195a7-24f6-4882-9a64-da544fb676e9
.pubmatic.com/	1970-01-20 02:17:21	Name: PugT Value: 1647249247
.pubmatic.com/	1970-01-20 03:43:45	Name: PUBMDCID Value: 3
.dpm.demdex.net/	1970-01-20 05:53:21	Name: dpm Value: 90571250299572234893199256309585798109
.agkn.com/	1970-01-20 10:19:45	Name: ab Value: 0001%3AF1xR3x45OUuLOgku2KLrexnCO8ouMt6h

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/popper.js/2.10.0/umd/popper.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://nets4.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://cdnjs.cloudflare.com/ajax/libs/bootstrap/4.5.3/js/bootstrap.min.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
other	warning	URL: https://cdn.ampproject.org/rtv/012202072236000/v0/amp-ad-exit-0.1.mjs Message: Unrecognized feature: 'attribution-reporting'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
87a36c82f0de177e4fd8f126bbd34d43.safeframe.googlesyndication.com
aa.agkn.com
ad-server.eu
ad.ad-srv.net
ad.doubleclick.net
ad11.ad-srv.net
ad13.adfarm1.adition.com
adadvisor.net
ads.creative-serving.com
adservice.google.com
adservice.google.de
adv.office-partner.de
ajax.googleapis.com
analytics.webgains.io
api.purpleads.io
api.webgains.io
asset.conrad.com
ba3b28dbe403b628112747139ddce5df.safeframe.googlesyndication.com
bcb911bf7390e7f5e0a50eacf851970d.safeframe.googlesyndication.com
c.bing.com
c.clarity.ms
c488df5e09f450f7d1c9181239a2a8b7.safeframe.googlesyndication.com
cdn.ampproject.org
cdn.contentspread.net
cdn.purpleads.io
cdnjs.cloudflare.com
cloudflareinsights.com
cm.g.doubleclick.net
csi.gstatic.com
dpm.demdex.net
dsum-sec.casalemedia.com
dt.adsafeprotected.com
e.clarity.ms
e6f79efdbf4ad2814bf87e615c6936ae.safeframe.googlesyndication.com
fonts.googleapis.com
fw.adsafeprotected.com
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal90008.redintelligence.net
htlp.emp.de
ib.adnxs.com
id5-sync.com
imagesrv.adition.com
img.nets4.com
insight.adsrvr.org
js.adsrvr.org
media.acfrg.com
nets4.com
pagead2.googlesyndication.com
pb.media01.eu
play-lh.googleusercontent.com
pv.medialead.de
s0.2mdn.net
securepubads.g.doubleclick.net
simage2.pubmatic.com
static.addtoany.com
static.adsafeprotected.com
static.cloudflareinsights.com
static2.creative-serving.com
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
us-u.openx.net
www.awin1.com
www.clarity.ms
www.conrad.de
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.zenaps.com
x.bidswitch.net
104.111.239.217
104.244.36.20
104.90.104.248
108.157.1.118
138.201.63.150
138.201.64.38
142.250.181.226
142.250.185.194
142.250.185.98
143.204.215.68
145.239.193.130
151.139.128.11
156.154.202.32
178.79.242.245
185.33.220.145
185.64.189.110
20.62.48.180
216.58.212.166
217.79.188.11
217.79.188.54
23.218.208.246
2600:9000:211e:d200:c:6264:8240:93a1
2600:9000:214f:f000:8:48e:53c0:93a1
2600:9000:225f:de00:13:99a2:1280:93a1
2606:4700:10::6816:46c5
2606:4700::6810:125e
2606:4700::6810:5e41
2606:4700::6810:5f41
2606:4700::6812:7e05
2607:f8b0:4007:816::2003
2620:1ec:27::cafe:2250
2620:1ec:c11::200
2a00:1450:4001:800::2002
2a00:1450:4001:802::2003
2a00:1450:4001:803::2002
2a00:1450:4001:808::200e
2a00:1450:4001:809::2001
2a00:1450:4001:80e::2002
2a00:1450:4001:80f::2002
2a00:1450:4001:811::2006
2a00:1450:4001:812::2001
2a00:1450:4001:813::2002
2a00:1450:4001:813::2008
2a00:1450:4001:82a::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:82f::2004
2a00:1450:4001:82f::2016
2a00:1450:4001:830::200a
2a06:98c1:3120::7
2a0b:4d07:102::1
3.120.28.2
3.127.157.8
3.94.45.13
34.242.207.34
35.244.159.8
35.71.131.137
46.236.13.147
46.4.10.47
51.89.7.205
52.142.114.2
52.208.115.171
54.183.143.74
54.72.219.124
54.76.176.197
78.46.23.46
85.114.131.233
88.198.250.30
99.86.7.104
01e109e5c28d7c54fda378c4c9cdc9a50abf46b480060eefb14c0c76ec8a63d0
07b5f92df996337bfc2b1438c0180d660a203528e7b4d7d554a0fcfd318616c3
081739c8430afe817f3eb0e1af50b5642a758fdd4375ce4326af5786421432b2
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
09410de2bdd6b63d7e02e4c71f582bb1d5a2c7b128c5852426421ba7dcaf378b
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c3ef0fe1d5c711af4c60a08deade283176a3d383c685e4738bc7ac836201658
0d9e01b9d5e699b7447166133743777420aedd02befd2cc7afcf7f9d19e517fd
0f7d61ba23f60b53e637eeab02ff9ba7227f58da8a7667d1aeef9d4ef3b09198
10fca45d30096fc258d163583c77d4f1804eb9474de69a972394a0ea01b44be6
126bd7d4d54da30dab5bd244abc46a258e4cb6233f1b9a25963c51174d8b359c
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
153d00d39b4af16e1dfb6ef30a482a5274d8478f3719c0beb4e6b20dd8f6e70c
15f9c75454fbc8c7a512938af4ebbe852cd2fe82b8bd32ec98222a231b8a7e12
17a97981604a1fe56f8804e77655010e70cbfbbac2c66e03a303e876dfd72640
1a8fe81fdbc6b0a1d19ab816ee65a864e4240b9a2435fc8fc222d3035e0debd5
1af3b3d1d392da6c48dd7483de1db04f952f58bd852d7858144e9b61b6baf0a0
1b58826e6e8364bd38047e63ddef0f1a8c4f29926d9622d2902f6615a75ef77a
1d019867c120344469403527c7d958861b81d0fc873813c97ee135f707d74122
1d5e00204f4ea630c533911008ce178f57171178f730d0d62652ad0b94b9e538
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1ffbc15c6fa9a7320f4637cb6d72866831896a649a8a7bcc7cb84f59abe1cf46
21af66f64bb18b1159ee363a933d5630e27419c83915d4d5ef42d8154f3921da
2255ec4c3254a41b448889224b2cc5c32f8d6f8a6165d3c58aa6523f86c0957c
22d7e00449ca81f34b0926fe4573ec056a674d959ad42d7fa0ad680e90f27992
233bc983d773cb9a38ca251753bd43f9a2288279fab44598b49c433b32f6d285
23cc8f32949c8b6960b1a4ca216ccaff2db4b769f6565bef2ee1fa954e072029
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
273f55341c678dfe399dbb8b7b0690eb931a4b044a1afed9aaa2bc3ef1a8a070
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2aeff6ec3388af6499e38871e81b02311bfb40c7216a75ecbf1eccd8231e02c8
2b6f1eb36a20dba643c7dd756ff378dc44e95baa20a61a30be9706e16835508c
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332dd9d8872171a7ce122129c088ef587eb876ee04f178f5e62310dff3747514
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
3586c048d2f7cc6b31672cb68dfedc137d24c60eb17ca35c8445d0c32eea7d8f
35c06f175466a0e90ee4e2be4a22c47b68d662fe853682a939f879b0dfc14ef6
36133ca07927c88a7cc578fddbaed3c668ab75087834d0ca13dca5de4ec856c1
3671ee896a4443456a3a3f02218b9a67dd83f4378689b08f0bd58bf4f4a4dd1c
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
372ddb86deaa3e11e5a4b1eec16924bcd6e6232bc8bab79338426b2faff7e7dd
373fa838ff5b13149d2c6dd3af907d1d50948f0d16142cc683287f5cb482fa7a
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
38bf08369b9d72ce4d22d5b555e9e5ee2e7a5fab8980ba2787f47d89d55e2c99
3ce62b1bae80928fb5cd858d3d5bfc0717270cb07abd0b8fb32f6eeced953499
3e8387df6ed7a0f09a18bac8cfaff2ad241f4fd8fcc34a8fb246fa540cf8a41f
3f6ded28a1c0c06b0bddf65b5d390b0471dfd31f069435d19c2bb3f739cfae90
42305cc1b5e64926c5dde08e513f3697dc7ca902da6898fb6b42dc111351bdaf
43ca6796dc60160d76a7770ff3c989a0be6b5f45cd8dd4f32b2dbabc1f9d1173
44a4125499aa0a4a340b196f8629c1c3cde2275dcb3e7134da488ba809179075
44add8fe3709838941acbb8b052999c145bd5d81b87173059a6c73c4fe4ddb6e
4776f74f19ff20faa356f2a4c8fc47e3a3959ca6342e46a567af3f2a62ae97f3
49d1ce328e23cad4f2708ac8d19febf13cb9da62b30da917d6526c1849f32219
4a4a933636cd4b3d485a329f89aa90eaf6e4ff147080fbbc53f080802f7690f1
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d3c1b2e5ce8406ffae9a1e36a8ef48ed74c96909cfe4d81bfc38f05b45f1f46
4e01b78a49120236ba43f197dd7cddfd52b038aac2e96cb119ec3d80b9f8e1b7
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e6915e96fdab4f4df0f6a040399d678eff68180a46da1563785430a8c5d472d
4eaad5028b82a89fd08b03ab334b267e51797026c4adb0b71aa96e913913c9ad
4fef239ebd936e96f316dee1aca599952e7adaaba26fab72b45328871855ac4b
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51ecd26b92c8cdf28b9e49416917ea85b85ac471e64a2a97b62081ece3e8ac12
52dc02379fad545d3153e0ae2ef5db0db4cdf242c81d4dc3e5617bcf29adbd22
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
56090af142d1c36fb5a7ce70ba62303740c4efe24acc1dfe2941ec4d94fb0c0a
587259314084a04755f0dfb2d0f0e9f07bdf03a575352e366e308d2e19cfc70a
5a396256710df1413396ccb6403e17cecfdb7f0fc80a4a85af4c1f8ab41165d8
5e2427fe5b7af1999b6641be9c00c26275b448ad842912f3e0001454717b6773
5f566f69e8fba0d89e04a3fc479dc036b337179333270ab01811550b8579e8ba
602a0b79b114535596528d231d077eb839762a02895d40df2b4c4afb65433d37
60f0f055fc233f379cbcb4136087ea4d530b57731cce0d2998ae9ba45f6eae13
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
62760269c62541e5b1720abc27e59262e9c375a1b0488f11df70fd504078431b
62ab857ca9839ee735919642d7a9af19237b879c0f81bf2124679a1ddf68b086
6313b7c2121bd182a484113efac078bcc15073de8ec167008c3088bc1bcae472
68026f99511fbc5c2275b7068b5fac19797d638977ffb9db12c5c1523614c18f
691d4bd7b9b31f9ab1b1837e7d956e0e3041ef63c1ee0edee8ca6208a4234efd
6923d2a280d7f185a9a971c0aeab060b17f8def039b1205aa60f7f929b82f2c3
6a0d1d5c9fb2d04126bf1ee3e33f4fe25b41f507e7094d83cbc0c0728f1e1a13
6bb77d20dd85b4bfae78affeef6ee91869bffa0ef53ed9c8ab9c2a526d0180c5
6f659e3023e217c28f10fc0b5aaf8997e1cf9be8d697b5684f23263de38c8277
704f6f54ae77cd5ea0a0bf47ebb70727a9bd76a311d7e54788ad3dc79b366739
70e0a3b2c82384039a2e4b31c305c9ef1f72a59b585acad421c54a6101a25237
7185190e99034cb89a0b114a5ba3c80f0803e34a9d860c4f1dc93f6bee202f31
7429a87c0b98d5cb5eae40cf640475d18fda8d0c33be2185bfeb8a75459be075
75a78072b6693324154063fec9bd719b13427c109796e632f7677f81884ef316
794bbab5a7491ecff0d2f74cd48697eba94a25e45d6027b67f86d5cab8d953da
7a3bbd57390e3cff47bb8ea9715efacb77a07fffd03e3d32681193b4c9bb9b63
7d4ac426d72c5e5428fce340a7a4326e95ef664b36070f58e3fc77ecffba86af
7fd59024b6ca83f11f7a3448ec148309a13b705725716df134f699e60a96eb1b
81016ac6be850b72df5d4faa0c3cec8e2c1b0ba0045712144a6766adfad40bee
853a8c7e34be5549a44fc541e13876f5c2838123142f527dab2265950feaeefb
8634bb73f7abf77727ba3422879ac3c382330db044b7edf4bc993589984fed25
86a676d25a23c478b5064a3f6d9275179f67de2bbebe1bfa842719f73658650a
88580ca2e0450c557fc225dbd5cc74cf747c36f74c2f2dfc8b898bd4052ba33b
885bfee521e4f60315f393a2e5fc01e059a66ba7e747da708cf377f025f8b033
8a33118fd2643b9c74929a98ef8a371a0294f55772861bd2535dbe82706f3cf2
8aeb7e54c9489ecc7478fb5a9c4ac1ae96e861379179df83e06b28fc97cfa1a0
8f52ae059ebd18fcb45ca5d2f81ab410ade2b54e096aa1284fd4b2b97bf3ddc9
93b1f78578f169d4f472ecda3c79d72e81fa9e199bdb979d13139f5ddbe5a06d
93d3df6d6c78d7d717c43224af26d76263567f7367465190551daf278e96bbfe
947e22d9ed05fbe3f5ed3c4ee35618a1910a85968f48a22c0277f9936f2eb769
964a10f7ccf077c14f2d284968f9280c858d7c2f63a368d6ec4b542c86acd1b9
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a1b337d9b6e14dd8cb3464a28a86e107ae74ebcf2fce58f9e0ecaf493465a6a
9b83a0254585c8941ae1e2b4d6498c46d0a5367d626b4b386bf52dbd66ea82f0
9bbde4e879f5cc6d8e98b1e5605898a933825190f867b66285b084bc3ee785e9
9e93b3f6fe5f98af593270e0d8496a56b88d5cece13a004fa76d937df28ade70
9f1af6cc37dc61ec618efe4e3ca084350204c33aa203cc393c69dc98269e7f99
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0163cf949cea5a556b144eb406773e848d3f639848858e5eafa49657b5927f4
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2040ecb8d5152c3b706b71c256083d1d4caeb49e72dcfc16c1a1f25e95ef9bb
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6f91b2c590d6df86780df4f601e4663422109c72235afeb5d2dd5ba9cbed261
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7bf66779741ff23e29accfb5a42df4df52ef56eec47ae7984f90ccbdff196ff
a7d4139a86f5c5467ae6cb400f0ae7b95995f6ed3da681d17ce1cf8fdc6a0ca1
a9146864b77d6766fbe12dfd0a9f558476353af27e4f0a74703c16a81759f31b
a96a9acced3455fc947b63309360f7efa07455eeb1fbc158e11aff7a0fb13c00
aa9b9e9476912e73d9d1c2172e9091603d164d728c91c0e56f78023e861ec8d6
ac90aaa0a780549fc9faadcf2182fe5b0d6b769a585e8945cfff3612c29e055b
af18138f0b637528ef79542d0c017324886748e9abc5613e5835108935dffc63
af42f8a986eefec222a68474cc9c9591028b07b082157631d810ecbbf4a652fe
afb59150a1f7f411de7c7d466c4bad4ebcfbc29a7312e514a6eeb8161b5176fc
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b28b3c63b3f587cebf4e73ade5bc4e806c2b8f4f8bf1503b91cb75f1f5eab60a
b3eb10c5b352738c896a94524d5f151bc98aa7972d8624027a0465a8ad9945fe
b40c235d865f04ad3e1fea5537eb1f1f149274cfa9a7b1ded8b5db8aba98663f
b4d8865fb54954d564f2f1025cc9f8fd5f8d8edcc27c0e8ce98d3509070a5bce
b9f590b71a56c0601f7977e5fb4a4126964a8324cae426e43d454ee92978f8eb
bafa1db2a6708b6401e11e0b2ac4c5bb6eddf4c25e5a83b7eb391fe42ab34a2f
bb24ca1f3d18475b3bebf4cd30d587331ad1f946043d3b64d096981f830d29e9
bdeed1e1c0751610c8f3dc2a5c78c93f841c366b36a7f7a54f5e6752c2656c05
bec18ada6631a132ac08e06cadc41662c34442d10596b7bfd27862ed7157b5c2
c00983dee008b49458960478c1cb482043faa725f62c00717915fabddb69bfa6
c17fb610d7475b545627be2eab2ecdcb0db5ef9191df9652b58ae5956429b855
c6ce2b47cde7cf913a3c34ddce355fa9c75012577dd34c35928add8676cb7fa0
c7e2f7e6132fd1fcffd09eea9041f2bbd74feea33743c80b4fcaa27415b88eea
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cc75a8153b85babca97007c5bbc1770a22542b8588f847117fa175e8e5aefa56
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d10c5878ffaa543f270227e1b7a2c12e93d24b76b9b7996f98aa62ddb19be0e8
d3ef00ccf0d1329768a9546012c96ecb5ac031695b0418da9ae3297979ad60bb
d6f5f18739f0283839c99bbf200d7fadbee9ee2917ee0a5124a96380a5e9eb36
d8968086f7509df34c3278563dab87399da4f9dcdfb419818e3a309eedc70b88
d8c2904353a6a46fcd06c4afcb03c62aa1fcb844a387f49b62655406ab5a10b0
daf064e245abe4fc5553b1a6b580687dfeb2e60fa846f0deee5b4e5bad312543
dc3754a72ca7c6be59d02b3f13e431ceb5d6c6bc8e965e7c3f12928ebb609da7
df16ae2f3f4c003e55aa93796b78c0ab73e0155ae32bea72cee59d1e0832f92d
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e30f848c353b8ab801c18d2109527cb32a27f145262dccb3cd4db9f309cc53bb
e33df0d2cac5e19b7b65ec902963483c307594d39cde9bcb8b08838ea1d3d53a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e866202c7cd97ca18ec2427347648fc7f59ec50083cfa249f50ee42b72d26bc1
e92cc74b113b159bb550e56caf75cedafe95c4ba3dd37046a383f6935de3a225
e9b62726c16a24a6c96dfdf09813ae3f6d676bec3d70d8665035e138711e4d91
ea795a298e37c1cd48937e8d9b242162d213ebaa07c997769a6bfe4b4d8ec411
eb80cf04629e90757b77bb4b0a4c19b149b9de6d31a5fcf63eb47c411ce60c18
ec068031a38f2d97255ddf90e6d75a5538a3b0ea29510482d1909c5a1a10ad74
eca8e8e2f07d1010b65e0da46357c9c471f2af7215b989ed6088e4cee7577061
ed29dee1a9df18ca0e067944eddfad69422ccda9b4fe616cc69be23eb599c3d8
ed45fba354557d5f470306d013ef3314b24b5740d6cdf9c6be31a92a37ceeaab
ed5f8a37a9ba74f308e226ef1b2d53467d720553c552875370b31fedd3433cc4
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0f382f3320ade05dd14f969ff7dd9d894c6a6571165ab6d7fcdade2f4836dfc
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
f70751d4b3f5d5c9f208ea16e8cbcac3c6abf1bda80357da3fcd21dde4333449
f74981da16193eb036148935c498f9e2d235182da16284c0750ff0edcc2aceb9
f77c0d1739b618edc4a01ca3f6b2990b01a3009030af49ee8cf68e83052df194
f98ff8ab059bdef9ea7fe9165a4e74fce15166abdbb8dd25307b7b7d9ac26ddd
fa2cb0f5bc4821f026a2a942630d9d9342271e59aa6d3f20f67a9ae349ca8900
fa99af8e0b57b84ff300cf6216647726a29cc1f36fc9ad1a5f434f5224787c5b
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
fdecda5ee87b28e579c5b61ef0f86e7fff85c838ff0a06450feee13a5877ed0b
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

nets4.com Open in urlscan Pro 2a06:98c1:3120::7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

355 Requests

92 %HTTPS

43 %IPv6

48 Domains

75 Subdomains

66 IPs

7 Countries

8268 kBTransfer

13236 kBSize

56 Cookies

15 Outgoing links

Redirected requests

355 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nets4.com Open in urlscan Pro
2a06:98c1:3120::7 Public Scan

Screenshot
Live screenshot

Full Image

355
Requests

92 %
HTTPS

43 %
IPv6

48
Domains

75
Subdomains

66
IPs

7
Countries

8268 kB
Transfer

13236 kB
Size

56
Cookies

355 HTTP transactions
6 data transactions