observatorul.md Open in urlscan Pro
194.31.42.8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://observatorul.md/
Submission: On February 23 via manual (February 23rd 2023, 10:30:14 pm UTC) from MD — Scanned from DE

Summary HTTP 305 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 40 IPs in 10 countries across 27 domains to perform 305 HTTP transactions. The main IP is 194.31.42.8, located in Floresti, Moldova and belongs to NEXT-AS, MD. The main domain is observatorul.md.
TLS certificate: Issued by R3 on December 14th 2022. Valid for: 3 months.

This is the only time observatorul.md was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
25	194.31.42.8 194.31.42.8	57713 (NEXT-AS) (NEXT-AS)
4	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
5	2a00:1450:400... 2a00:1450:4001:82a::200a	15169 (GOOGLE) (GOOGLE)
68	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::2008	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80b::2004	15169 (GOOGLE) (GOOGLE)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
15	2a00:1450:400... 2a00:1450:400d:80d::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:400d:805::2002	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:828::2001	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
13	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0b::9a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400d:80a::2003	15169 (GOOGLE) (GOOGLE)
30	2a00:1450:400... 2a00:1450:4001:803::2001	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400d:802::2002	15169 (GOOGLE) (GOOGLE)
17 22	142.251.39.34 142.251.39.34	15169 (GOOGLE) (GOOGLE)
10 20	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
8 13	185.83.142.19 185.83.142.19	29990 (ASN-APPNEX) (ASN-APPNEX)
2	35.244.159.8 35.244.159.8	15169 (GOOGLE) (GOOGLE)
2	104.111.217.42 104.111.217.42	16625 (AKAMAI-AS) (AKAMAI-AS)
39	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
8	116.202.48.214 116.202.48.214	24940 (HETZNER-AS) (HETZNER-AS)
1 4	78.46.23.46 78.46.23.46	24940 (HETZNER-AS) (HETZNER-AS)
8	142.250.180.226 142.250.180.226	15169 (GOOGLE) (GOOGLE)
3	138.201.84.244 138.201.84.244	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:401::1 2a0b:4d07:401::1	44239 (PROINITY ...) (PROINITY PROINITY)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2 4	2a01:4f8:d0a:... 2a01:4f8:d0a:2321::2	24940 (HETZNER-AS) (HETZNER-AS)
2	49.12.16.151 49.12.16.151	24940 (HETZNER-AS) (HETZNER-AS)
2	18.170.235.198 18.170.235.198	16509 (AMAZON-02) (AMAZON-02)
2 4	142.250.186.166 142.250.186.166	15169 (GOOGLE) (GOOGLE)
2 2	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2	65.9.66.92 65.9.66.92	16509 (AMAZON-02) (AMAZON-02)
2	99.86.4.52 99.86.4.52	16509 (AMAZON-02) (AMAZON-02)
4	35.177.2.226 35.177.2.226	16509 (AMAZON-02) (AMAZON-02)
305	40

25 194.31.42.8 (Floresti, Moldova)

ASN57713 (NEXT-AS, MD)
PTR: www.airlink.md

observatorul.md	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

68 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80b::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2a00:1450:400d:80d::2003 (Ireland)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:400d:805::2002 (Ireland)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:828::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0b::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:80a::2003 (Ireland)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:803::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400d:802::2002 (Ireland)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 142.251.39.34 (United States) 17 redirects

ASN15169 (GOOGLE, US)
PTR: bud02s38-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 185.80.39.216 (Canada) 10 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 185.83.142.19 (Amsterdam, Netherlands) 8 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.217.42 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-217-42.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

39 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 116.202.48.214 (Krefeld, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.214.48.202.116.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 78.46.23.46 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.46.23.46.78.clients.your-server.de

hal900023.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.180.226 (United States)

ASN15169 (GOOGLE, US)
PTR: bud02s34-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 138.201.84.244 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.244.84.201.138.clients.your-server.de

hal900026.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:401::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a01:4f8:d0a:2321::2 (Gunzenhausen, Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)

cdn.retailads.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 49.12.16.151 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: lb-1.futalis.de

futalis.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.170.235.198 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-170-235-198.eu-west-2.compute.amazonaws.com

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.186.166 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f6.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 94.23.99.218 (France) 2 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 65.9.66.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-92.fra56.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.86.4.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-52.fra6.r.cloudfront.net

cdn.track.production.webgains.team	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.177.2.226 (London, United Kingdom)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-177-2-226.eu-west-2.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
105	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 102 d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 140	679 KB
52	doubleclick.net 19 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 184 googleads.g.doubleclick.net — Cisco Umbrella Rank: 35 stats.g.doubleclick.net — Cisco Umbrella Rank: 77 cm.g.doubleclick.net — Cisco Umbrella Rank: 202 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 319 5994599.fls.doubleclick.net — Cisco Umbrella Rank: 221779	356 KB
39	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 271	764 KB
25	observatorul.md observatorul.md	2 MB
20	casalemedia.com 10 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 531	14 KB
19	gstatic.com fonts.gstatic.com www.gstatic.com	597 KB
15	redintelligence.net 1 redirects hal9000.redintelligence.net — Cisco Umbrella Rank: 35870 hal900023.redintelligence.net — Cisco Umbrella Rank: 302466 hal900026.redintelligence.net — Cisco Umbrella Rank: 341235	110 KB
13	adnxs.com 8 redirects ib.adnxs.com — Cisco Umbrella Rank: 203	14 KB
9	google.com www.google.com — Cisco Umbrella Rank: 2 adservice.google.com — Cisco Umbrella Rank: 73	43 KB
6	webgains.io analytics.webgains.io — Cisco Umbrella Rank: 18601 api.webgains.io — Cisco Umbrella Rank: 51787	62 KB
6	medialead.de 6 redirects pv.medialead.de — Cisco Umbrella Rank: 49470 medialead.de — Cisco Umbrella Rank: 49025	2 KB
6	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 183	290 KB
5	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 36	4 KB
4	retailads.net 2 redirects cdn.retailads.net — Cisco Umbrella Rank: 105848	11 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 44	125 KB
2	webgains.team cdn.track.production.webgains.team — Cisco Umbrella Rank: 46652	875 B
2	ad-server.eu ad-server.eu — Cisco Umbrella Rank: 114828	624 B
2	webgains.com track.webgains.com — Cisco Umbrella Rank: 40433	4 KB
2	futalis.de futalis.de — Cisco Umbrella Rank: 158522	801 B
2	media01.eu pb.media01.eu — Cisco Umbrella Rank: 48696	787 B
2	office-partner.de adv.office-partner.de — Cisco Umbrella Rank: 132014	2 KB
2	teads.tv sync.teads.tv — Cisco Umbrella Rank: 1218	344 B
2	openx.net us-u.openx.net — Cisco Umbrella Rank: 422	418 B
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 87	63 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 30	20 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8947 www.google.de — Cisco Umbrella Rank: 6149	939 B
2	wp.com stats.wp.com — Cisco Umbrella Rank: 2729 pixel.wp.com — Cisco Umbrella Rank: 2533	3 KB
305	27

	Domain	Requested by
68	pagead2.googlesyndication.com	observatorul.md securepubads.g.doubleclick.net tpc.googlesyndication.com d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com pagead2.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.googletagservices.com
39	s0.2mdn.net	observatorul.md s0.2mdn.net
30	tpc.googlesyndication.com	securepubads.g.doubleclick.net tpc.googlesyndication.com d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net
25	observatorul.md	observatorul.md
22	cm.g.doubleclick.net	17 redirects googleads.g.doubleclick.net
20	dsum-sec.casalemedia.com	10 redirects googleads.g.doubleclick.net
15	fonts.gstatic.com	observatorul.md fonts.googleapis.com www.google.com
13	ib.adnxs.com	8 redirects googleads.g.doubleclick.net
13	googleads.g.doubleclick.net	pagead2.googlesyndication.com d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
8	googleads4.g.doubleclick.net	observatorul.md
8	hal9000.redintelligence.net	d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com hal900023.redintelligence.net hal900026.redintelligence.net
7	d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	www.googletagservices.com	d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
6	www.google.com	observatorul.md www.gstatic.com www.google.com tpc.googlesyndication.com
5	fonts.googleapis.com	observatorul.md s0.2mdn.net hal900023.redintelligence.net hal900026.redintelligence.net
4	api.webgains.io	analytics.webgains.io
4	5994599.fls.doubleclick.net	2 redirects observatorul.md
4	cdn.retailads.net	2 redirects futalis.de
4	pv.medialead.de	4 redirects
4	hal900023.redintelligence.net	1 redirects d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com hal900023.redintelligence.net
4	www.gstatic.com	www.google.com www.gstatic.com
4	securepubads.g.doubleclick.net	observatorul.md securepubads.g.doubleclick.net
3	hal900026.redintelligence.net	hal9000.redintelligence.net hal900026.redintelligence.net
3	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
3	www.googletagmanager.com	observatorul.md adv.office-partner.de
2	cdn.track.production.webgains.team	d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com track.webgains.com
2	analytics.webgains.io	track.webgains.com
2	ad-server.eu	d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
2	medialead.de	2 redirects
2	track.webgains.com	observatorul.md
2	futalis.de	hal900023.redintelligence.net hal900026.redintelligence.net
2	pb.media01.eu	hal900023.redintelligence.net hal900026.redintelligence.net
2	adv.office-partner.de	hal900023.redintelligence.net hal900026.redintelligence.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	us-u.openx.net	googleads.g.doubleclick.net
2	www.youtube.com	observatorul.md www.youtube.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
1	www.google.de	observatorul.md
1	stats.g.doubleclick.net	www.google-analytics.com
1	pixel.wp.com	observatorul.md
1	adservice.google.de	securepubads.g.doubleclick.net
1	stats.wp.com	observatorul.md
305	42

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.instagram.com
t.me
twitter.com
www.youtube.com
api.md
anunt.observatorul.md
consiliuldepresa.md
stopfals.md

Subject Issuer	Validity	Valid
observatorul.md R3	`2022-12-14` - `2023-03-14`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-02-01` - `2023-04-26`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
teads.tv R3	`2023-02-21` - `2023-05-22`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-02-08` - `2023-05-03`	3 months	crt.sh
redintelligence.net R3	`2023-02-08` - `2023-05-09`	3 months	crt.sh
adv.office-partner.de R3	`2023-01-01` - `2023-04-01`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2022-05-20` - `2023-05-21`	a year	crt.sh
*.futalis.de R3	`2023-02-16` - `2023-05-17`	3 months	crt.sh
*.webgains.com Amazon RSA 2048 M01	`2023-02-22` - `2023-07-13`	5 months	crt.sh
cdn.retailads.net Encryption Everywhere DV TLS CA - G1	`2022-06-17` - `2023-06-18`	a year	crt.sh
*.webgains.io Amazon	`2022-08-23` - `2023-09-21`	a year	crt.sh
cdn.track.production.webgains.team Amazon	`2022-09-29` - `2023-10-28`	a year	crt.sh

This page contains 44 frames:

Primary Page: https://observatorul.md/
Frame ID: F8272DD78548E30F8DAC6084337ACA70
Requests: 61 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3A52DC2A4FD9475D2CC8ECEF7D820EF1
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 88DE56E9B5F0590532E15FD2CBA613ED
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 01C0E669A3A6B4287C241DCCA04D5AA8
Requests: 1 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 6B586CCCC2DE58B51B1B01FD11785DFF
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230221/r20190131/zrt_lookup.html
Frame ID: AC4F98EFB86E650F7EF5C7A8D32E39A3
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&co=aHR0cHM6Ly9vYnNlcnZhdG9ydWwubWQ6NDQz&hl=de&v=Nh10qRQB5k2ucc5SCBLAQ4nA&size=invisible&cb=kp5joepu8531
Frame ID: 62603D4539818B90140F317169513479
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 9124D9244805C71CA228F0972FFCFE62
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 64F2850CEAD02D9E9E0490529C35A6EA
Requests: 2 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 0B7665EE8A7381F15AE8E83CC3793A20
Requests: 19 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 590F45C7956C160CE51E0E5B8407FEF0
Requests: 18 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 296488119444834E9C5C5C19D599925A
Requests: 20 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 412E8420C99E7F4EE2731F77DE3E7612
Requests: 18 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A2672312FA41C775BD96EABFDDA715CD
Requests: 18 HTTP requests in this frame

Frame: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 30D47BCD664207AED3FC04AC6F83252F
Requests: 20 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYmLmlaDAB&v=APEucNUsnhNOcEw2F638wWBaOah8G-eJ2ZmqEuOdB04VME63xMLKDxFb-71TZ_2qRlkpplLVUZEKpUsvMQaNYWDivfkzIHO1loe12Hk2yrC7jzMujBGjS2rh_Da1__ygyMhXTLdNU83akfAO27Wb4C7MGNWCS8c3SsWrZE3VPufecavVRWJ63bE
Frame ID: 50A3136BB3337C226A1CD95DBC66AD4A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNUFf5NxL_r54l3DdP2J_ku29_1I95FQ4k3B-yD7s1PlfE8g35g-mIvobwJ3po6veh8puNWaQodOUddP26vgpyoL-_yJ7k5pkhSgDV3Lr-l-pxfrtYNFhsjdjfGsarZBPMYG8h-UqjBxSB4NJ9wE1xjTJfYMJk5mzX6_eD157hVYVeI8BEU
Frame ID: 7FFD60E3141D383833CC28E9EAC13BFE
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5oLvGATAB&v=APEucNVt0H00OMKT-YMO4ME2dAzOus0xmUMXPmUKzvpiWjyNnshAvBqfwinS4Tv8oGu4DfEnx-hKDMZ5NgmpIr1jYjNSJtmzFiSXIK_B-Kbi8QRVuU-tHHwNrpoVTLNw7Kg1ihrj1aNEbA2FRCm19wKAGZsmQjC5s0xjdCJFPBrMQKua2W-k6Qs
Frame ID: 5F0BB7DC4C87E3473A321172CEBE122A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjbifncATAB&v=APEucNVQZQVv6S6D6R1oct-ijqMj22WZzFS2BGcafu9yBBbUONrKJTHdLTbPmrWSAOWgbvO3SU4P5HKK8qE4tsEAH9P7XpIeoobXbFYHhD_Pyu8B2-LztQFJhV112jKHKdCJkMAtJp4uTcJoXRLnUlsTXszupNaBEdjfirX500IQE570s7nNxe0
Frame ID: CBCD682AF1AAAF6B6496E6FCE6FDEAC8
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNV83V_Or6cdKtxJ5SV7AVhpnvyVTH-LRRN0RNOCv5-i2FNeihT-S7_GzYceoSpWk5rU1p1g_eXvctC01QsWlJWuTyRWxEyFsN9KKtM7EUG06pD9yu_LjGaFmNqsnt17IZaI2hFFQ4i4r7oPypnnkZ4lKILe2m-xVLQxTGzfgj-UCFFkgNE
Frame ID: 44E418594A4C977D05CFD93584DF0279
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVOFELzwihWjj-nlMEifIiTVoxqUQkt-YWRTqhUbujqi8fmnn8A8DsxtAxJqbTPS0YbOlCPRx1V4TPqe1tzUdQk_ZSOj-loKHQmrgQme95O7aqxd-hdhA4pkkpfTZ5w5CxgdEXYZgrBcdFlVkRQOunbYWjqNPTBJUk7LFSWoEIALqggD2s
Frame ID: B8F2584321694CD1B69E8BF3C1037293
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 72AF841E4E0BC6CCC482D549E67A8965
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 1862D1B9829C5A825E4F54FA00B9771B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
Frame ID: 502399B7BF5532EE16F7F340CBF43C72
Requests: 12 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
Frame ID: 0CED33B880DEA07DADA4860B8337CF6C
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8028DAB8D635B736065E2D411E18DB7B
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
Frame ID: AF76CF60CD7DA46577C3B2D2FBE0EF2A
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 98FAACB3C074EB0A2077BE883CB141C6
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
Frame ID: AFEB04D1F34F9FB7982ECBB81F70E49A
Requests: 11 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: A8C8F048E400F669DF0C72B4DF43DBB4
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=80764500171863404445002012244023&actionid=981741&produktid=&dt_url=
Frame ID: 18A86E5D13386070FBB43540957C51D5
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340529
Frame ID: 226C7808AEA9B8AA533F28E6C5D233DC
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941
Frame ID: DDF13BF06752CCFAE2966DE6ACDEA119
Requests: 2 HTTP requests in this frame

Frame: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
Frame ID: 893C9A12EF00EEFC0A1C34BD56322EC3
Requests: 8 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 0AA6266067B17D248F2624DE41B30A8C
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=39191900199330504444554012244026&actionid=981741&produktid=&dt_url=
Frame ID: C835D5A9E0C1865376149174DC984C94
Requests: 1 HTTP requests in this frame

Frame: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340530
Frame ID: 687191254C0995AC4397675EF002377B
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845
Frame ID: ED4AE7C9963268F555D86008C814369F
Requests: 2 HTTP requests in this frame

Frame: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
Frame ID: 7984A64BD3F4F74026DE9F5F8A1DFAB7
Requests: 8 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 82AA95D007FDCBE4C49314096D4992FB
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F0501D1F3BF6A2ECAE21F264816F0E20
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js
Frame ID: 51DC71A6D26EAB3F11B18713DB748C81
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js
Frame ID: 46C50B5DD750FAF46397644888C07CD3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js
Frame ID: FE131E1BDAF86904E7D5BE8505E2593D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Știri din Soroca - Observatorul de Nord

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
/wp-(?:content|includes)/

Yoast SEO (SEO) Expand

Overall confidence: 100%
Detected patterns

<!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Webgains (Affiliate programs) Expand

Overall confidence: 100%
Detected patterns

analytics\.webgains\.io

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

305
Requests

92 %
HTTPS

48 %
IPv6

27
Domains

42
Subdomains

40
IPs

10
Countries

4730 kB
Transfer

10930 kB
Size

20
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/observatorul.md

Search URL Search Domain Scan URL

URL: https://www.instagram.com/observatorul.md/

Search URL Search Domain Scan URL

URL: https://t.me/ObservatorulMD

Search URL Search Domain Scan URL

URL: https://twitter.com/observatorulmd

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UC8AYTp0vfEoOcuM3wl0pf1g

Search URL Search Domain Scan URL

URL: https://api.md/
Title: <img src="https://observatorul.md/wp-content/uploads/2023/01/API-RO.webp" alt="spot_img" width="300px" height="152px" />

Search URL Search Domain Scan URL

URL: https://anunt.observatorul.md/
Title: ANUNȚURI ONLINE

Search URL Search Domain Scan URL

URL: https://consiliuldepresa.md/ro/page/lista-semnatarilor
Title: <img src="https://observatorul.md/wp-content/uploads/2023/01/Am_Semnat.webp" alt="spot_img" width="300px" height="300pc" />

Search URL Search Domain Scan URL

URL: https://stopfals.md/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 125

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1

Request Chain 126

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

Request Chain 127

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1

Request Chain 128

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Request Chain 129

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1

Request Chain 130

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

Request Chain 131

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1

Request Chain 132

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Request Chain 133

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1

Request Chain 134

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

Request Chain 135

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEM_CmSwkvVMj45r-Wb_1d4I&google_cver=1

Request Chain 136

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0NDU1Njk2MDQ5NTY0MzE3Mg%3D%3D

Request Chain 140

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1

Request Chain 141

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

Request Chain 142

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1

Request Chain 143

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Request Chain 144

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1

Request Chain 145

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

Request Chain 146

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1

Request Chain 147

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGFXc4rm4a09Kw_3szIaI04&google_cver=1

Request Chain 156

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEO5upzmuxauCQ9qfCtus5LA&google_cver=1

Request Chain 183

https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 213

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=80764500171863404445002012244023&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=80764500171863404445002012244023&actionid=981741&produktid=&dt_url=

Request Chain 214

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=80764500171863404445002012244023&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340529

Request Chain 216

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941

Request Chain 218

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80764500171863404445002012244023 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80764500171863404445002012244023 HTTP 302
https://ad-server.eu/wm/pb/native.png

Request Chain 221

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=39191900199330504444554012244026&t=htlp HTTP 302
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=39191900199330504444554012244026&actionid=981741&produktid=&dt_url=

Request Chain 222

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=39191900199330504444554012244026&ra_cnt_active=1&ra_cnt=1 HTTP 302
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340530

Request Chain 224

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845

Request Chain 226

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=39191900199330504444554012244026 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=39191900199330504444554012244026 HTTP 302
https://ad-server.eu/wm/pb/native.png

305 HTTP transactions
14 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
observatorul.md/ 263 KB
39 KB 401ms
100ms Document
text/html 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 476ddba57ec47018813504af107bf61f11ef9cb6b7edfd75595070fc49296a86

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Feb 2023 22:30:04 GMT
Keep-Alive: timeout=60
Last-Modified: Thu, 23 Feb 2023 17:26:06 GMT
Server: nginx
Transfer-Encoding: chunked
WPO-Cache-Status: cached

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 76 KB
26 KB 67ms
23ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b58adfc8c469954318cf589569676e6affe4a2813307810803e4c361d0454427

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26491
x-xss-protection: 0
server: sffe
etag: "1492 / 602 of 1000 / last-modified: 1677163135"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H2 200 css2
fonts.googleapis.com/ 15 KB
1 KB 264ms
23ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

092804d065eee9d096bea623a228ce7fe27d7791cd9f50f2d3faa63b1c54668a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 22:30:05 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H/1.1 200
OK wpo-minify-header-41b9a14f.min.css
observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/ 1 MB
137 KB 115ms
73ms Stylesheet
text/css 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 2d9846c89c050a3b3da15e71d6dce930167d20fe186483fb5f053376b5c1fe8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 08:27:01 GMT
Server: nginx
ETag: W/"63e20b55-1113f3"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK wpo-minify-header-a2210fad.min.js Show response
observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/ 99 KB
34 KB 188ms
96ms Script
application/javascript 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-a2210fad.min.js
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: fa4504085c45f760f430b2e0e9e96913be740096e91795392de854c2a6679556

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 08:27:01 GMT
Server: nginx
ETag: W/"63e20b55-18a2d"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK wpo-minify-header-ee80109f.min.js Show response
observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/ 112 KB
34 KB 199ms
107ms Script
application/javascript 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-ee80109f.min.js
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 72217fac30d9f3543af6009012ed0c8209afa264dfbd81a64ec57b9e8ce130dd

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 08:27:01 GMT
Server: nginx
ETag: W/"63e20b55-1c0f0"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 144 KB
49 KB 64ms
36ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ceb3e60256b9878db098e1011f6daf19c14b64c1b59b41933fb57a83482610c0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49343
x-xss-protection: 0
server: cafe
etag: 13236584169594880036
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 111 KB
44 KB 49ms
19ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-68382926-2

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a0a2f225a1a083ea23e6d337b13cf22c0d4e5076e9316b7c9d520dc954b01c09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44527
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 21:56:01 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H/1.1 200
OK interviu-cu-sorocenii.avif
observatorul.md/wp-content/pub/ 336 KB
336 KB 50ms
49ms Image
application/octet-stream 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/pub/interviu-cu-sorocenii.avif
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: c9f5cca9cfd7ad1f3d001037f5c31ee9a742d19cecb906b3dbd8dc8f1462bed7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Last-Modified: Fri, 13 Jan 2023 18:49:33 GMT
Server: nginx
ETag: "53e17-5f229b1bf82a8"
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 343575

GET
H/1.1 200
OK stop-fals.avif
observatorul.md/wp-content/pub/ 116 KB
116 KB 101ms
100ms Image
application/octet-stream 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/pub/stop-fals.avif
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 420f070bc8e451625ad83e325ab4ca173e328ff44e4786dcebb5affbe5840d0e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Last-Modified: Fri, 13 Jan 2023 18:49:49 GMT
Server: nginx
ETag: "1d03a-5f229b2b22fa8"
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 118842

GET
H/1.1 200
OK wpo-minify-footer-9d1b1344.min.css
observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/ 83 KB
16 KB 64ms
64ms Stylesheet
text/css 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-footer-9d1b1344.min.css
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: ae6c7726f70351527b6ceb96d4cd80db96c4e010eba59e8bbbcf161eb08dd792

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 08:27:02 GMT
Server: nginx
ETag: W/"63e20b56-14cfa"
Transfer-Encoding: chunked
Content-Type: text/css
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK wpo-minify-footer-7132420f.min.js Show response
observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/ 387 KB
97 KB 56ms
56ms Script
application/javascript 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-footer-7132420f.min.js
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 5bcd48bc60c8cf15dea9969227f2a353937b4b50d1201fa811f7b8c7d3ce5aaf

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 08:27:02 GMT
Server: nginx
ETag: W/"63e20b56-60c58"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 884 B
904 B 47ms
20ms Script
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&ver=3.0

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

c8c0d9cef77103cb6223f3e4c503a04953b74b12478978dac2738342652b0ca0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 584
x-xss-protection: 1; mode=block
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H/1.1 200
OK wpo-minify-footer-a1163732.min.js Show response
observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/ 219 KB
56 KB 58ms
57ms Script
application/javascript 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-footer-a1163732.min.js
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 746038be346c1d43d531ede4dbe2398bcd82d2224346dc6d2589ba0c6f663b1e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Content-Encoding: gzip
Last-Modified: Tue, 07 Feb 2023 08:27:20 GMT
Server: nginx
ETag: W/"63e20b68-36a76"
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: max-age=315360000
Connection: keep-alive
Keep-Alive: timeout=60
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202308.js Show response
stats.wp.com/ 9 KB
3 KB 30ms
7ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202308.js
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-nc: HIT hhn
date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: br
server: nginx
etag: W/"62f6b688-3508"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 19 Feb 2024 09:43:34 GMT

GET
H2 200 pubads_impl_2023021601.js Show response
securepubads.g.doubleclick.net/gpt/ 382 KB
129 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

48cea39a6d9f368a9d78b07ddca02043a884d1e871b5b39267d4ab6d245753cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 10:41:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 42514
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 132097
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 09:35:44 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 23 Feb 2024 10:41:31 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 102 B
99 B 34ms
17ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=observatorul.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8f164669dce7392902490a595365c17c94c5dbd093283b1b40b29bde0da9a649

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 74
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H/1.1 200
OK newspaper.woff
observatorul.md/wp-content/themes/Newspaper/images/icons/ 33 KB
33 KB 106ms
53ms Font
font/x-woff 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/themes/Newspaper/images/icons/newspaper.woff
Requested by: Host: observatorul.md
URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: d2054b9fb412f742d8d13aa75a48e59b830094999f9000ae8c69916e11b8d805

Request headers

Referer: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Last-Modified: Thu, 12 Jan 2023 21:29:34 GMT
Server: nginx
ETag: "82d0-5f217d03581de"
Content-Type: font/x-woff
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 33488

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v30/ 11 KB
11 KB 111ms
46ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: observatorul.md
URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 00:57:39 GMT
x-content-type-options: nosniff
age: 77546
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11028
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:50 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 00:57:39 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 135ms
77ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 12:23:05 GMT
x-content-type-options: nosniff
age: 36420
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 12:23:05 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 150ms
93ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:31:32 GMT
x-content-type-options: nosniff
age: 10713
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11824
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:43 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 19:31:32 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2
fonts.gstatic.com/s/roboto/v30/ 8 KB
8 KB 153ms
97ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKKTU1Kvnz.woff2

Requested by

Host: observatorul.md
URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

582ca1c5738fa2697949cc4a495418e42df462e2bc3fc62bdae126bf159b6af5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 13:02:06 GMT
x-content-type-options: nosniff
age: 34079
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7736
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:51 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 13:02:06 GMT

GET
DATA 200
OK truncated
/ 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 117 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 17e5512817e7ce7b7a4f2077034a6000103d1d55dc430f2c3a96c52cb8ff4cb9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 117 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d2c9f518ec6a8748dd27703e15b4c4c1f44590cee03193fe9c542678c80c6b27

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 101 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c9a612722eed86936463bc8772a9d4509e0c24f22485221beaa583a60079fef2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated Show response
/ Frame 3A52 37 B
37 B Document
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated Show response
/ Frame 88DE 37 B
37 B Document
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated Show response
/ Frame 01C0 37 B
37 B Document
image/gif

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Type: image/gif

GET
DATA 200
OK truncated
/ 121 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK newspaper-icons.woff
observatorul.md/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/icons/ 6 KB
6 KB 85ms
49ms Font
font/x-woff 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/icons/newspaper-icons.woff
Requested by: Host: observatorul.md
URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 2a2ac34136c00e48cd04edf792aec5e6dba2b4cd5942b9383f3f56764125e808

Request headers

Referer: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-41b9a14f.min.css
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Last-Modified: Thu, 12 Jan 2023 21:29:41 GMT
Server: nginx
ETag: "1744-5f217d0a12c5e"
Content-Type: font/x-woff
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 5956

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v34/ 44 KB
44 KB 127ms
103ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:34:57 GMT
x-content-type-options: nosniff
age: 10508
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 44856
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 19:34:57 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 136ms
113ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 16:57:30 GMT
x-content-type-options: nosniff
age: 106355
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 16:57:30 GMT

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2
fonts.gstatic.com/s/opensans/v34/ 31 KB
31 KB 63ms
49ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTSGmu1aB.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 07:52:34 GMT
x-content-type-options: nosniff
age: 225451
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31320
x-xss-protection: 0
last-modified: Mon, 15 Aug 2022 18:11:37 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Feb 2024 07:52:34 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
fonts.gstatic.com/s/roboto/v30/ 12 KB
12 KB 107ms
100ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,600;0,700&family=Roboto:ital,wght@0,400;0,500;0,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 00:47:00 GMT
x-content-type-options: nosniff
age: 78185
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11800
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:25:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 00:47:00 GMT

GET
H/1.1 200
OK forkawesome-webfont.woff2
observatorul.md/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/ 107 KB
108 KB 51ms
50ms Font
application/octet-stream 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://observatorul.md/wp-content/plugins/shortcodes-ultimate/vendor/fork-awesome/fonts/forkawesome-webfont.woff2
Requested by: Host: observatorul.md
URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-footer-9d1b1344.min.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 8810ba3440bf482ced33d2f74b7803bba711f689d8e4caa7da5c6ae6844a1b49

Request headers

Referer: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-footer-9d1b1344.min.css
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Last-Modified: Tue, 27 Dec 2022 07:31:03 GMT
Server: nginx
ETag: "1ad5c-5f0ca3bfa93e4"
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 109916

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
531 B 140ms
46ms Script
application/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=observatorul.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
456 B 103ms
42ms Script
application/javascript 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=observatorul.md

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 96 KB
27 KB 1032ms
1031ms XHR
text/plain 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=1862931492513658&correlator=2035173494386272&eid=31071662&output=ldjh&gdfp_req=1&vrg=2023021601&ptt=17&impl=fifs&iu_parts=22776189532%2Cobservatorul.md%2C1_Header_970x250%2Chome_7_Main_970x250_3%2Chome_2_Main_970x250_1%2Chome_4_Sidebar_300x600_1%2Chome_5_Main_970x250_2%2Chome_6_Sidebar_300x600_2&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F3%2C%2F0%2F1%2F4%2C%2F0%2F1%2F5%2C%2F0%2F1%2F6%2C%2F0%2F1%2F7&prev_iu_szs=728x90%7C970x90%2C728x90%7C970x90%2C970x90%7C728x90%2C300x250%2C970x90%7C728x90%2C300x250&ifi=1&adks=4087693662%2C1120507799%2C474760477%2C4279678723%2C461457887%2C414720054&sfv=1-0-40&sc=1&cookie_enabled=1&abxe=1&dt=1677191405626&lmt=1677173166&dlt=1677191405101&idt=482&adxs=436%2C266%2C266%2C1010%2C266%2C1010&adys=783%2C6169%2C2829%2C3390%2C5392%2C5502&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=0%7C1%7C2%7C3%7C4%7C5&ucis=1%7C2%7C3%7C4%7C5%7C6&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&nvt=1&url=https%3A%2F%2Fobservatorul.md%2F&frm=20&vis=1&psz=728x90%7C1068x115%7C1068x50%7C324x285%7C1068x110%7C324x280&msz=728x90%7C1068x90%7C1068x50%7C324x250%7C1068x90%7C324x250&fws=4%2C4%2C4%2C4%2C4%2C4&ohw=1600%2C1600%2C1600%2C1600%2C1600%2C1600&ga_vid=1333178682.1677191406&ga_sid=1677191406&ga_hid=1158864104&ga_fc=false

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ad30314069f6cea8140fd310a500780fc7e93ccac49ced3eec9cb199ac626536

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27355
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://observatorul.md
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 6B58 6 KB
3 KB 104ms
20ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/ 408 KB
163 KB 37ms
8ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&ver=3.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a064c8f9ca44c02248a7e18e762f6ca616477ebc3b9e13a896fa4d6f74ef202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Origin: https://observatorul.md
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166391
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 05:03:28 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 21:55:23 GMT

GET
H/1.1 200
OK logo-min.png
observatorul.md/wp-content/uploads/2020/07/ 6 KB
7 KB 46ms
46ms Image
image/png 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2020/07/logo-min.png
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: e3278f1623c1fc62edc513808d2592a3803c9dc90a1056c80f527fb2f67f11d1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:05 GMT
Last-Modified: Sat, 04 Jul 2020 16:23:36 GMT
Server: nginx
ETag: "5f00ad08-19ce"
Content-Type: image/png
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 6606
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230221/r20190131/ Frame AC4F 10 KB
5 KB 39ms
7ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230221/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:01:56 GMT
etag: 10353107486223812946
expires: Thu, 09 Mar 2023 22:01:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 34ms
7ms Script
text/javascript 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-68382926-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 23 Feb 2023 22:14:50 GMT
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
server: Golfe2
age: 915
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20085
expires: Fri, 24 Feb 2023 00:14:50 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 16ms
6ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A9.3.1&blog=118472396&post=53126&tz=2&srv=observatorul.md&host=observatorul.md&ref=&fcp=827&rand=0.9305960784018947
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 23 Feb 2023 22:30:05 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 iframe_api Show response
www.youtube.com/ 992 B
2 KB 50ms
25ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: observatorul.md
URL: https://observatorul.md/wp-content/cache/wpo-minify/1675758420/assets/wpo-minify-header-ee80109f.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

21437cf9c0d87c2e3c6ade864137f5536fd865a64333075ce431174e342dee74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Thu, 23 Feb 2023 22:30:05 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 6260 42 KB
22 KB 32ms
31ms Document
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&co=aHR0cHM6Ly9vYnNlcnZhdG9ydWwubWQ6NDQz&hl=de&v=Nh10qRQB5k2ucc5SCBLAQ4nA&size=invisible&cb=kp5joepu8531

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/recaptcha__de.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

7548a15897e3d28f454cc04615e5b512da26b995a847d5b547773affa67cae22

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6v_ka611HhaI2pRvmh9Ewg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-length: 22486
content-security-policy: script-src 'report-sample' 'nonce-6v_ka611HhaI2pRvmh9Ewg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
207 B 18ms
17ms XHR
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j99&a=1158864104&t=pageview&_s=1&dl=https%3A%2F%2Fobservatorul.md%2F&ul=en-us&de=UTF-8&dt=%C8%98tiri%20din%20Soroca%20-%20Observatorul%20de%20Nord&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAUABAAAAACAAI~&jid=351436016&gjid=233999508&cid=1333178682.1677191406&tid=UA-68382926-2&_gid=1600126100.1677191406&_r=1&gtm=457e32m0&z=1585765538

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://observatorul.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observatorul.md
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/11e3a4ec/www-widgetapi.vflset/ 183 KB
61 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/11e3a4ec/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bda4626079d40384245b08cf2cbe79ba640b342ae024acefa024896a51a5d92f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:23:08 GMT
content-encoding: br
x-content-type-options: nosniff
age: 417
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 62469
x-xss-protection: 0
last-modified: Thu, 16 Feb 2023 01:14:03 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 23 Feb 2024 22:23:08 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/ Frame 6260 55 KB
24 KB 41ms
12ms Stylesheet
text/css 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&co=aHR0cHM6Ly9vYnNlcnZhdG9ydWwubWQ6NDQz&hl=de&v=Nh10qRQB5k2ucc5SCBLAQ4nA&size=invisible&cb=kp5joepu8531

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 17:15:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 191681
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24605
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 05:03:28 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 21 Feb 2024 17:15:24 GMT

GET
H3 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/ Frame 6260 408 KB
163 KB 48ms
20ms Script
text/javascript 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/recaptcha__de.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a064c8f9ca44c02248a7e18e762f6ca616477ebc3b9e13a896fa4d6f74ef202

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:55:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 166391
x-xss-protection: 0
last-modified: Mon, 20 Feb 2023 05:03:28 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 21:55:23 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 69ms
23ms XHR
text/plain 2a00:1450:400c:c0b::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-68382926-2&cid=1333178682.1677191406&jid=351436016&gjid=233999508&_gid=1600126100.1677191406&_u=YAhAAUAAAAAAACAAI~&z=1616459250

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0b::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://observatorul.md/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://observatorul.md
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 19ms
18ms Image
image/gif 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-68382926-2&cid=1333178682.1677191406&jid=351436016&_u=YAhAAUAAAAAAACAAI~&z=1342397819

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 109ms
47ms Image
image/gif 2a00:1450:400d:80a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-68382926-2&cid=1333178682.1677191406&jid=351436016&_u=YAhAAUAAAAAAACAAI~&z=1342397819

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80a::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 6260 2 KB
2 KB 11ms
10ms Image
image/png 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 08:02:07 GMT
x-content-type-options: nosniff
age: 311279
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Mon, 27 Feb 2023 08:02:07 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6260 15 KB
15 KB 24ms
23ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 20:22:37 GMT
x-content-type-options: nosniff
age: 7649
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 20:22:37 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6260 15 KB
15 KB 25ms
24ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:57:56 GMT
x-content-type-options: nosniff
age: 48730
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Feb 2024 08:57:56 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 6260 102 B
134 B 18ms
18ms Other
text/javascript 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=Nh10qRQB5k2ucc5SCBLAQ4nA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

347994f2b271030fae86aa3b0de7cbc7ffcdb19b612c61cad0bea5847b1c12fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&co=aHR0cHM6Ly9vYnNlcnZhdG9ydWwubWQ6NDQz&hl=de&v=Nh10qRQB5k2ucc5SCBLAQ4nA&size=invisible&cb=kp5joepu8531
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 112
x-xss-protection: 1; mode=block
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H/1.1 200
OK 332839496_893246848606419_2977483651856820820_n-696x392.jpg
observatorul.md/wp-content/uploads/2023/02/ 79 KB
80 KB 46ms
46ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/332839496_893246848606419_2977483651856820820_n-696x392.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 39189fbede22ba55e9742912e4b5784e73b9ec3f02e5f4f00c99a686a2cc9f18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 13:43:07 GMT
Server: nginx
ETag: "63f76d6b-13dd5"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 81365
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 41ms
23ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2023021601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

67c6b0c8607dab460d3192871acbe8682637608c9d575875454379cf669d7330

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11429
x-xss-protection: 0

POST
H3 200 reload Show response
www.google.com/recaptcha/api2/ Frame 6260 32 KB
18 KB 60ms
60ms XHR
application/json 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/reload?k=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Nh10qRQB5k2ucc5SCBLAQ4nA/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

6b39918a1e0cd845703ab0632c597ac316e4fd27ef61beda023e43f929229c48

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LesepkUAAAAAEOZVJPN7vc1tyyhIJ70Svl1bh-q&co=aHR0cHM6Ly9vYnNlcnZhdG9ydWwubWQ6NDQz&hl=de&v=Nh10qRQB5k2ucc5SCBLAQ4nA&size=invisible&cb=kp5joepu8531
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/x-protobuffer

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
cache-control: private, max-age=0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 18537
x-xss-protection: 1; mode=block
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H/1.1 200
OK 5-696x313.jpeg
observatorul.md/wp-content/uploads/2023/02/ 44 KB
44 KB 47ms
46ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/5-696x313.jpeg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: bafbffcdc5341f7736830ddba5c58e285b7ed6e936ae97a717d80edba16afe21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 14:10:03 GMT
Server: nginx
ETag: "63f773bb-af0f"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 44815
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 333051740_956469432179270_8951970486336414004_n-696x391.jpg
observatorul.md/wp-content/uploads/2023/02/ 62 KB
62 KB 50ms
49ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/333051740_956469432179270_8951970486336414004_n-696x391.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: ada205dcd0b85b27eb80f85833212b3241a82ee768ea8e604e83365fd0eb2c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 12:27:05 GMT
Server: nginx
ETag: "63f75b99-f7af"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 63407
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
7 KB 50ms
20ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H/1.1 200
OK 20230221_085242.00_00_48_24.Still001-696x392.jpg
observatorul.md/wp-content/uploads/2023/02/ 57 KB
57 KB 50ms
50ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/20230221_085242.00_00_48_24.Still001-696x392.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 346b4947f4d3bcd96033f857abbbe4c27fd141d7029db1476965956351ed6b6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 12:04:31 GMT
Server: nginx
ETag: "63f7564f-e2cb"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 58059
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Vox-distractie-356x220.jpg
observatorul.md/wp-content/uploads/2023/02/ 25 KB
25 KB 47ms
46ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/Vox-distractie-356x220.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: ea33a2995f3392ca00dd434d36340f42a5aa0c575d4647803bb1009ba8ae4fd8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 13:39:54 GMT
Server: nginx
ETag: "63f76caa-635f"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 25439
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK auto-razboi-foto-356x220.jpg
observatorul.md/wp-content/uploads/2023/02/ 21 KB
21 KB 93ms
92ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/auto-razboi-foto-356x220.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 9b69d681b11f17c376a97d3ca8a1aca7eae44d51937a7df9ab019a7fd1095547

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Wed, 22 Feb 2023 11:46:41 GMT
Server: nginx
ETag: "63f600a1-53cd"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 21453
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 9124 13 KB
5 KB 10ms
8ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1830
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 21:59:36 GMT
expires: Fri, 23 Feb 2024 21:59:36 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 64F2 783 B
537 B 20ms
19ms Document
text/html 2a00:1450:4001:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

613d9712a6ef240f7c59a380d457bb6bc5d5a7b93c0202c4daf0beb61005acdd

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-jkyRcm15P-PaFj1V9R69DQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 515
content-security-policy: script-src 'report-sample' 'nonce-jkyRcm15P-PaFj1V9R69DQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Thu, 23 Feb 2023 22:30:06 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK 332839496_893246848606419_2977483651856820820_n-696x392.jpg
observatorul.md/wp-content/uploads/2023/02/ 79 KB
80 KB 47ms
46ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/332839496_893246848606419_2977483651856820820_n-696x392.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 39189fbede22ba55e9742912e4b5784e73b9ec3f02e5f4f00c99a686a2cc9f18

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 13:43:07 GMT
Server: nginx
ETag: "63f76d6b-13dd5"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 81365
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 5-696x313.jpeg
observatorul.md/wp-content/uploads/2023/02/ 44 KB
44 KB 47ms
47ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/5-696x313.jpeg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: bafbffcdc5341f7736830ddba5c58e285b7ed6e936ae97a717d80edba16afe21

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 14:10:03 GMT
Server: nginx
ETag: "63f773bb-af0f"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 44815
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK Petre-Popa-epigrama-356x220.jpg
observatorul.md/wp-content/uploads/2023/02/ 18 KB
19 KB 50ms
50ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/Petre-Popa-epigrama-356x220.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 6bca06fb9b679d59cdc80c60910dc0eb308a54ba791cee15ecfe4a1da67a5c82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Wed, 22 Feb 2023 10:45:25 GMT
Server: nginx
ETag: "63f5f245-48da"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 18650
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 9124 36 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19056
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H2 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 64F2 0
0 51ms
50ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2023021601&jk=1862931492513658&rc=05AJBLKW3BWuJsmBaJVuFTum6ck_ZaYz7ny3YrQ6HAxtad-K010BEDoBA0wd99yRrI_o2s4UyDR4gHKnHynYz2MKJ9uzKEYhAsuiy_bF-q068iAJaT70SY1QVzGkni5eSXTMwpBCu29QD89ZidE_ee_tPe_uM6wshYombXMDeJ7abr3q9ONP4pUsEdMKvZzbs9JRMGZhE
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H/1.1 200
OK 20230221_085242.00_00_48_24.Still001-696x392.jpg
observatorul.md/wp-content/uploads/2023/02/ 57 KB
57 KB 47ms
46ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/20230221_085242.00_00_48_24.Still001-696x392.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: 346b4947f4d3bcd96033f857abbbe4c27fd141d7029db1476965956351ed6b6c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 12:04:31 GMT
Server: nginx
ETag: "63f7564f-e2cb"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 58059
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK 332691867_7045044988855559_6081457493228708525_n-356x220.jpg
observatorul.md/wp-content/uploads/2023/02/ 15 KB
15 KB 98ms
98ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/332691867_7045044988855559_6081457493228708525_n-356x220.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: a89e8ee1fb1de9b897d586b5a1f86d998cb19cd64a09175e1ee6d5f8fc2f8dba

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Wed, 22 Feb 2023 08:32:36 GMT
Server: nginx
ETag: "63f5d324-3bf3"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 15347
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 9124 0
10 B 8ms
8ms Image
text/plain 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-B7feA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK 333051740_956469432179270_8951970486336414004_n-696x391.jpg
observatorul.md/wp-content/uploads/2023/02/ 62 KB
62 KB 48ms
47ms Image
image/jpeg 194.31.42.8
NEXT-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://observatorul.md/wp-content/uploads/2023/02/333051740_956469432179270_8951970486336414004_n-696x391.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 194.31.42.8 Floresti, Moldova, ASN57713 (NEXT-AS, MD),
Reverse DNS: www.airlink.md
Software: nginx /
Resource Hash: ada205dcd0b85b27eb80f85833212b3241a82ee768ea8e604e83365fd0eb2c2d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
Last-Modified: Thu, 23 Feb 2023 12:27:05 GMT
Server: nginx
ETag: "63f75b99-f7af"
Content-Type: image/jpeg
Cache-Control: max-age=315360000
Connection: keep-alive
Accept-Ranges: bytes
Keep-Alive: timeout=60
Content-Length: 63407
Expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 0B76 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 590F 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 2964 6 KB
3 KB 10ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 412E 6 KB
3 KB 10ms
9ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A267 6 KB
3 KB 9ms
8ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 30D4 6 KB
3 KB 10ms
9ms Document
text/html 2a00:1450:4001:828::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2023021601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://observatorul.md/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:05 GMT
expires: Fri, 23 Feb 2024 22:30:05 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 50A3 624 B
505 B 26ms
19ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYmLmlaDAB&v=APEucNUsnhNOcEw2F638wWBaOah8G-eJ2ZmqEuOdB04VME63xMLKDxFb-71TZ_2qRlkpplLVUZEKpUsvMQaNYWDivfkzIHO1loe12Hk2yrC7jzMujBGjS2rh_Da1__ygyMhXTLdNU83akfAO27Wb4C7MGNWCS8c3SsWrZE3VPufecavVRWJ63bE

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Thu, 23 Feb 2023 22:30:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 0B76 78 KB
27 KB 38ms
37ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27798
x-xss-protection: 0
server: cafe
etag: 12162329123218539290
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0B76 42 B
63 B 44ms
43ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DeTqZJqkeumGhf3Q7C3XT8g0ERcJv6hK3o6YPKu0DuAMFv2Q2myBJ0n8QGdhDBBa4fO1e8KtfPKOBwXdQt-Goa3Fa5PUoNXBI1bl9jrOKaApLXY0Q

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0B76 0
20 B 46ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=1035135912888594412&x=1&ct=76

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 0B76 3 KB
1 KB 9ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 21:57:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 0B76 20 KB
8 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:59:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0B76 158 KB
49 KB 166ms
73ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 7FFD 624 B
538 B 22ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNUFf5NxL_r54l3DdP2J_ku29_1I95FQ4k3B-yD7s1PlfE8g35g-mIvobwJ3po6veh8puNWaQodOUddP26vgpyoL-_yJ7k5pkhSgDV3Lr-l-pxfrtYNFhsjdjfGsarZBPMYG8h-UqjBxSB4NJ9wE1xjTJfYMJk5mzX6_eD157hVYVeI8BEU

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Thu, 23 Feb 2023 22:30:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 590F 78 KB
27 KB 72ms
69ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 590F 42 B
63 B 66ms
64ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D6YhenLuEnr5dL13OmkzUy3-QsoqfSnNKFQM504Y2cvmMrm-MsURXJy1cbTtwTUmfUBNcV_7UheeYYxER-_7HBBXhL2zeqmfy3jovTGxxxzqvsypk

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 590F 0
20 B 62ms
60ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=14653678245303699424&x=1&ct=76

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 590F 3 KB
1 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 21:57:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 590F 20 KB
8 KB 14ms
12ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:59:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 590F 158 KB
48 KB 221ms
134ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 5F0B 624 B
505 B 22ms
20ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5oLvGATAB&v=APEucNVt0H00OMKT-YMO4ME2dAzOus0xmUMXPmUKzvpiWjyNnshAvBqfwinS4Tv8oGu4DfEnx-hKDMZ5NgmpIr1jYjNSJtmzFiSXIK_B-Kbi8QRVuU-tHHwNrpoVTLNw7Kg1ihrj1aNEbA2FRCm19wKAGZsmQjC5s0xjdCJFPBrMQKua2W-k6Qs

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Thu, 23 Feb 2023 22:30:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2964 78 KB
27 KB 44ms
42ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2964 42 B
63 B 63ms
60ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BUoz4kwf1S8ZNsIL39ZUlrffJHALtVfr2NVSkU1oVkwVmI5yL8_PaQc7OrCsOCxERIeEis_f0QWbSuI20c9dIcZc0NW3xDtvGWhJcfJ8VvLDA3JKg

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2964 0
20 B 63ms
61ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=7514744574299423250&x=1&ct=77

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 2964 3 KB
1 KB 11ms
9ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 21:57:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 2964 20 KB
8 KB 13ms
11ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:59:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2964 158 KB
48 KB 190ms
109ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame CBCD 624 B
505 B 43ms
23ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjbifncATAB&v=APEucNVQZQVv6S6D6R1oct-ijqMj22WZzFS2BGcafu9yBBbUONrKJTHdLTbPmrWSAOWgbvO3SU4P5HKK8qE4tsEAH9P7XpIeoobXbFYHhD_Pyu8B2-LztQFJhV112jKHKdCJkMAtJp4uTcJoXRLnUlsTXszupNaBEdjfirX500IQE570s7nNxe0

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Thu, 23 Feb 2023 22:30:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 412E 78 KB
27 KB 33ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27798
x-xss-protection: 0
server: cafe
etag: 12162329123218539290
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 412E 42 B
63 B 61ms
54ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DGLwFLU6IrgqIsKeuiT8HeTZ5rssIKtItozvVNpqrWvgmq1IyWz7DdGREaDLKg5iZ0PnsHnfx_qove4gvLDKUGdKuxmrCr_t43Eod9PkTaToxkO0A

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 412E 0
20 B 61ms
55ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=6358083363451280885&x=1&ct=76

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 412E 3 KB
1 KB 19ms
13ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 21:57:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 412E 20 KB
8 KB 19ms
13ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:59:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 412E 158 KB
48 KB 188ms
115ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 44E4 624 B
506 B 33ms
16ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNV83V_Or6cdKtxJ5SV7AVhpnvyVTH-LRRN0RNOCv5-i2FNeihT-S7_GzYceoSpWk5rU1p1g_eXvctC01QsWlJWuTyRWxEyFsN9KKtM7EUG06pD9yu_LjGaFmNqsnt17IZaI2hFFQ4i4r7oPypnnkZ4lKILe2m-xVLQxTGzfgj-UCFFkgNE

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Thu, 23 Feb 2023 22:30:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame A267 78 KB
27 KB 61ms
57ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27790
x-xss-protection: 0
server: cafe
etag: 3677590245327912432
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame A267 42 B
63 B 64ms
51ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AjIUqsp6yoATjnp_MN3-PMOXlGYbZ2q3W8nKBcTjH8UNoBlV94qkUTfkNKzf1i4rL4d-ON8OoRP9jwkc-LMbo0r99mDVK3hFvMc2Bd9_9MsUS2UAQ

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A267 0
20 B 64ms
52ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=9684460018107954142&x=1&ct=76

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame A267 3 KB
1 KB 24ms
12ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 21:57:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame A267 20 KB
8 KB 25ms
13ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:59:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A267 158 KB
48 KB 230ms
162ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame B8F2 640 B
262 B 51ms
34ms Document
text/html 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVOFELzwihWjj-nlMEifIiTVoxqUQkt-YWRTqhUbujqi8fmnn8A8DsxtAxJqbTPS0YbOlCPRx1V4TPqe1tzUdQk_ZSOj-loKHQmrgQme95O7aqxd-hdhA4pkkpfTZ5w5CxgdEXYZgrBcdFlVkRQOunbYWjqNPTBJUk7LFSWoEIALqggD2s

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 242
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:06 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 30D4 78 KB
27 KB 53ms
42ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27798
x-xss-protection: 0
server: cafe
etag: 12162329123218539290
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 30D4 42 B
63 B 60ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AcNaa2QbpKyi5OmGedtFeAdq9wOvrM7DOtLBPGzdRtf873NeGG-4YmrmynA_j60erzKLj3E-r6MWWVAOBrqDIeYarwoouVk7Do_NHCYdssKt7J9tw

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 30D4 0
20 B 60ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=13143234079973512707&x=1&ct=77

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 30D4 3 KB
1 KB 21ms
11ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/window_focus_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 21:57:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1979
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 21:57:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/ Frame 30D4 20 KB
8 KB 22ms
11ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230222/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:59:03 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12663
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8274
x-xss-protection: 0
server: cafe
etag: 9471482037410804447
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 18:59:03 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 30D4 158 KB
48 KB 231ms
169ms Script
text/javascript 2a00:1450:400d:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:802::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49360
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1677104061356577"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:06 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7FFD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1

43 B
632 B

19ms
17ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNUFf5NxL_r54l3DdP2J_ku29_1I95FQ4k3B-yD7s1PlfE8g35g-mIvobwJ3po6veh8puNWaQodOUddP26vgpyoL-_yJ7k5pkhSgDV3Lr-l-pxfrtYNFhsjdjfGsarZBPMYG8h-UqjBxSB4NJ9wE1xjTJfYMJk5mzX6_eD157hVYVeI8BEU
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 7FFD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

43 B
632 B

16ms
11ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNUFf5NxL_r54l3DdP2J_ku29_1I95FQ4k3B-yD7s1PlfE8g35g-mIvobwJ3po6veh8puNWaQodOUddP26vgpyoL-_yJ7k5pkhSgDV3Lr-l-pxfrtYNFhsjdjfGsarZBPMYG8h-UqjBxSB4NJ9wE1xjTJfYMJk5mzX6_eD157hVYVeI8BEU
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 7FFD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1

43 B
1 KB

22ms
22ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNUFf5NxL_r54l3DdP2J_ku29_1I95FQ4k3B-yD7s1PlfE8g35g-mIvobwJ3po6veh8puNWaQodOUddP26vgpyoL-_yJ7k5pkhSgDV3Lr-l-pxfrtYNFhsjdjfGsarZBPMYG8h-UqjBxSB4NJ9wE1xjTJfYMJk5mzX6_eD157hVYVeI8BEU

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:06 GMT
AN-X-Request-Uuid: 353b8629-cb49-4aa2-8bfe-c1d3fac595da
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 7FFD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

170 B
232 B

56ms
55ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Requested by

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 065b2484-e4ef-41b9-bc9e-5348c74b8929
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 50A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1

43 B
632 B

17ms
16ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYmLmlaDAB&v=APEucNUsnhNOcEw2F638wWBaOah8G-eJ2ZmqEuOdB04VME63xMLKDxFb-71TZ_2qRlkpplLVUZEKpUsvMQaNYWDivfkzIHO1loe12Hk2yrC7jzMujBGjS2rh_Da1__ygyMhXTLdNU83akfAO27Wb4C7MGNWCS8c3SsWrZE3VPufecavVRWJ63bE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 50A3
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

43 B
632 B

17ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYmLmlaDAB&v=APEucNUsnhNOcEw2F638wWBaOah8G-eJ2ZmqEuOdB04VME63xMLKDxFb-71TZ_2qRlkpplLVUZEKpUsvMQaNYWDivfkzIHO1loe12Hk2yrC7jzMujBGjS2rh_Da1__ygyMhXTLdNU83akfAO27Wb4C7MGNWCS8c3SsWrZE3VPufecavVRWJ63bE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 50A3
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1

43 B
1 KB

50ms
25ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPDkLxDD7WMYmLmlaDAB&v=APEucNUsnhNOcEw2F638wWBaOah8G-eJ2ZmqEuOdB04VME63xMLKDxFb-71TZ_2qRlkpplLVUZEKpUsvMQaNYWDivfkzIHO1loe12Hk2yrC7jzMujBGjS2rh_Da1__ygyMhXTLdNU83akfAO27Wb4C7MGNWCS8c3SsWrZE3VPufecavVRWJ63bE

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
AN-X-Request-Uuid: 0652d62b-49f7-4482-8902-37097fe178be
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESECgUf46mQCCNDqB_LY-nhtM&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 50A3
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

170 B
188 B

45ms
44ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Requested by

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: ca954969-ced5-4907-a393-761180f78e8b
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5F0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1

43 B
632 B

17ms
16ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5oLvGATAB&v=APEucNVt0H00OMKT-YMO4ME2dAzOus0xmUMXPmUKzvpiWjyNnshAvBqfwinS4Tv8oGu4DfEnx-hKDMZ5NgmpIr1jYjNSJtmzFiSXIK_B-Kbi8QRVuU-tHHwNrpoVTLNw7Kg1ihrj1aNEbA2FRCm19wKAGZsmQjC5s0xjdCJFPBrMQKua2W-k6Qs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEDBDuknMCGNmqHheTbutZAQ&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 5F0B
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

43 B
632 B

30ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5oLvGATAB&v=APEucNVt0H00OMKT-YMO4ME2dAzOus0xmUMXPmUKzvpiWjyNnshAvBqfwinS4Tv8oGu4DfEnx-hKDMZ5NgmpIr1jYjNSJtmzFiSXIK_B-Kbi8QRVuU-tHHwNrpoVTLNw7Kg1ihrj1aNEbA2FRCm19wKAGZsmQjC5s0xjdCJFPBrMQKua2W-k6Qs
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 5F0B
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEM_CmSwkvVMj45r-Wb_1d4I&google_cver=1

43 B
1 KB

34ms
33ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEM_CmSwkvVMj45r-Wb_1d4I&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxj5oLvGATAB&v=APEucNVt0H00OMKT-YMO4ME2dAzOus0xmUMXPmUKzvpiWjyNnshAvBqfwinS4Tv8oGu4DfEnx-hKDMZ5NgmpIr1jYjNSJtmzFiSXIK_B-Kbi8QRVuU-tHHwNrpoVTLNw7Kg1ihrj1aNEbA2FRCm19wKAGZsmQjC5s0xjdCJFPBrMQKua2W-k6Qs

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
AN-X-Request-Uuid: feea6e3f-c3a6-4434-b534-b8291bb72dd4
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEM_CmSwkvVMj45r-Wb_1d4I&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 5F0B
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0NDU1Njk2MDQ5NTY0MzE3Mg%3D%3D

170 B
188 B

44ms
44ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0NDU1Njk2MDQ5NTY0MzE3Mg%3D%3D

Requested by

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 975cdcc6-968f-4f3b-86c1-fb240b888fc1
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=MTc0NDU1Njk2MDQ5NTY0MzE3Mg%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0B76 0
20 B 55ms
43ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=3495568889606&version=m202301300101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0B76 0
20 B 55ms
44ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=3495568889606&version=m202301300101&ct=76&x=1&cor=1035135912888594400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 0B76 82 KB
35 KB 56ms
46ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJueqcQSQu6c5jBd9ESv-xi1pWb074RF8XnjisSEtyc4szIbQXY4Lh0DDAFUn2HwiHbJQ4ZtLLcw4Nesrr-ZqrI5dzCA&cry=1&dbm_d=AKAmf-C8c8_GAYc6Vh_O789YHkelyjvqBUZ1rdlaOSP2mn3Thp-zdkIJPf2cNwX0Hjrkw2UbBXbATQfMkQxadbzkHNzQpjCF8vSMLMNne31qEG_CV3o9ybems8FEa8OJQwXN66n45K41x9FBjgn2Y-20XE5eAS_nS6e2iCKvE9pCk8u3oW_4XPNZGoJbX1HWfJ4e8AZS6_Mhk30uTV7SQURnnWz2N1GncAHUg6I7q5DNJIPCdkoO-59oscgCHGi9FMUe-FY1oHVr-_8vYwHFDZzBWWz_JhU-sdEaBrYh7CgFJKP62gZxm_c0RNZskc4eA0rtQBs_2wJi-3WyDPhJv6ywHdtN1R_j96eoMkC87_v9psu3H4hXn16bKy6qIC5yTyt3l7a8xhBDBVJPYLXwEvQQuVDSqMog6EAYv0jiw_wFnz4PJU8s_KZ6KoHT7QZZu4hg_UeoWUkWVCTz73abfmCWQZd2ZtLT8jaJmjnKiWzRyyafHHwU5Vu-n-suHySpBpgPYIdZnPbgT6wW2odJEj0KA14XvZIUaWXtKGNMNcToBzBs5sTIAGwESDvUvoK-9itagTt8u-FwspDI877Y4aMK9yNFGfYUxHjIPVguQhuf2RFY-GOdSPak2meVRFBzgYkr0GgwixT4VpvSDGicB5AWIe1oig4KwXhSHDGvFnKmrJeNivpAn2mYlrFBY94GUiXKfZ-s5kL-C2Ea5TOq65LozOhePRcdwDRqqHW2GGOXvBJqYlJjp7soBjnAqhPW6WSGbGoS8DC2PPOPOTwLAjzkzaaBXHB_rH2UetIDF_Vp-DIn-r3oTlT_ZLaxiYSP_HNJxDY13kUF2TpxVypOwlJDrnGNWSzRS_cAoyrIOjfgYw5dbPO32d8Uj3f5-S5GgOsEoyQju3DUNDcoup8PqGtMkkdwAOqxxalRqyJfUpZYKqtQ4XrFIHPs1Dj2wZmcSsMSQOAvOe58Lbvc8M5E_HZse-iNiuxf3_blxhCmojh6dlNVWEhOg4LDaGMV_qTpTXsAxux6XCtEb65BfPXXwMmQ3sm1Uz1Jue_5FnuBGsXpLq5W5nyVUfqc_5AvCxUpjMxmPYSq1vQ6G6nDYHauR_ByAchmQkGZkgY7hLXyzyvURrCT6LMWxhzMoM3HGZV5hleCINEz0egWKlwkcVpouxhYZMgCV4KPje-oSDcmXo2laarAcMZssrmwBrHHw6iLd0nqSUSzGvcWDxJZugYu8V4w6qUHJ3pvxEgtAZ_6q3rBh9R8GWFpvEoxFIeF3TOYK0m15AAI1q2HvV-silPrmkZXW4Le21PvNI8kNx65zn-fRWLbf9i0PvvJ-ksOeJ6OsghFZQ2Ld7VigRPRBVeVdLCiXYLEKWWymDh4groQ-Mw6rLsYyS3SA9H5pHUnNTL-X1MxOgGCjYLvyqUmttNpcDMYA_JLxRQ6WyPOLyzuUkHLtzANBf1Fradv2vxroweQv26sMDI9ebLXJGaiN5GDmdjdpzbIZwKdarJJSF_hXk7lZQrQONGGb4d7o6bSNsKwKua8kgv8MOS98yxcg_KzcZhnD5xAnKci5O1DVpkYbiqyNb4a79XNQrZmIynTyOJm43CDD5g_j9Uk8dTzXIHGo30dfcm2mYbKdCp7V5h28cMEgsjX7MFLfdy9q687Yrpc5Qc1ULbpsh2SR1gxUaxsexReoeztB1eIwYbzISplgd9mAJhTyr84GyukH0v4lAeLl63UF_9kNDChSMnuxE9dFACBtC6ADOX2-qQclAkwmV3I5oSGwMfgeyDkTv5XdpqPIwS5RKM1mM6OOzgdkyTkWNzZ4tDi-TJCcupK8u_D0sFXbpWiYv34bJ7W3omu_AJF4iRw8O_eaiT7eq3x7uAuotCXd5Ya2dzX5LKoMjoYXLZrR-S8CWs9S42chjISpdmNMVOKxe1YwIrpu4vFD3qRsCCszQ4x_EREQ2GD8oeWzBBUg4hHXAAacsw7ds5dBs-60vtP8zUTnfductqo4UWgN1LY_NvKwQNAuqqqQ7Qo-xogr9VN-8Xa3gFLvK1oqmLkwJWQOfqPpsBbTLjfb5mahTE-ldYpauxTdk7xGAxp313Zu9GkCSIY8s7Qz_mwUi8dfBIm7qmJt86jlnqn953_QwAnBba_WqAD0XrGBfVqedZaskwTd3guAMYqXGhSZOoSS5yX8_7xbnWnWEyaeIcgnk1TperbCs1dG4mNQKylRiEM68MNohx-Skfsyu9BnV0aclOxL60SjLZoVp0fXTtCFICOdZOHGCmoCwVPMhstfPAdlo6_5t96yJmdqDVFDPSo2HiRbEsBUFb_oq6fDXxLTDdhK-uyGgr-s2ZqR877jgtiYBh1Yvi5MKqEiiEjDV5cTkXZ8mjuWuHl_Scmxwnc5PGtO-vexm_bs_nD29pHOm94MO_oKWUC1sbIxkhx_9D8Wf9AQH9KKFrsQ8giB9ZG5kQik7P2m1HgNIMkmXT1a0x1-hM24bQslGXkR0VTn5MbV3itSxlVEV3sP203Ci05ilaJQ0Z8CjwQYO_NTJ9F-VtzV18KG65TY1esP4OdOuo7LExBTgTPIHqEsygRgr8TtUFYmGjE8JFSSQ0LVYtfpuwduQMLGC78keRsbaYW-8IcxKuy_NumLJn0ran_01mh4VJo9lKf3dJi1poNR2CjJFzlozrbMRX4tJef7_E_yETythMMdVEZr6O04_xJS4OqrvSqUAhTcU4-Bg8USsaHkSGMm2CgvpooItVsrXxd-8_nFspKf4H0I6XWudMK2XodMjbYPa54_LJvL97xo11X5hWlBM7SJ6vK78yLjeNOXhT8BXQp7Hgj4OZHD1IHhOPI5Bb8LjeOtiO_OUaC1YK5LG-2EK81zp-78o1aB2SRuBXY6tGkT1jyQ0F_87tt3i4azNZE3DyFi4hZBgyD7RrxsVIyb1wQFkzunpIQpXM15pnIZJ3nBqgDxvfFeVFoKl915t6EzEeBL58AaFCJ2cwFZ5K0PtcjOJfhrbQKi8-kNAe4FFu8CGHwn06cguf3dSDXc9JViLxXatZDeyK9dA9quv-JoGGX-7NrJibNEKeWj0ir78s7D4NZlajyHT0x6vzopvpRC2aB0RQI5ZegGoMqlGM6hDQx4JgxFATOvrA3Kt26wPDUh_qop4xiZrtSOTfto75UiSG4ssnwom3Dz0aAEH5Rtb8am9WziSQ&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=1035135912888594400&adk=3944675600&idt=45&cac=0&dtd=15

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4ee867c767f824c3e0a7aeb61f999c06c5016f0e949f25848ef053c56282c8a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35453
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 44E4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1

43 B
632 B

17ms
11ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNV83V_Or6cdKtxJ5SV7AVhpnvyVTH-LRRN0RNOCv5-i2FNeihT-S7_GzYceoSpWk5rU1p1g_eXvctC01QsWlJWuTyRWxEyFsN9KKtM7EUG06pD9yu_LjGaFmNqsnt17IZaI2hFFQ4i4r7oPypnnkZ4lKILe2m-xVLQxTGzfgj-UCFFkgNE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 44E4
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

43 B
632 B

30ms
9ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNV83V_Or6cdKtxJ5SV7AVhpnvyVTH-LRRN0RNOCv5-i2FNeihT-S7_GzYceoSpWk5rU1p1g_eXvctC01QsWlJWuTyRWxEyFsN9KKtM7EUG06pD9yu_LjGaFmNqsnt17IZaI2hFFQ4i4r7oPypnnkZ4lKILe2m-xVLQxTGzfgj-UCFFkgNE
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 44E4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1

43 B
1 KB

23ms
22ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjb2O2zATAB&v=APEucNV83V_Or6cdKtxJ5SV7AVhpnvyVTH-LRRN0RNOCv5-i2FNeihT-S7_GzYceoSpWk5rU1p1g_eXvctC01QsWlJWuTyRWxEyFsN9KKtM7EUG06pD9yu_LjGaFmNqsnt17IZaI2hFFQ4i4r7oPypnnkZ4lKILe2m-xVLQxTGzfgj-UCFFkgNE

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:06 GMT
AN-X-Request-Uuid: 85a8831b-aa91-4dc7-ac8a-6a460cbcb0eb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 44E4
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

170 B
243 B

50ms
50ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Requested by

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: 007e735f-457b-48c2-9b4d-a7c72a0ba8d9
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CBCD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1

43 B
632 B

18ms
12ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjbifncATAB&v=APEucNVQZQVv6S6D6R1oct-ijqMj22WZzFS2BGcafu9yBBbUONrKJTHdLTbPmrWSAOWgbvO3SU4P5HKK8qE4tsEAH9P7XpIeoobXbFYHhD_Pyu8B2-LztQFJhV112jKHKdCJkMAtJp4uTcJoXRLnUlsTXszupNaBEdjfirX500IQE570s7nNxe0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=497
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame CBCD
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Y-fo7leb0R.BtUELNJMy2wAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2

43 B
766 B

18ms
13ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjbifncATAB&v=APEucNVQZQVv6S6D6R1oct-ijqMj22WZzFS2BGcafu9yBBbUONrKJTHdLTbPmrWSAOWgbvO3SU4P5HKK8qE4tsEAH9P7XpIeoobXbFYHhD_Pyu8B2-LztQFJhV112jKHKdCJkMAtJp4uTcJoXRLnUlsTXszupNaBEdjfirX500IQE570s7nNxe0
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=498
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESECcMrT8jN1yGzj-ofOQCZK4&google_cver=1&google_hm=2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame CBCD
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1

43 B
1 KB

28ms
27ms

Image
image/gif

185.83.142.19
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CNHn4wEQ4JWpAhjbifncATAB&v=APEucNVQZQVv6S6D6R1oct-ijqMj22WZzFS2BGcafu9yBBbUONrKJTHdLTbPmrWSAOWgbvO3SU4P5HKK8qE4tsEAH9P7XpIeoobXbFYHhD_Pyu8B2-LztQFJhV112jKHKdCJkMAtJp4uTcJoXRLnUlsTXszupNaBEdjfirX500IQE570s7nNxe0

Protocol

HTTP/1.1

Server

185.83.142.19 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:06 GMT
AN-X-Request-Uuid: d7b6cbc6-ad90-4c56-9ab0-5370955db016
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: image/gif
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEI_bj7xivdGK9RkF4q-Ld04&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame CBCD
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

170 B
232 B

55ms
52ms

Image
image/png

142.251.39.34
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0

Requested by

Protocol

Server

142.251.39.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s38-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Thu, 23 Feb 2023 22:30:06 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection: keep-alive
X-Proxy-Origin: 80.255.10.199; 80.255.10.199; 960.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
Content-Length: 0
X-XSS-Protection: 0
Pragma: no-cache
AN-X-Request-Uuid: d59f88f9-db38-4b31-8885-c0eca4ab72fb
Server: nginx/1.21.3
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzUxMjczMDEzNDc2MTM4MzM0
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 412E 0
20 B 44ms
44ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5272363263334&version=m202301300101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 412E 0
20 B 46ms
46ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5272363263334&version=m202301300101&ct=76&x=1&cor=6358083363451280000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 412E 84 KB
35 KB 61ms
60ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CkMakqdooR5zs8Dwubx1T2LTDth6KujLCWJrd-qNa89k2GDqxyXcEvkYj_uV5oglsr38nQTkOUKfPdLFMrII77sh_XLR_ff5H2xCEFnuD-bh0MXa43s1oJHRqyyEdd0-mSYJZeRIrCtuv00Dsl0T736nUNfMko1t84CX3d6oY481a-9lY&dbm_d=AKAmf-DXcjg6NY5wL2UeX1_N842AdKsuWMPxBStBY-Ps2cpvX72BjLcYCqWabV8G_iMF3OSL2WIftyeJnxDz540dffztRRcieRiGNraXDmGOzySQmyuhwvyZPXNVYjJA0-F2scJ_Ieb-efTN2C59e5UicawZQ4dBSQjlaDiMUMmx2No7yu3to3VDte-KipaFRkn1F_sbjBLZ5-UuDTiC9WZ5VhQ6sSK8VlKmx7929B9vo0BSG47il7mrdFiZsKOzWgPqzqh9-aJ5y_U802ersMzOL76BHfmp-yPg9dXrStUVt0KlxVPVeopFLbp2CxbXXp1wkiq0k0Uy_rBZHXzvYvN9qca_5qrMqsaGgztYHgdV2genn_gjTWT-JlXdoJo_vyh96suneP_cS3UPffZt7zKHi4F2Le8GJ07qE5aELBzXZRMn1F4386lO4b26EKd25f9lZweQxappauWe41LMYnZP-ZXC9BfprIIRPSPg8hsNtYqkWExrz8EhVU3CrLzuSY8BtuLgF44N56kmHwfR6DzK2QAl1IlD886ZoOTG8I0ZmEG1yOnyv9ubg4dKiRJkwuT_0Jy09UqKISlCKxMFt_dy9RRzvBAdP8LQFmSDXN28UJ3SKu2WVrjKRrdwLSdRYXYhYlHFUemC2XUKM4XRJy3WmMGt5565CRrIThKiNzWubGMttX7OSiEYcC-YY8B9EB2WwBwj1_EG5hyH40vBsS9XurwIPuMJfMxD4eXNL7wlDCDnOXBUheJmsAaRwXhxHCk3JInYL7oPAW5U5wSf_xKA4Bm20-Ws8tA49WVA8UdOXmJNjJ7xCZRh8krtLZAY1MkrrKqmaRiqesf2DcV7dE2cGgeyTRi82-ZZ-0XuNBPooc0MPqqHRYGIWpHDU6rG-yGUY9XzQUpsb8PGoLHkL09KEfO3Ek1mSHNAhFqiIbaMu5GXgk22IqbDyUq6UDPqidZX5GDdRK_Yjs1kHBw_F78qW97bqOoxOykqqEYBFjUQ4s_rrMsybNy8WmlegmlX0V7v5BUyr8uECzOx0l2MZ6lZ3YLIDt4HBFEhEqufwXarlyfjjB2PlZALONxT3WvIL9UsqoRfis_bqjQfkunlCi0NIgZay2HnSWcUXOYMHGSoWGSWCw2pVj_qMMzI90SsBnUp1uzVRT5SdOAeZtbidJwW4iJYiWdncgCrZlFN6iCmBHQWq5-aWCSjUX4m24HJXLYi6tVn18cy2E_3svg9tC1LPa-wQLpYaIlr8pUEu08Ms5I6UjOCXtG_T0BtDmdBwjUea-OJke49RsImLgyuElJQIFMGN_dxgmSkDMqtdorZQupOSq4iIm9gbmLNgF1BhSVAWgCb2RVujTaIXhlfubsaJ2CuuifI39UU9nTHNBuQ13esNhIgcjtoaMX73VqhjxDKdXNbRa7QtAA8Ed0VMSAhhMyE7g5PBDbPdqT_EyacZlQxDRll3PqWLA1wWIXT9jwdJSEKKlIggSkDvDlfORW6Hdx5jcwrWgG2NMlFjF3mdQD8evL3s2YH7Gvka2ztNW5P-Uawfy0UWkSB1zNqIX7crqhjqWzZ4cMyvH6PPBV5Lvvm9B-fke5BEuOD4GhfsPdzf4ma5RSHxXmfYF3y9J3JEBlc41WxdRh3Je6gOGmBnaUf9UdSlWhnr1pwrqcrAd1bFGK_7h9GULOuyv5FLmONWT4xQnmwvfN37P2gLssQ9ZnjjO-btNe85ldR24aGUqRbo9X51InTb_7pehavJOzMYxtrEwfahv67gdMwk0ROUQmKsaYPhitnswRKKdkkiYFAYXlWd-5IARwCZXirIpEQjEqDxBWZQObsfWwKf3wjCB4cgl7MCf5Kkr0qnrvcLnx-A5ZdABUPQtPQNid3GU7pt-l9V4QRbtAQGUp9ZYtro8WRLdqYFMjprQg_yYiAYZA105xm056P3MdQ5NKf4OrQqqczd5XofwJXlbFQbzdfGOexCcVbtI4V7IOU5IuXI4UD0xZOsbspAXxaJR6YXOccdXuRrUIzXPRic7gvPqJAyDx-6-wVRElg4ox3vfgb46_kcR0avO19fM9GWIL99bMeAQb23rSLloNtFm8LvDv61kur22vjFyrrDD73LpFcJUJI9W8o_0TntqHUhDeYSUmWedQcbF6zYmn-XS3bT7vrodqNM3PhSk-yiwMhFK2lTImkE21HcRX_BTvfhxbp-goxPQmCXHNhRMqSZEB7bj2Lu9Qa1WaIuCULqzxw0G54TNVzQJHK3zCfes9VIYYtqbNvrTFb1gyR6RCcX3BfJ-4Tq8Mkhkirhl4sGIf1nMa7pgCVSH_7YbynNcCB4gS54G-F3Dem8MNNA6wK6reDxO-eA6Vw1BVkxtT7cohpOAM6ibvP3RrBiz_A2FAVq0FZbMoaHdAyI0YkRughuwYndqCQO1fbwCNmIEUrNDnetsvj5ZMEpmzw7GQwktEXHlriWX3aLhVmOTniTfEiBEnu-Dp9NURi50ferczoE67iwABsdnLnKp_jvvbFmRVGdXe6c0-RIyh4uUr4EXedfgO5j5HNRt1GbWJDrUit9f36qfLOEpOsWxSbBCWEsBjLKJK9aFn4Kf32EEUHj3cBnQaylJ8tjFX2IKxOEzGVcWEGBM_MNz_sfBPkP_occxcn13zR-EXDZqv3V4aJwqjU0KHC9H-ZAODFzxOy8bygMiRkxvOcfLpIDqgpGkPI41wPuV7w1Or-jc-dkId6Yggan5A1oQ-F0i6DL_-E5g3tS87CV6vuXp-d67ppHOOtWt_vVHHJXsnHct0CqnE8JL8InXJn961d03_9MCEqGs1jzMcXUJfEKkUSkeH5iK8ul_NuYcG0rAnRBcOw2PgaBom-mE4IkmotW023Pl1S9s2v85B6fUT7GThgKFqv9h9AffEB-OuXY9qQMlpxer2nI0Ooleesgomh07JDK9ekKh2dneBU5DD2Gg284yrvjSgJ4YUB0mU3OqNzawHBCGnPLB3lj-WbIXCQ_ZaWXL_v2X1ncUmvzi2xQmzxGVrsaGA9Ub8SMqZGXvg41Un3qojNzFIlJL9B2NmFDI7tq-qvtnCjn6BL6w2EvAxP2lt9cguL_-QihElRUVKKdy99zGdiE5ouY5yeLkD4U3SW2kKyYt5WsTDvfIM6zts37mjBh5qSHlYcXas0W0j5b8wk08tym-MfvE5oxIiN7QhRK1JrtJ2gE06MwB36t1XY6nIpqVN6vQxVWNoaC12sHDPq9ArWeabOzL7puJjz4QzFW1VdgIxBQojVBKP3LaqFhkb0gu2Qvf1pZ4KQi2YqxwG1oqTcXsAiwTxoI2JSLgO17Ms1ww5FKdj2kItudbPqJ2TSAOk2&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=6358083363451280000&adk=1033480531&idt=64&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

133aae04f1b1832056cc5c2203cd3436b6858da2d489747987bb0d6058476c69

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35800
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2964 0
20 B 44ms
44ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=8040859590768&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2964 0
20 B 67ms
66ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=8040859590768&version=m202301230201&ct=77&x=1&cor=7514744574299424000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2964 15 KB
11 KB 46ms
45ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6MO2ew4ikcdnakL31GWcwIYPm4awuqNryrt0bOCQQ5wotUPpjIRlRe_u3i2xzjYSCR9NtHui-Ro0p0hywZIBxlQhKAKr3kmEHq8tZlJWOIuJ-H7DAdNCgPufgPsMa_Ho5T6uUvJy4URueFMMy-s5fmgmyX9q8I3f9NzelU2A3IpxegeQ&cry=1&dbm_d=AKAmf-CksXVOml5lpv8YTLw4agjeIukmZjxXBlj7hx82EA-5M1Yd9ZxJWnBw1XA2ZA0J2iI31w4WSAQHcDObSy4RO-dUxWOsPptdMCctTroBYBdgKL3cAGqbeH4iZFFpKdqauBATWzFKVcVeu1W0dbpFosJ02Ke0tER-NVLfHM2XgmDAHfuQqjZCRypR1pXl4Za4Kf_-x-3hpERC-d1a6TSpeyQ7UxUuCUekLyJsrXRhtexzWkyWbDfoEjFkZTOqQAdRtsDzj6fOco6-P5bC1nRXBnoUMpEgFGvBwWVuH_GYYL6YEXxup_-7gYoEoNZiw3q3urZTsnxducJQ2n2pS1y4U9EuX6E45ZMTypGseh14ozonAfPpGpbVVlRDOtMMY6iiuKhP0cMgnawUqJ-v2j94J7VsI-k2vYw4YLQmcfa7bVsQfUDWyN7HnHCsfSAFLMBssXHB3sWgvFDj75o9k6n42Egfg2NB8wKhdCS4clEwa3yW6du-LxNWluvyqd9UtOk2i1zH4hoifA76EkKtU68oDUy3w-pPGpiLFwp7yJ79_wK-k2Z1hyUK1SVMnoLzcNgUaAyI6ZShIteA5rTOnLUtk-u2rrKvRzxbV4lZhxOt4TRvJt0MJSHar-w_9-eAnsKR5IxsBhopg6LJoQljwcyKpMJnLJRop_arHhC3fAC9QHf9G0tk5ZJBBc0W-G8_Si0xwieqS_DgTpX2_sX1-aFSJ886WOz5MIN3SxLXDc-UxGYVosfj2R-gnYOGK8xtedPasjJpIB2RJyd8LWG8fJ-KlgyRpWvYgg5PwwuxKkK1iXW3E3XSVCMaPtQgZChXYt-RDY-2Jx1vFfjIdeND8GQN_MOvzc3VC_SCnaM_VyZ_yjWe15WDXtZ8xS7TMU7r2Tigs9nHle5-QHH7nNPLvCzF9XDTKjyeDUmmYWN_rbf7nkM0NZLDOE-jp7vmmrXFpmmw7jOuuzhq-SOhjGZ_1Hn0MwzBw77t6SKpqKCXbA7HQE4mpLU65GW3MxsFHrFjAO-ytoI6x9BV8PmTD4RgUI-GkdqioCnKO8HRBTntpf0JU1MyW2dXSznLIedOYHO8MIuhcQOW2F7PbYHyLZpMweKqqAF1meCEquA60uprTuAUrl0HV9CfR9VKERqXGxaeZDS_tPG-mrCl8fylxTRG4HytGwD3n9kbqeGxkzcXZzHz2nECWh5IkPEiYvWsouJue5MDdRaAzq3qdSxZ5e-stTyTm0NMVFjmysRo57zg8T4eB0ueARTJPCh9mqRW8wfxRTTkiTCEwebi63Xm2qzKwezIBp-IGGlfuYJLgdVNc6avuJSGYZeK0VmMiBgNb41HKPtBm3tWec6t9KeRKBX30w48gWu8sY2cE3gGVBM1gChcU87ZLFBUPP3EDa0TbgOy6Muh8d6EKFloFEygsWMnFKcsdKXrIX8XlauqDzCqT_aT2Bx208a7Vlmk0bA-ygBxPzEA6lZt0G_efXBVtZHI4wDuAReKWRPnp6iTTGKsYUs6TpQKr0rgpim9h8gl0SLMxezDvecRnG5Rf-DoAGQL8_M1gQVWIg3_em4OsEsyMaVv2VcmzqfFM6dZ9hFlU4_VZ57nE6fDUESWMvOjHHlWmqo008Lp4FDQRbFL0e7qMofXFSYXcVkrFJniGNSra2M0hOje5rj_xSAihnlEoJvf_k3zA4vDtK_DDxxRi7hA9RD_OeR3rI1kP2L27RuV3R0FGI63ZAMU_pU42gBwG4-tNdsaKzGBs20M8N7Q-QpL-xPxQ-2JFCnP_c4Ra8WRnPaFCq_UedEX6CqvqsR5_tXarYDK0FLkL4CdBCXiHXzNY4kzjT_RcnlJsbfeWp-i9D4caj3HBPBMl29oUnwPLaChHyvOC_fGIG5-_SQVnXbllwkLInbEX8Fb5RsO0rCFp2mfAg6csb14CMv4KcT3tP89A6Tb0oy_yXzxCNilZHoxjOoM9sFtXi1n1jc77DNwE2HnmkHZEy8BNh4KSufJlWGc0FA2PbhIvWZey2IAQ5b3lqEFdnPQrq3d8qFTlwMPUeOMyaUbzvOMb62uFBWdE37kExlrerVzTOMMKhwLbcgXdU_nDN6fDqzVtfbFJEmlEwBZ9WXo0lm9XhNG8wK346Ry23_sYzPQkPiL_gEeGFPxYTflHvGbyFIPBvzC3XNrfYV35vJE5CNuT6zkmwPJX3PywoUBTzwwcl4laA3wya1WaZjY_hemuDtuHbIWwUosnqFVZBeoa89qmijNultlX6GIwqJjgYkgCkE4kqPd2miFgs8YaLGiJX0TLSsq0Bjz8mFT0smghJhKPMjkqfrGHLp9YBD5MuI7ttHXkGPJF8fHuob035pd7FFFgH2vIxLmsQBqGc9tnHknEg9pKQAskCRxV3rxOz7CKuTzerlhKQca72y4YvjdiNvGOVfoGBuX57uOdgGXNF6EPe6-JXWdOtL4AHku0VPNlkQrmP98ktnHyJqt6Z411ViN1ukNua_mGhNzzVRothEyrsAnubcGjPlYEqQLJW0IGOBz-eHIu2ShPiKU-Jg5OwzE1pcXfaZuRd41rIyQN2TGmO9FWfGxwlL6BwkXz-o3eqkcUWPMza5IXGf-C1iaH8vyL0jsnoAZa8mM72hsIiI3vFmzZXJFUYhLW4A1J6szjHALq_7cI4RIz3Tyrcli34y_JehLXkfdVziOgSKQrLpuDvcdTpMNv6mB7Y1mqWceCqqAgV1zxWUIcEpJL_ALFsuc29adOAIYW1-n94QQwI4DsUsdcquFySkECk817xURYFnTeKHbE73lDEfVQC25HJafFzDV4iSEzMqMDo4pt5m2VldN2UufW98pT_41ljsUz-G5lOvL8EqbWF7kguSRQwKk696ciNeeF_Scpv_FIhMjGpFLT0N8S7bLaf1OvgnXWnBi2V5C9LJmb4rdMxblOIEItqZNUHWNUZMpsSBY3Wq6lHmdLR4EobYoG_gjhyqod8XVfUx73mgWDHCEdsCUZpCSTU0WNoVIi_JUsZmiP8GPJxbVKBLhfZ7jD-x4HfNnVV1j60v-85PKy5DPT_r2xF_cZBc8FiQ1UjCNwUSlgWV8HWh8qT1zQhZ1u4RUw4PzdwXALUm2L7gWKVCJmdP0ZnsrQn6z9QDcg1xgO0ZL8y5fGIwNb2mrTM5zde_1U-ceFtEx7oPn50tekXEOFZTz-2tMXdIVZPRUnIfriIztbG5cBqiFXuqmYUNjtR7QSEoaA6Bar6cSKJuvNbyoTZKIDob1OhvC4SoLLjuBrA0PggZoQZMqizYgmW_aPERjQHaIT-5aFHgjVvAJ-GfGqeWZ45REwvHq8EpRGHnQTB2IXn7PVsOSLmTBNIR9OBkmw1oS7LLxvARRY7aDxE0ET9hBK24sXQmqxJ56DhTCkQ0Tk_UTsP1cniOA6F-z1oR65E9o-6OyJeA5aG8trKOgGudFOP3RL1vDu7S1A_NWZOyCvywkhyyZRVa0WAd-ONX5bpb30dQOcPNoiwCVvhF0yTctRNlO5fP7uwhZrdmauvY-PGZboX-ib2ukVLh5lbHpnhOW__IqG_Vgv_5Aw9KDVqTg4J5SY21Z4kqlwIhyzw7llx1-bNe5tIs26AaQ6GbNEQ9JEiiIeSWmr_PA1GikKCj5B0linu0&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=7514744574299424000&adk=3690638929&idt=70&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9616b76c3b0cb92677905d1a288f0ba3192550f11ea33a1dcea9f16321fbe50c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11580
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame B8F2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGFXc4rm4a09Kw_3szIaI04&google_cver=1

43 B
114 B

30ms
22ms

Image
image/gif

35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGFXc4rm4a09Kw_3szIaI04&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVOFELzwihWjj-nlMEifIiTVoxqUQkt-YWRTqhUbujqi8fmnn8A8DsxtAxJqbTPS0YbOlCPRx1V4TPqe1tzUdQk_ZSOj-loKHQmrgQme95O7aqxd-hdhA4pkkpfTZ5w5CxgdEXYZgrBcdFlVkRQOunbYWjqNPTBJUk7LFSWoEIALqggD2s
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEGFXc4rm4a09Kw_3szIaI04&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cm
us-u.openx.net/w/1.0/ Frame B8F2 43 B
304 B 106ms
1ms Image
image/gif 35.244.159.8
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVOFELzwihWjj-nlMEifIiTVoxqUQkt-YWRTqhUbujqi8fmnn8A8DsxtAxJqbTPS0YbOlCPRx1V4TPqe1tzUdQk_ZSOj-loKHQmrgQme95O7aqxd-hdhA4pkkpfTZ5w5CxgdEXYZgrBcdFlVkRQOunbYWjqNPTBJUk7LFSWoEIALqggD2s
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
via: 1.1 google
server: OXGW/0.0.0
vary: Accept, Accept-Encoding
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2

200

um
sync.teads.tv/ Frame B8F2
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://sync.teads.tv/um?eid=3&uid=CAESEO5upzmuxauCQ9qfCtus5LA&google_cver=1

23 B
172 B

45ms
37ms

Image
image/gif

104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEO5upzmuxauCQ9qfCtus5LA&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVOFELzwihWjj-nlMEifIiTVoxqUQkt-YWRTqhUbujqi8fmnn8A8DsxtAxJqbTPS0YbOlCPRx1V4TPqe1tzUdQk_ZSOj-loKHQmrgQme95O7aqxd-hdhA4pkkpfTZ5w5CxgdEXYZgrBcdFlVkRQOunbYWjqNPTBJUk7LFSWoEIALqggD2s
Protocol: H2
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

expires: Thu, 23 Feb 2023 22:30:07 GMT
pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um?eid=3&uid=CAESEO5upzmuxauCQ9qfCtus5LA&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame B8F2 23 B
172 B 96ms
47ms Image
image/gif 104.111.217.42
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhDw3uOiAxjbobvGATAB&v=APEucNVOFELzwihWjj-nlMEifIiTVoxqUQkt-YWRTqhUbujqi8fmnn8A8DsxtAxJqbTPS0YbOlCPRx1V4TPqe1tzUdQk_ZSOj-loKHQmrgQme95O7aqxd-hdhA4pkkpfTZ5w5CxgdEXYZgrBcdFlVkRQOunbYWjqNPTBJUk7LFSWoEIALqggD2s
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.217.42 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-217-42.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.9 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

expires: Thu, 23 Feb 2023 22:30:07 GMT
pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.9
content-length: 23
content-type: image/gif

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 590F 0
20 B 46ms
44ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=1216178913500&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 590F 0
20 B 71ms
69ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=1216178913500&version=m202301230201&ct=76&x=1&cor=14653678245303700000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 590F 83 KB
35 KB 70ms
68ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACJ3QhRBeLKTE-pQX-grR4k8dRglmp_UP-0ZTpKX0fQxanzkPwzXkgbp34qtlgFwo61jJG0bAcqvT59OOm0R7O3dQN_zIucIzWH08pFU7b-LESYajDxgjb7kUKeOS8smeRqjLZM97e3qJQiSKbh09Hb8yvNbwKLpIgN6O-GT-jeZQo3NI&dbm_d=AKAmf-D4SVo7LFGw2uuDtD9BgwO7U8eqlyLtHxNHhtWyJ-FBo5OIrEM2AP9TPqIE3zwk2MYI75CrZZdX689cSE9RWzGNKFdgVO6aBEuAFx0rD-UIgKboPSgLv2rFUeJ8rmahv5bn9F0socaj47LDrypMaHA6f3Zn7ITj6n4lQj7W91W7UCbJ_etXFZNJgeC4zXPX4X2Z1f7XrOJNAfv6vMKCaE3n0b2wrFMA0JrJVYYJ-BSCf2--DwDOoVx6kN4lCGO5qTbH50nCStLjagiwX_LcNHqMBvfcNzYBp7zo7JLJ3UKP0asi-GtqBtH1Mlw-emcPUJYxufJ1RzGyk1elsLb1-z-Hbg29MUHlQWYweT_9_Xgbq0QSw7uRm9rpVfY4-DbAOOD0l0hkeYgTqWdEkUbT-cBhZJeWwDeEPpmj8ZDTJ35M683WJeEarZ1NJFuYWSIyj4S59Czsyf_1QJ0NzI9Rtr6hucEe7_e4Y82Vpp4NzCgxwIWEN9nq7cwv1tqwTHmA5R39c2wbqrPAuZOZ4jqHJast1BEuQuHGc0Asi0hATmwcOESVoW5aoSpxPkwuQnizh4wsDSJIK4n6H6Saz_hDwxOsQSsgAeav3BDvMSP9i_3cx0BhA1omtWmyR79pMmilb2BswUm9dWsA5KiewrH0zCv0IMbx_i3wlkigEroQ38VIT6aMMSHtGCTvCHvaibCT30Fl8NhtvQRSRX3pXkuIwOiXkZ8cBRLlYEKDQciZn0z_-i8GKLBTyRMg1Ifp9oYjywXoAOvvVteqnnOwz7MxbrM9kmYWCdcqcyuNwlM4vlGZhVxS7fNgIOViqhM9Q3zNWx5AGhasUH9Jm0LMNZ_mm94TNhL9xEN-VDF6LmjagWzz4hZ-7N9yI5klPMkPz7hg8HvIXcUYA5SCHITdpVS3lnyXgMZL3BJ9KxzSBljpg11cYX6YI40ZJUl3ARP6ngZMHyQ3U7vANZpo3m0AKXe4AfHEv0fLyfDU3g0NFItdotiKb-DgoAtOMToz4-pRCM6pjBRwNq0uKiekReK3TirVp7DUp7UVI-Ob3uJj1kjDVqQs8xogZ-nUS0H5NORJedAVfl-Jf4CY3QA68H3JHaRGtUkzwXJuBvqOFy9X3QvJlkuui9hUYzEAujpX6ZwVuU7c2ZZYgBPVV-MppKo545YIOAZ3x3wqyb0wWkwFNb09TVGlHuVh9sXWwB1a5e_34I4Ing2H1mc5ZpAVzGFxUc_R93wXMl3XL_fCSNnj--GiQRHgEOLeDdMYQIZygVJaKB6zWXgawXYQ7pb7IThpWJh_A9yawTojjRKjKHyD1YKUOMVybBzTr98JdXPqt_fnGy9fqiRvu1CfLeEaL7-_oSgkPJXqQPwzfTGRvZj_uXVSpMwh6D9232DsxmHkLTCXnNAAhY1HcdeBQimMwcE7fuJIjacdbE3bSF5_ZZ7VnJ-usx_kGYZGovM3Hwbd3N6B3k0gAEjeL8HglKYxneGmsHjuC90728X_5rtGzErzWmRyCpyoTm48uR5L3-6cEEYi2antbAsTNsYoeB4ZqEOxk-1r05uUKrMZk25Pb26aUOK-bWXZdROGrfo98y9Ke4ctqk2XxVriIpTM5ZBI7TeD-FnrFS33NvM7C26KSN8370MUm4dG4PmlXED4pQyF_SCDl387e8AE0QD6T_odrxc4C6dW21S-FXSQmOzZ0RaVpA2tRY4Qf3MAfeAKxgfLhDauUuL1ai8mRZ9bHN1M0X7VtuS6L6JJWlTPjZBlBzgVZF8NVE2TNArJa2xfv7tI9fhCjdzxh-Zf2NaUoKApP61EXQb1Y84uEveRmkvfPiPAuvtXD1uq2bXdNoWI0fWPwL73DTdWpV7Vc46Jt1cHvGnltFhq8rTlJUqazjIzRqwdqgp2w27EJbq32alNM6mrgsoY_b_O5JLnQY_aPhFsNhwFJGH8vHNWMtsvpujjOhikHLlx98yZ2Y0kO9U3kR3GA14WbnhXjcNkxebokXEREvpnRT_jx2o_EcVKfmK_qRpLgkGzcMTYbJdp_kDUZNBD1TRomX1001t1FxwfPOdP9cCSyfz_z_tRHjrNUHPo3lh5fz9yb3sjdp5wrMTjJiVsyzhdgHiYqHOiQXMefub333QUEVy0cmF_RzZRFUtE2y4bTk1T7cpE0aXP3_UeIRCH5dNARTVNFUPTs8CWdM5YlYyjBOuE3UXgDSjFWMb_G8xv1YBMCFqmo33-imUB1tr8NI6pw-q56VSo1xZM5xHiHEE1nwnHtnpbDgqFEy_PqOWeHcEu9qtnqQK-K4ZuJTbx-hpp79qCSMGZToF7EREmOjMDlhSaGMnKPTdc94M3sTW-ZwZJWGEyae9hyj4aCXI340idXjOz5OG-JZBJqfZsrHXW3Am_lDGQ8qqYFl6Num41hq67cI8fGidB_SgW08WVZxNM7SIkZ4ebCOj1eexVriuy1gRgfCIS7cjgS6hMivHhuacpLSkDBrkvSxqWiyWIkoSwYsUCqJ9bFCoQVRF_wtn1quJVM0S2QfIZ2zGn-OqiwHZyeC6OrxgdbABjtXezquziolwSNFptMdaip9_YcteTjwJTQjWUt0QobdMPe2MGHKegFdmkJmbFMZME57pip8fJliO8Xt9q1-BgRPQrqbvBH-NRmp409QvHsQelO-WsA69CBCHnrRmRsTokPp-ImmVYLCxxYF4xZvbb6lUQw-UMe9zEFhzEOQKtJOuZbQ6jNGnueum6v4uowFxd_y6mKtFzsFHXt329iLtRhSydvIPCzhXFKRbgOKqs_8uhFMcqGTPEsLZzqa8H1SAb2xgvFYOFQ8IqeYmUFwdSk_RoEpzV8A0AWrd2GtWyc1DlPxyovT-X8s55VZkNzpGv5zl_Y0EEjwtOcgBIenyoXbe33Ae6r3Wz1G2wjKMrnnopZHefm-oro842NQ2nrQCOmcUzzhQVoTj05-wNdGsz8pFTRnwEx7CtSl_mxUkcOfr30U2U96SdIMV7Jqc8JMOqkeNG4SJX3KpJWuyKW0xMjxZPsDCK2mKWl4xwqgRMUuHArV8lbv-QkJgfp3rKOCzEyrTbywOvWab9UY-wCxSDyPrdMwqBlA1cSiMD0KbEX_EuUsqefQydoDxpCpFUU6nrobJcvL4QlcmKiG00Pnv2taKcrdKg0-rP9dVfkAqE7frvuHmlqgVhfeP0UtggXZgUGmQqIqv1FBRSeeCZfkoqQnMWIBBkaWP7r1rGM8GhgcuqdFq2_cvUvgQ-I-84a676RWsgDbvyCGOVX17qXpY_dUWM7NEmxaXtwp_67-gNZl751-05mEWEeuXhAHgXkqaX6YLMuJV8zCL4cdjRc-y9&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=14653678245303700000&adk=943508955&idt=88&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bbf1f50f64c6fe71d10d27b6364653f2d2750de095209fe0fb39fe0bb7cbabbf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35772
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A267 0
20 B 64ms
63ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=4589946411642&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A267 0
20 B 64ms
64ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=4589946411642&version=m202301230201&ct=76&x=1&cor=9684460018107953000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame A267 83 KB
35 KB 98ms
97ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BQbeSnQr1fkATynHcXgwWxKCDT1uW02zXkKdOCGSCErnumH2J3Z2ZV2566iGyU8iiKHnf_-xHkZqfLln7wsPS2rQpnno4cm-Al7TJHQTWtK_hpaJTyMdNCLfcDmqj8Gc5bHPXP5JxRVkXHN068wlSk1S90pt6aAQkIqeKb1gpRMihc2cU&dbm_d=AKAmf-DqM7ow3olHln5Ez869v_yQ_xlfO3H5sp8iSDb8SivQ5ZpRmk3iDNriZPZj3T9zD5KUkf9FMAwc-1VZ007BZSp1Q-9Lp-RzEn5UCWeuI7gzvtquF15R2aESPDM0GUn3wBuKx-uDTk61VlLhQkP-xoBpMoGCZP2Z-ieqbrfVDzWnY5LKZeB3kEQWYM4_Sv8HW1qLWaJKKym2tpCda_uokIiCOPXEsCKfkghPivNbcldPS9tJDYPs6w-DV7inuzapf2z6dVE8sRSzeewWTFL8aB_zVPVGMDwzYh7BrEISydnxboQ4Ic1sczrRExUPce-yMSJQsb5X7mfBFU2rnBOppMdGxR-24heeMBI5iFeykbV9plAg2nNyaPjDq6TJnZB4_jOg5ohH45dDR2DeWTMBc2ArkeIEzJVGd9hj9BMYXmlFh65eSZ5Tcwc-KWcIuWjMsMF2_dtL_0gfa83IWKrZd1Q0cwIVdRRSNX51Gi1mvvCCLCXrXyLTKglkQrdvpEMzR8aarU_01X5zGo3ivMl1UWUAt-m0m5H87ITHlouPmCTieqCjYlfKdwJSrJgzCBd1ZBRamkIIxF6BTZ2wm3KrZdqm3iAGrPYEP8QMoWJjAZcs_XRdAWNShxiXSJXwSMlzh8RfKr4k05wRbF_7CXScjJ6t4F7kxhD3mlIkUhYN_L_TNtCZHUPOssLzKG6mOuxjqUd45ZAR_oUMUefrzbDdFZKs7AGooyetMUZ2rVw5gwqnHIa9ktp20KMP--Pc-BcG4_3phVExVSPkzRlRZNrPQd-rGsJsfPmncAW774pcPmtpDwjyfGLEEWH-s0tvIJQrfxx6TvZxEEDjc4OW6vOidJOlVuW2giv2BrpbQV626097sBjP07vOQpS_4aTNInpHinx2kiQkFezhyvvjmNX3VUpi0V2mHpVphGz95i6d3h4dkruW4Hrpl_L3HtjuSlDwqqafk9XpFReCLkDm_a4M0dl_LbAg6YdEtGVc_DdNPOxZBuEe4BDWkQMJrouPFS4E6yR1eMOIvrRFHI07NeT7ullbRHC754IOZ1hmFINJTlDiZSgnKYjHAvEJwTaZFhWsj-DVWPkoUvMBUWYB3YYEuzykAkfYqfoEata1wG3Xu4JuNrSLXXqiMPqimreUBuBstLj53cBUQLvpRkiisnSJFu0EnqmxOZqzBG3LR2Urd4MMyrvXE-sMOqqjOjFvVESXh5AgxoRYD8baCmdLo09b3cmAdkME6M03wp5EjVOpQo4BBwtiDcAG5xBdFXZuRRi1Pr3-HcHXiq6Ly6AMbde89-SLlzxE6iiEdBvuiMb6TMJQil2QLG3gbfMAzralfBre11WCOtGn8s57tt8MVSuNHP3WuoHgVMAzvFuiqmLo3mA2pr1Sjp8tg5jdmakP7KOjkLL3DxYFQBoUlW6C_8es7l10nSDRXi_jiC7F2pdXDjPS0blmhnLasFcFo3is17EVUjDcHi9YlpxHdQQ7V2Ki7DrV-K4l6OcIt348-Ju1e-TCddaAvi4_7T6g9GpH85dTH-aOTHzOdBwxITKdRBGoFKrWQ3Wk5I3jHfGMx-l1VnGfNYALWsnpibVoFJD5fsaurx4KvUPuPmrlSCFXgjIargGQ_1XFBcMWFYXPgKr0zPpkWoQeTlo5aVxJtaXcfaEzmvjcYag8lqE7a5kq__Shq2PKLA9giw0Qm-7hER3QorhXlYC6Dx1RegU_TscYhrFSqq7XA4TNDz1lTepLS8SD4Otrxgyt4fjLLaY3sSO_dg4Wdoar8EbU0VF2bzDJ_zo1rgergaFG92w2D-l2vw9qWcqjKN1wXcZPhoP_gp7Yil7Vpvqo4Y_tp38NQNyPYd-XzNS1J6pUlDpja8TcezwmacE0ec59S281X8biF_v78dUn18lkal8Q50MkzaeYflkc-jW59VVSY3NX11aJ-kfi4hyb52Q0kxGSOED3Plsi0C4Fvk47GhCo-62dPCz_PFSnyoeGpEndH4xgUq5JL5WKijGhmJ24dzcNBLRJPkVa6W2T3hRf4PNfG3riEtfPhKZM83sozBby-yCMZNxX_H1NnSircDeGgahdZRFrSt4yDZbe9VP0IBR18s8bxXQX64gMKyTj_MbVpIkg-JGM6NIfOo40hllvNlfoRndAmnQlKo_oe12R_ns3k8oF507eQFEfEfXDQtcPf_O5COHwiPdmUQSzFi1vubHqOEvSCA_6zok1rT2FeP7D4UfrjjwukyLManwMbQ8x3yxKanA4W6KS3Up-uhi-wUZ7CLhUOKWQzhRMpEC_u4W58oXwAp_MDj4F-0T-Ut1KPsn4Ptf3alyESjH_iBPv0YSsZbgQzhcrHS0BdeQ-Rc3Mqm9APdmYbdQEtJS5cw4XPUVcxx0LxD8uxvKKKstRvOZAARoq6p7XrlPG88ma3ucJ-gFSpNTw9HA3LPOwTb1UndHmmS4sLzAdv69ykurYwzl_PB_mvu2f5bV9H8d74KpT--DCJi2-cyI85Fylm4Gz-Qi7FSaPSHe61jTTi-203BwbI0_8Pg40TxdYNyt-w4pGVejOc7c2AqIN8yn4MejamS6xFwiVZaJg0rpSc6xtdb0LLkmLGSz9gh7fXjhim8z3kauzkZlf1aR-ZTNfx1P_jSmREprPDo8IGWWkHShYUJ5qI_RlkA5uv53Z5RCHmItH-hwBeIDdy1wEeyRab-5ms-k6N0OvteXnQmZ2PWL1jUKVe1MRo2jdxCOzS1rBHZ2GXnAPxFcodVtolsqagWi5slWYssLhY3pA-DgyelYciR6ZQzfDQHmj-T6rkyBa8rvQxESoGkehucsYWm-3bI2u3AsaLtW1RBwZA5JFzdmG8ubAtgi6MPsBp5i6ga0kPc_8zQg2KNdTUpn4eKerCjr8clFJL_jAhnzRQfa-EIxJFWSywQtUBqhL0p3Y_0Gzzq3kgdUzjVrH1HrbcVjH1YISj3t9DyDmpZLxZiqy7qY8cUtJUmD-tNUPO6Stu5uIPF6PGiqirCVFft7civr1PTUpTtGAj24U-FjJRQfWGbunonHP0JzcN-c-Ffho1u9NcqkeL4nUuLKVz0DRRYO-_Xy7DnEUgi64XsGyhaIMPSle0UbUEFzuRh_mgDJkLCcMBkTIRlkExKrIE3Kj7W0Bwc1hh05lwILKmSiR_peepPgegBKJ1YCz5BIjl-g_6DaaRnS42LEsAZoIrWh-AHYflbTNqhD-22RXk01NK_O0bdRWT1Vz36M9eDie5_09HLn6BWwSfmzZF2VJheCxeRbcZWwr8nYYHuy8u39vBDCxoY_horEiKfEe112ukxValmM-fQ_MXkhMUQMhVHsJPDsgrlHv&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=9684460018107953000&adk=4188270525&idt=70&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5c9fbf03e48789eb400de4db9fe508e3d651774864af09b07a99a75a42b23609

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35797
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 30D4 0
20 B 60ms
60ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=5401077671337&version=m202301300101

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 30D4 0
20 B 61ms
61ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=5401077671337&version=m202301300101&ct=77&x=1&cor=13143234079973513000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 30D4 15 KB
11 KB 60ms
60ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiXXSJ4E9PpYO9aTE72aWWjZ5yXeemc7ZEc23u0LpSJ8KLWOVUCx4WBYFokXJhlcicidu7SDFENCquUTdr5wbZWDrJM6ydb75N5lPwtHWKg50tDw9-t8CBZry5fpbDkh4TK4SP2m7MwORaVE9M9NPSn1iee4uctbtldBv5QTAQC-SeAkU&cry=1&dbm_d=AKAmf-AZ4HZdNTPbAZdIwep3RvoQr1CjjW7qExP9PdHk6Mwkvq5mTTwheOQwkQtWUCW8CzABTt3MnGNoCJKJzZDrL_J8gNgQmPUmZBam50VAiQWamL3v8C7u-JdLG3mMpcxuCqtwFXQiHPqPAtkCJDx03DWQoe5uKl8gRi9hLua-6oqubpUypmpME5jgu_8IUfMjkE71MKdGUq8nJA7bASv_ZRJsDzdmudLhvSeJKw8mH6qAnDpmnSEo_ugZ9owJwNtisRZrRRVn00_xI_d83mxfqtfCBA66zGtFELoiA-AgfDmwQ8hSpNVGe5i_fIq9UGCMG3M4Oy_QxcWIrKxH2hwftBU0I481A0kIFea3DWPu-Y9IXck23d7lTHsAdZwO-ks6B9ZZ7sAtOpIk0DT4MXiAZ2_qjlsIQvBTdJK-8ZudZ69CmLOO7zyKqNQ5Moqdij-Fal2l5RgOq-yN-IUuVHSquuLjgcthugL38N9fYDaFnTS1pof4QwPSC8mGQP0BkyhDQfdhDsMdsRbArFDiwwu3f2hINz2xmnWC0YzgOGiHdzT4MHz0Vk_1ZjhGbaaXQCZcbRkJMm6YdW4r-gTad4vS8zTK_YDgqSMsLVko-lXHj8YvYTeDWnCbAWvuGHoi-1c9CazaFXDhnPN6A4QThc4ghwrc53d2Yov1jLTWjC_-m7KsnPeglvARpUbMF5csYAv1CqZKOweCrw5fzsI5GhCF2SP9NDWJbtpeJtvZjVlFgZZ8rDs5ZR9IkArh830xKh1ciniSOxqTrsSRQJe8X4nhsJK2td7mba341EYirzjjDY800SHpXE76-ihwE_-HXhjCmgZ5zb3WC4U-fmokEn7aHkam46zyU6MAy5RnL9i50lBS0S4sQSunIHCnYkZ5y5oZ5-Tpw0iYdqup_MplY4BXh8sDWVrCFXw_WqnEcKI4wmTJfCBTE1Ped7xiMNL9GCcv_8GS1B4-rnmkj-p5wEXntgxI57CSOczQ9B2Twc0QXxPFVq3GPLUriVVcQJq5wHnGtYP_-rpIULke3VoB5I5Gph0sgBKm2P5qjxR3NL2croumONq-NUZgjUI7dUOrJGuzzNJIAGv3g930ZYhjo-XZy0vXx6wCMgCVrOsVa_6RDPR6XL00_N7xf9PBsNqqJ200U1EfMKHHMZE8GDVoDrSHZDxFo0pC66pCqZRIvtDvi5khiRH8Ael43uyRJzEl29GY_bSLOm1oR1yIhs-Jc1bhs7m2xdl1YWZg3Y9ou78sRcamOMUw1lmZgb1Ue1RXroCvo4pkplB0SpxblK0gDvxNjLA5huuzEKmn-3aqPhHEd1PW0RFzVgACiVotwBX_doZ7EKX6gLUatAI1slEvvPOLK8JH0nbkorXTNdybTqltUACu2iib9CqnwvE3zsDKvrDCQxH2zgjoOs_5-na9hB_dZOVma5b2ovGqaSkK-fDXdpLZLc6_AfNugSMGx6QURJi4KpGdiiElHgstISr1ejr_ELbG9Qm8K9OWv2FQBhxLdrsSnfUNlvCP1qYfipoCghXQQKdJo9avgzgiW_wqObjjoY1_oberH-v0seCaQ03CI44Pm-NuWY2mlzpIP5FqfjVeYx8FjuIx96gX3rv9Z27As99iDnq1rycWlvAJ6aN3cdDeO0RTqQ2K8WjU3ysqJfyQUTmB0Uk2A_Ys5ZlW68aLwY26EeftxzyeRCd7mJfQOMLrIVjJfgLSC8iZPBv3LzLB9X-bgicDltjzU0YdQ6f2H8Jmwv7umNGsPgssSPY97TEMWJJ6lnQtVE3dYdbWcz5w-94vkQ2EEWoX7E43QbJ41AG4T2bn1PPyxeWLKSy-hWWWSNfhXCdE34e_lhJGEHc4iHIyum7tyVpa5xnW1spWNhsXVY351Jl5rgIZ5pdwyE02qZG9EnQFEQRQ_-6EVpY7XFdPpX0_O4139hqVd0DDlnNx9F6YImfn6apMp5rIQ_QA_Fi6qRQ_Wbpp37tpo2P6eZi_58QTpLMsHyhGW9IHqczjwKsJ76Y1B-wSzWX8-fNNC-p_EPTlVTwdCd5bC4r27jV8euvvP30fYQGJ5VfSvdDaEo4V678K_cHqG2fxjXPOL0gb-yHEpPtwRgXukDQoorE2-_1SVBtTnzd5pVNjjegMidu-rCr55WmaludVZdj3JRMu0aDsR4lVXl_-16ME3OWlLFZ--bEGrHikO_dD_F35PMthOwzjCEqs8K22uiKWhXcFdmf3K2V3bwSp2JVG2t7js203JAdmeYEQo1K6HCICxvO4SU64ANMe90VoaHDMh2qSXGkLb2gvjuc7Knazj3OCkafCU6qqW0tibzGgSDFEzejMcTRIpzjK2f_3xN7g475gedaP376QGtleL2SwxrkngtzBg5uzyJlgiq3ZNQZJg0RlVVDZ6bkyhqZpuMNJvhjXokENCinMHeAnFE-geOA3cacqFSU9WOWcVTMaJ6loWrcctpAz4HB-C9tDD1HndsVKg3_ZUgJEApWTA3g_bXFpmw2EuRccTYFeh5hy6XXxQ8MAVWjLdeuRYNkb897bwDeDjGTLQz_twyspsglrwHbU2K7MJHi4ddT6SspVWWnbXXf4oLQhlQNN7_y3_9peXm9aTLA32Prr6DSVR_R559q8IJEHMkkYTkw8txKggXzcSSbRSzWiKDuV9Y_yZlPJTnJ6pzvX14XMqe3xCjvkpqZEGFdVsk4TgOPijEmtBAwwzcA6hKhbXF8bklRv2kypn4zWLnT_KpMfS9xTi9dEGUJfo9y_z436K_TAzb3DZ-oVQlHbg_GWy1uGZ_GlYiWKWgByB3mYZCWQIq0hirbP8xDiWb6hOVS9wzwR4BDJ-Q4kDGwWcFzhUi74mF48762D4dCexbsZCsh08gbQvjYmaDNaW3oNCC-vm-qgj0TUXiUEuhH0kSiwW3PgEd9SPvIJdC7Mmfb3fJG8ByCJLGsmpX25KgkegypjHfGYUVSnMzKZcbZqkX65dejZuvuUVqrkET9GmQdi-FtJVaa_EAsvGk656SEqID5gjUee38dL-0kaBu7LbGp84XqshGWITxg8zrEqavZZFljA94BaQvVaybreyx9b5YCDaC_xRLpqU5uavR9rDe0JDzICBjOBWqAXMJYSiJKhY0reK1BHw-5mGS3W-iRJZfW8_aF7teVOlKwPQ0L2WA4vDg-9OrWPENvrR-z32HbeHW1xGTRcUubHLuQ6Nt2aLjoPoyjvx5Nweo4GNk1hlPrJI4bo0YJw7pCLoPTiqoui8U36AfI7P21_ckbr0TWbMjD07qZY08IxO8Y5qGas1WINZrnvfwbGSJ4kpnRGdPo9fUL9Gd9U5c7-8xuQkhDd_FE7gQS-bvCMdTlhkyvjr6oY_PF0nnuasJg1qjBjk23ZwBE9t0fiJg-dMfnl9LaZ0la0mCRbh1oy86rFHE638-NcPCC17XC7PNytADVjzEUeXYt0niW-6rzs_NUAvZCON5B0Bk6dnaEos8Yhrx4G0whAlwhtiui1unQsoyMBtsXCYfVKObOcOSyDlzxPp2XOqR0M0hUYltW3qR_7z8D5jx3ye5Q6QhfZq_bTHxkNt9LJeqX9kziQRrGX5d3YgzpVm2_iml8tkLBASm2FJBQbJBr1R9fUPvUw9txMYA6oU6TiSkjQjFn-yOTdSax7137F&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=13143234079973513000&adk=3037181500&idt=63&cac=0&dtd=2

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e7820bfbe592313279ce97e810a7a5c5bb6243e38a920c3bc3d5eaa43043cef2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11333
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 0B76 106 KB
37 KB 104ms
27ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Origin: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 23:10:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 83959
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37872
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 23 Feb 2023 23:10:48 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/ Frame 0B76 8 KB
3 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CJueqcQSQu6c5jBd9ESv-xi1pWb074RF8XnjisSEtyc4szIbQXY4Lh0DDAFUn2HwiHbJQ4ZtLLcw4Nesrr-ZqrI5dzCA&cry=1&dbm_d=AKAmf-C8c8_GAYc6Vh_O789YHkelyjvqBUZ1rdlaOSP2mn3Thp-zdkIJPf2cNwX0Hjrkw2UbBXbATQfMkQxadbzkHNzQpjCF8vSMLMNne31qEG_CV3o9ybems8FEa8OJQwXN66n45K41x9FBjgn2Y-20XE5eAS_nS6e2iCKvE9pCk8u3oW_4XPNZGoJbX1HWfJ4e8AZS6_Mhk30uTV7SQURnnWz2N1GncAHUg6I7q5DNJIPCdkoO-59oscgCHGi9FMUe-FY1oHVr-_8vYwHFDZzBWWz_JhU-sdEaBrYh7CgFJKP62gZxm_c0RNZskc4eA0rtQBs_2wJi-3WyDPhJv6ywHdtN1R_j96eoMkC87_v9psu3H4hXn16bKy6qIC5yTyt3l7a8xhBDBVJPYLXwEvQQuVDSqMog6EAYv0jiw_wFnz4PJU8s_KZ6KoHT7QZZu4hg_UeoWUkWVCTz73abfmCWQZd2ZtLT8jaJmjnKiWzRyyafHHwU5Vu-n-suHySpBpgPYIdZnPbgT6wW2odJEj0KA14XvZIUaWXtKGNMNcToBzBs5sTIAGwESDvUvoK-9itagTt8u-FwspDI877Y4aMK9yNFGfYUxHjIPVguQhuf2RFY-GOdSPak2meVRFBzgYkr0GgwixT4VpvSDGicB5AWIe1oig4KwXhSHDGvFnKmrJeNivpAn2mYlrFBY94GUiXKfZ-s5kL-C2Ea5TOq65LozOhePRcdwDRqqHW2GGOXvBJqYlJjp7soBjnAqhPW6WSGbGoS8DC2PPOPOTwLAjzkzaaBXHB_rH2UetIDF_Vp-DIn-r3oTlT_ZLaxiYSP_HNJxDY13kUF2TpxVypOwlJDrnGNWSzRS_cAoyrIOjfgYw5dbPO32d8Uj3f5-S5GgOsEoyQju3DUNDcoup8PqGtMkkdwAOqxxalRqyJfUpZYKqtQ4XrFIHPs1Dj2wZmcSsMSQOAvOe58Lbvc8M5E_HZse-iNiuxf3_blxhCmojh6dlNVWEhOg4LDaGMV_qTpTXsAxux6XCtEb65BfPXXwMmQ3sm1Uz1Jue_5FnuBGsXpLq5W5nyVUfqc_5AvCxUpjMxmPYSq1vQ6G6nDYHauR_ByAchmQkGZkgY7hLXyzyvURrCT6LMWxhzMoM3HGZV5hleCINEz0egWKlwkcVpouxhYZMgCV4KPje-oSDcmXo2laarAcMZssrmwBrHHw6iLd0nqSUSzGvcWDxJZugYu8V4w6qUHJ3pvxEgtAZ_6q3rBh9R8GWFpvEoxFIeF3TOYK0m15AAI1q2HvV-silPrmkZXW4Le21PvNI8kNx65zn-fRWLbf9i0PvvJ-ksOeJ6OsghFZQ2Ld7VigRPRBVeVdLCiXYLEKWWymDh4groQ-Mw6rLsYyS3SA9H5pHUnNTL-X1MxOgGCjYLvyqUmttNpcDMYA_JLxRQ6WyPOLyzuUkHLtzANBf1Fradv2vxroweQv26sMDI9ebLXJGaiN5GDmdjdpzbIZwKdarJJSF_hXk7lZQrQONGGb4d7o6bSNsKwKua8kgv8MOS98yxcg_KzcZhnD5xAnKci5O1DVpkYbiqyNb4a79XNQrZmIynTyOJm43CDD5g_j9Uk8dTzXIHGo30dfcm2mYbKdCp7V5h28cMEgsjX7MFLfdy9q687Yrpc5Qc1ULbpsh2SR1gxUaxsexReoeztB1eIwYbzISplgd9mAJhTyr84GyukH0v4lAeLl63UF_9kNDChSMnuxE9dFACBtC6ADOX2-qQclAkwmV3I5oSGwMfgeyDkTv5XdpqPIwS5RKM1mM6OOzgdkyTkWNzZ4tDi-TJCcupK8u_D0sFXbpWiYv34bJ7W3omu_AJF4iRw8O_eaiT7eq3x7uAuotCXd5Ya2dzX5LKoMjoYXLZrR-S8CWs9S42chjISpdmNMVOKxe1YwIrpu4vFD3qRsCCszQ4x_EREQ2GD8oeWzBBUg4hHXAAacsw7ds5dBs-60vtP8zUTnfductqo4UWgN1LY_NvKwQNAuqqqQ7Qo-xogr9VN-8Xa3gFLvK1oqmLkwJWQOfqPpsBbTLjfb5mahTE-ldYpauxTdk7xGAxp313Zu9GkCSIY8s7Qz_mwUi8dfBIm7qmJt86jlnqn953_QwAnBba_WqAD0XrGBfVqedZaskwTd3guAMYqXGhSZOoSS5yX8_7xbnWnWEyaeIcgnk1TperbCs1dG4mNQKylRiEM68MNohx-Skfsyu9BnV0aclOxL60SjLZoVp0fXTtCFICOdZOHGCmoCwVPMhstfPAdlo6_5t96yJmdqDVFDPSo2HiRbEsBUFb_oq6fDXxLTDdhK-uyGgr-s2ZqR877jgtiYBh1Yvi5MKqEiiEjDV5cTkXZ8mjuWuHl_Scmxwnc5PGtO-vexm_bs_nD29pHOm94MO_oKWUC1sbIxkhx_9D8Wf9AQH9KKFrsQ8giB9ZG5kQik7P2m1HgNIMkmXT1a0x1-hM24bQslGXkR0VTn5MbV3itSxlVEV3sP203Ci05ilaJQ0Z8CjwQYO_NTJ9F-VtzV18KG65TY1esP4OdOuo7LExBTgTPIHqEsygRgr8TtUFYmGjE8JFSSQ0LVYtfpuwduQMLGC78keRsbaYW-8IcxKuy_NumLJn0ran_01mh4VJo9lKf3dJi1poNR2CjJFzlozrbMRX4tJef7_E_yETythMMdVEZr6O04_xJS4OqrvSqUAhTcU4-Bg8USsaHkSGMm2CgvpooItVsrXxd-8_nFspKf4H0I6XWudMK2XodMjbYPa54_LJvL97xo11X5hWlBM7SJ6vK78yLjeNOXhT8BXQp7Hgj4OZHD1IHhOPI5Bb8LjeOtiO_OUaC1YK5LG-2EK81zp-78o1aB2SRuBXY6tGkT1jyQ0F_87tt3i4azNZE3DyFi4hZBgyD7RrxsVIyb1wQFkzunpIQpXM15pnIZJ3nBqgDxvfFeVFoKl915t6EzEeBL58AaFCJ2cwFZ5K0PtcjOJfhrbQKi8-kNAe4FFu8CGHwn06cguf3dSDXc9JViLxXatZDeyK9dA9quv-JoGGX-7NrJibNEKeWj0ir78s7D4NZlajyHT0x6vzopvpRC2aB0RQI5ZegGoMqlGM6hDQx4JgxFATOvrA3Kt26wPDUh_qop4xiZrtSOTfto75UiSG4ssnwom3Dz0aAEH5Rtb8am9WziSQ&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=1035135912888594400&adk=3944675600&idt=45&cac=0&dtd=15

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3023
x-xss-protection: 0
server: cafe
etag: 4221495933888618527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:39 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame 0B76 28 KB
11 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8294f47c10ab9172680f9bba780fecd122dbec7acc578a6973704c97903a8915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12508
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10818
x-xss-protection: 0
server: cafe
etag: 16521218800250601078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2964 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D6MO2ew4ikcdnakL31GWcwIYPm4awuqNryrt0bOCQQ5wotUPpjIRlRe_u3i2xzjYSCR9NtHui-Ro0p0hywZIBxlQhKAKr3kmEHq8tZlJWOIuJ-H7DAdNCgPufgPsMa_Ho5T6uUvJy4URueFMMy-s5fmgmyX9q8I3f9NzelU2A3IpxegeQ&cry=1&dbm_d=AKAmf-CksXVOml5lpv8YTLw4agjeIukmZjxXBlj7hx82EA-5M1Yd9ZxJWnBw1XA2ZA0J2iI31w4WSAQHcDObSy4RO-dUxWOsPptdMCctTroBYBdgKL3cAGqbeH4iZFFpKdqauBATWzFKVcVeu1W0dbpFosJ02Ke0tER-NVLfHM2XgmDAHfuQqjZCRypR1pXl4Za4Kf_-x-3hpERC-d1a6TSpeyQ7UxUuCUekLyJsrXRhtexzWkyWbDfoEjFkZTOqQAdRtsDzj6fOco6-P5bC1nRXBnoUMpEgFGvBwWVuH_GYYL6YEXxup_-7gYoEoNZiw3q3urZTsnxducJQ2n2pS1y4U9EuX6E45ZMTypGseh14ozonAfPpGpbVVlRDOtMMY6iiuKhP0cMgnawUqJ-v2j94J7VsI-k2vYw4YLQmcfa7bVsQfUDWyN7HnHCsfSAFLMBssXHB3sWgvFDj75o9k6n42Egfg2NB8wKhdCS4clEwa3yW6du-LxNWluvyqd9UtOk2i1zH4hoifA76EkKtU68oDUy3w-pPGpiLFwp7yJ79_wK-k2Z1hyUK1SVMnoLzcNgUaAyI6ZShIteA5rTOnLUtk-u2rrKvRzxbV4lZhxOt4TRvJt0MJSHar-w_9-eAnsKR5IxsBhopg6LJoQljwcyKpMJnLJRop_arHhC3fAC9QHf9G0tk5ZJBBc0W-G8_Si0xwieqS_DgTpX2_sX1-aFSJ886WOz5MIN3SxLXDc-UxGYVosfj2R-gnYOGK8xtedPasjJpIB2RJyd8LWG8fJ-KlgyRpWvYgg5PwwuxKkK1iXW3E3XSVCMaPtQgZChXYt-RDY-2Jx1vFfjIdeND8GQN_MOvzc3VC_SCnaM_VyZ_yjWe15WDXtZ8xS7TMU7r2Tigs9nHle5-QHH7nNPLvCzF9XDTKjyeDUmmYWN_rbf7nkM0NZLDOE-jp7vmmrXFpmmw7jOuuzhq-SOhjGZ_1Hn0MwzBw77t6SKpqKCXbA7HQE4mpLU65GW3MxsFHrFjAO-ytoI6x9BV8PmTD4RgUI-GkdqioCnKO8HRBTntpf0JU1MyW2dXSznLIedOYHO8MIuhcQOW2F7PbYHyLZpMweKqqAF1meCEquA60uprTuAUrl0HV9CfR9VKERqXGxaeZDS_tPG-mrCl8fylxTRG4HytGwD3n9kbqeGxkzcXZzHz2nECWh5IkPEiYvWsouJue5MDdRaAzq3qdSxZ5e-stTyTm0NMVFjmysRo57zg8T4eB0ueARTJPCh9mqRW8wfxRTTkiTCEwebi63Xm2qzKwezIBp-IGGlfuYJLgdVNc6avuJSGYZeK0VmMiBgNb41HKPtBm3tWec6t9KeRKBX30w48gWu8sY2cE3gGVBM1gChcU87ZLFBUPP3EDa0TbgOy6Muh8d6EKFloFEygsWMnFKcsdKXrIX8XlauqDzCqT_aT2Bx208a7Vlmk0bA-ygBxPzEA6lZt0G_efXBVtZHI4wDuAReKWRPnp6iTTGKsYUs6TpQKr0rgpim9h8gl0SLMxezDvecRnG5Rf-DoAGQL8_M1gQVWIg3_em4OsEsyMaVv2VcmzqfFM6dZ9hFlU4_VZ57nE6fDUESWMvOjHHlWmqo008Lp4FDQRbFL0e7qMofXFSYXcVkrFJniGNSra2M0hOje5rj_xSAihnlEoJvf_k3zA4vDtK_DDxxRi7hA9RD_OeR3rI1kP2L27RuV3R0FGI63ZAMU_pU42gBwG4-tNdsaKzGBs20M8N7Q-QpL-xPxQ-2JFCnP_c4Ra8WRnPaFCq_UedEX6CqvqsR5_tXarYDK0FLkL4CdBCXiHXzNY4kzjT_RcnlJsbfeWp-i9D4caj3HBPBMl29oUnwPLaChHyvOC_fGIG5-_SQVnXbllwkLInbEX8Fb5RsO0rCFp2mfAg6csb14CMv4KcT3tP89A6Tb0oy_yXzxCNilZHoxjOoM9sFtXi1n1jc77DNwE2HnmkHZEy8BNh4KSufJlWGc0FA2PbhIvWZey2IAQ5b3lqEFdnPQrq3d8qFTlwMPUeOMyaUbzvOMb62uFBWdE37kExlrerVzTOMMKhwLbcgXdU_nDN6fDqzVtfbFJEmlEwBZ9WXo0lm9XhNG8wK346Ry23_sYzPQkPiL_gEeGFPxYTflHvGbyFIPBvzC3XNrfYV35vJE5CNuT6zkmwPJX3PywoUBTzwwcl4laA3wya1WaZjY_hemuDtuHbIWwUosnqFVZBeoa89qmijNultlX6GIwqJjgYkgCkE4kqPd2miFgs8YaLGiJX0TLSsq0Bjz8mFT0smghJhKPMjkqfrGHLp9YBD5MuI7ttHXkGPJF8fHuob035pd7FFFgH2vIxLmsQBqGc9tnHknEg9pKQAskCRxV3rxOz7CKuTzerlhKQca72y4YvjdiNvGOVfoGBuX57uOdgGXNF6EPe6-JXWdOtL4AHku0VPNlkQrmP98ktnHyJqt6Z411ViN1ukNua_mGhNzzVRothEyrsAnubcGjPlYEqQLJW0IGOBz-eHIu2ShPiKU-Jg5OwzE1pcXfaZuRd41rIyQN2TGmO9FWfGxwlL6BwkXz-o3eqkcUWPMza5IXGf-C1iaH8vyL0jsnoAZa8mM72hsIiI3vFmzZXJFUYhLW4A1J6szjHALq_7cI4RIz3Tyrcli34y_JehLXkfdVziOgSKQrLpuDvcdTpMNv6mB7Y1mqWceCqqAgV1zxWUIcEpJL_ALFsuc29adOAIYW1-n94QQwI4DsUsdcquFySkECk817xURYFnTeKHbE73lDEfVQC25HJafFzDV4iSEzMqMDo4pt5m2VldN2UufW98pT_41ljsUz-G5lOvL8EqbWF7kguSRQwKk696ciNeeF_Scpv_FIhMjGpFLT0N8S7bLaf1OvgnXWnBi2V5C9LJmb4rdMxblOIEItqZNUHWNUZMpsSBY3Wq6lHmdLR4EobYoG_gjhyqod8XVfUx73mgWDHCEdsCUZpCSTU0WNoVIi_JUsZmiP8GPJxbVKBLhfZ7jD-x4HfNnVV1j60v-85PKy5DPT_r2xF_cZBc8FiQ1UjCNwUSlgWV8HWh8qT1zQhZ1u4RUw4PzdwXALUm2L7gWKVCJmdP0ZnsrQn6z9QDcg1xgO0ZL8y5fGIwNb2mrTM5zde_1U-ceFtEx7oPn50tekXEOFZTz-2tMXdIVZPRUnIfriIztbG5cBqiFXuqmYUNjtR7QSEoaA6Bar6cSKJuvNbyoTZKIDob1OhvC4SoLLjuBrA0PggZoQZMqizYgmW_aPERjQHaIT-5aFHgjVvAJ-GfGqeWZ45REwvHq8EpRGHnQTB2IXn7PVsOSLmTBNIR9OBkmw1oS7LLxvARRY7aDxE0ET9hBK24sXQmqxJ56DhTCkQ0Tk_UTsP1cniOA6F-z1oR65E9o-6OyJeA5aG8trKOgGudFOP3RL1vDu7S1A_NWZOyCvywkhyyZRVa0WAd-ONX5bpb30dQOcPNoiwCVvhF0yTctRNlO5fP7uwhZrdmauvY-PGZboX-ib2ukVLh5lbHpnhOW__IqG_Vgv_5Aw9KDVqTg4J5SY21Z4kqlwIhyzw7llx1-bNe5tIs26AaQ6GbNEQ9JEiiIeSWmr_PA1GikKCj5B0linu0&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=7514744574299424000&adk=3690638929&idt=70&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 17:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 451006
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:13:20 GMT

GET
H/1.1 200
OK 5zyrr3xpcfb3 Show response
hal9000.redintelligence.net/zone/ Frame 2964 11 KB
4 KB 68ms
8ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/5zyrr3xpcfb3?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D
Requested by: Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: c104b0d3d4860a56c07fff4d1d596827a5e69eb5f27ebdcfc33f7ea17af63a1a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4090
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 412E 170 KB
59 KB 65ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Origin: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 11:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38672
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 11:45:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/ Frame 412E 8 KB
3 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CkMakqdooR5zs8Dwubx1T2LTDth6KujLCWJrd-qNa89k2GDqxyXcEvkYj_uV5oglsr38nQTkOUKfPdLFMrII77sh_XLR_ff5H2xCEFnuD-bh0MXa43s1oJHRqyyEdd0-mSYJZeRIrCtuv00Dsl0T736nUNfMko1t84CX3d6oY481a-9lY&dbm_d=AKAmf-DXcjg6NY5wL2UeX1_N842AdKsuWMPxBStBY-Ps2cpvX72BjLcYCqWabV8G_iMF3OSL2WIftyeJnxDz540dffztRRcieRiGNraXDmGOzySQmyuhwvyZPXNVYjJA0-F2scJ_Ieb-efTN2C59e5UicawZQ4dBSQjlaDiMUMmx2No7yu3to3VDte-KipaFRkn1F_sbjBLZ5-UuDTiC9WZ5VhQ6sSK8VlKmx7929B9vo0BSG47il7mrdFiZsKOzWgPqzqh9-aJ5y_U802ersMzOL76BHfmp-yPg9dXrStUVt0KlxVPVeopFLbp2CxbXXp1wkiq0k0Uy_rBZHXzvYvN9qca_5qrMqsaGgztYHgdV2genn_gjTWT-JlXdoJo_vyh96suneP_cS3UPffZt7zKHi4F2Le8GJ07qE5aELBzXZRMn1F4386lO4b26EKd25f9lZweQxappauWe41LMYnZP-ZXC9BfprIIRPSPg8hsNtYqkWExrz8EhVU3CrLzuSY8BtuLgF44N56kmHwfR6DzK2QAl1IlD886ZoOTG8I0ZmEG1yOnyv9ubg4dKiRJkwuT_0Jy09UqKISlCKxMFt_dy9RRzvBAdP8LQFmSDXN28UJ3SKu2WVrjKRrdwLSdRYXYhYlHFUemC2XUKM4XRJy3WmMGt5565CRrIThKiNzWubGMttX7OSiEYcC-YY8B9EB2WwBwj1_EG5hyH40vBsS9XurwIPuMJfMxD4eXNL7wlDCDnOXBUheJmsAaRwXhxHCk3JInYL7oPAW5U5wSf_xKA4Bm20-Ws8tA49WVA8UdOXmJNjJ7xCZRh8krtLZAY1MkrrKqmaRiqesf2DcV7dE2cGgeyTRi82-ZZ-0XuNBPooc0MPqqHRYGIWpHDU6rG-yGUY9XzQUpsb8PGoLHkL09KEfO3Ek1mSHNAhFqiIbaMu5GXgk22IqbDyUq6UDPqidZX5GDdRK_Yjs1kHBw_F78qW97bqOoxOykqqEYBFjUQ4s_rrMsybNy8WmlegmlX0V7v5BUyr8uECzOx0l2MZ6lZ3YLIDt4HBFEhEqufwXarlyfjjB2PlZALONxT3WvIL9UsqoRfis_bqjQfkunlCi0NIgZay2HnSWcUXOYMHGSoWGSWCw2pVj_qMMzI90SsBnUp1uzVRT5SdOAeZtbidJwW4iJYiWdncgCrZlFN6iCmBHQWq5-aWCSjUX4m24HJXLYi6tVn18cy2E_3svg9tC1LPa-wQLpYaIlr8pUEu08Ms5I6UjOCXtG_T0BtDmdBwjUea-OJke49RsImLgyuElJQIFMGN_dxgmSkDMqtdorZQupOSq4iIm9gbmLNgF1BhSVAWgCb2RVujTaIXhlfubsaJ2CuuifI39UU9nTHNBuQ13esNhIgcjtoaMX73VqhjxDKdXNbRa7QtAA8Ed0VMSAhhMyE7g5PBDbPdqT_EyacZlQxDRll3PqWLA1wWIXT9jwdJSEKKlIggSkDvDlfORW6Hdx5jcwrWgG2NMlFjF3mdQD8evL3s2YH7Gvka2ztNW5P-Uawfy0UWkSB1zNqIX7crqhjqWzZ4cMyvH6PPBV5Lvvm9B-fke5BEuOD4GhfsPdzf4ma5RSHxXmfYF3y9J3JEBlc41WxdRh3Je6gOGmBnaUf9UdSlWhnr1pwrqcrAd1bFGK_7h9GULOuyv5FLmONWT4xQnmwvfN37P2gLssQ9ZnjjO-btNe85ldR24aGUqRbo9X51InTb_7pehavJOzMYxtrEwfahv67gdMwk0ROUQmKsaYPhitnswRKKdkkiYFAYXlWd-5IARwCZXirIpEQjEqDxBWZQObsfWwKf3wjCB4cgl7MCf5Kkr0qnrvcLnx-A5ZdABUPQtPQNid3GU7pt-l9V4QRbtAQGUp9ZYtro8WRLdqYFMjprQg_yYiAYZA105xm056P3MdQ5NKf4OrQqqczd5XofwJXlbFQbzdfGOexCcVbtI4V7IOU5IuXI4UD0xZOsbspAXxaJR6YXOccdXuRrUIzXPRic7gvPqJAyDx-6-wVRElg4ox3vfgb46_kcR0avO19fM9GWIL99bMeAQb23rSLloNtFm8LvDv61kur22vjFyrrDD73LpFcJUJI9W8o_0TntqHUhDeYSUmWedQcbF6zYmn-XS3bT7vrodqNM3PhSk-yiwMhFK2lTImkE21HcRX_BTvfhxbp-goxPQmCXHNhRMqSZEB7bj2Lu9Qa1WaIuCULqzxw0G54TNVzQJHK3zCfes9VIYYtqbNvrTFb1gyR6RCcX3BfJ-4Tq8Mkhkirhl4sGIf1nMa7pgCVSH_7YbynNcCB4gS54G-F3Dem8MNNA6wK6reDxO-eA6Vw1BVkxtT7cohpOAM6ibvP3RrBiz_A2FAVq0FZbMoaHdAyI0YkRughuwYndqCQO1fbwCNmIEUrNDnetsvj5ZMEpmzw7GQwktEXHlriWX3aLhVmOTniTfEiBEnu-Dp9NURi50ferczoE67iwABsdnLnKp_jvvbFmRVGdXe6c0-RIyh4uUr4EXedfgO5j5HNRt1GbWJDrUit9f36qfLOEpOsWxSbBCWEsBjLKJK9aFn4Kf32EEUHj3cBnQaylJ8tjFX2IKxOEzGVcWEGBM_MNz_sfBPkP_occxcn13zR-EXDZqv3V4aJwqjU0KHC9H-ZAODFzxOy8bygMiRkxvOcfLpIDqgpGkPI41wPuV7w1Or-jc-dkId6Yggan5A1oQ-F0i6DL_-E5g3tS87CV6vuXp-d67ppHOOtWt_vVHHJXsnHct0CqnE8JL8InXJn961d03_9MCEqGs1jzMcXUJfEKkUSkeH5iK8ul_NuYcG0rAnRBcOw2PgaBom-mE4IkmotW023Pl1S9s2v85B6fUT7GThgKFqv9h9AffEB-OuXY9qQMlpxer2nI0Ooleesgomh07JDK9ekKh2dneBU5DD2Gg284yrvjSgJ4YUB0mU3OqNzawHBCGnPLB3lj-WbIXCQ_ZaWXL_v2X1ncUmvzi2xQmzxGVrsaGA9Ub8SMqZGXvg41Un3qojNzFIlJL9B2NmFDI7tq-qvtnCjn6BL6w2EvAxP2lt9cguL_-QihElRUVKKdy99zGdiE5ouY5yeLkD4U3SW2kKyYt5WsTDvfIM6zts37mjBh5qSHlYcXas0W0j5b8wk08tym-MfvE5oxIiN7QhRK1JrtJ2gE06MwB36t1XY6nIpqVN6vQxVWNoaC12sHDPq9ArWeabOzL7puJjz4QzFW1VdgIxBQojVBKP3LaqFhkb0gu2Qvf1pZ4KQi2YqxwG1oqTcXsAiwTxoI2JSLgO17Ms1ww5FKdj2kItudbPqJ2TSAOk2&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=6358083363451280000&adk=1033480531&idt=64&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12507
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3023
x-xss-protection: 0
server: cafe
etag: 4221495933888618527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:39 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame 412E 28 KB
11 KB 31ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8294f47c10ab9172680f9bba780fecd122dbec7acc578a6973704c97903a8915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12508
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10818
x-xss-protection: 0
server: cafe
etag: 16521218800250601078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:38 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 0B76 41 KB
15 KB 31ms
20ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 17:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 451007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:13:20 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 74ms
47ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_2023021601&jk=1862931492513658&bg=!9fal9qLNAAZYlHKzeJQ7ADkAdvg8WgdkbKZwTfYHGgSLK0-7P7HPvB9MiCjPfa9wtSzRyOQ3Q-24dyImD0bO_71dliMoSYgbnToCAAAAXlIAAAACaAEHCgA9v7NBf3pcDMElwJ7dDEivOa2I523A7_PDdwXyGJ-x2dikUjyAEUisgxhYhr_YwknHkGD8EjJvUq8VWdUkeZkCoPXIjYN9ghJT4SmTjBtw9jrUjzLtSO1yCZvPFpsPimZmVMbQrtIJHK1UScPnGI1amcArT2_Tg1-laj6NQGAq8t1qf4aY7lDH5vW-KsV05Fdm7ue2QQfnoBUYjJrwLmuu8LMWI8nwZCyv0P2l3SndYS47fRmR9vdSMOsY_8OZRmYW-jjag43oiruOFyU892V8HTL6ADAaLIt4Pjj4MaPiW2bNPZkap9si56cMK6iiy8j27PIeXJjcj8ovIZO4hLg6vnHIeZM7-a8kjMpgMOP8bguVQH_XePTBRaIihWSEQQWbKhK4Y_bWBliZ7HkJnefK8F-6lFrldgoRhw0bfCUmzqu4GbGq_IYpZ00scrmjqhrgPEZo76WS-i-ymwbT9SuED7AFsaNTJPCX-GdWQegElzHrEqPmKlGiEyOwgfRj4fnrxlIyXrjen6XK0dKQtZY5lBjdHn4tprk1TUbKfZhvbA4ek5VE5FvOdZBhw82XkeHPzI7z9TAMLF1pxvHpHdhp-xEKXpJaOwrly6aAZ5wzGV9A-iEy_SOIDryvSo4XjtinAf2_KTDDodlYYygIcKI1fEMJlQW8nR9pI6h5_AxAgeplBRZTb9q_etw5uKhPXoyADdq1fAOKqs3HWAMetBFMjj6vVfkClLMw2N6jab7O3q1ZMEoPatkGHcdqUWOwBMXbHFeXqF7NxD0a91muUPQrmE0iu6h9c-8VpZOQMVzHCiuTWYf2tPldUsnZKnybokPX9i49nzyw8K8h9lJJYxMbiNQZ4zaMvldH-JJNZe1RwVtB5ZCyoYM2NxUHhvBqz80Wxx5TYtiINkzXLrsEoj-VhOzystbD9pn-LExplnW1l9nTWVuBAqF0J1X6hFS1yKeHpOWHFUWo0vznK8aUEyCKaA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://observatorul.md/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 72AF 22 KB
8 KB 30ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 451006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 17:13:21 GMT
expires: Sun, 18 Feb 2024 17:13:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 0B76 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fbd6de851ede030dce80e9796da65a1b45754f4ddbbd56a06d525508f853b77

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 30D4 41 KB
15 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BiXXSJ4E9PpYO9aTE72aWWjZ5yXeemc7ZEc23u0LpSJ8KLWOVUCx4WBYFokXJhlcicidu7SDFENCquUTdr5wbZWDrJM6ydb75N5lPwtHWKg50tDw9-t8CBZry5fpbDkh4TK4SP2m7MwORaVE9M9NPSn1iee4uctbtldBv5QTAQC-SeAkU&cry=1&dbm_d=AKAmf-AZ4HZdNTPbAZdIwep3RvoQr1CjjW7qExP9PdHk6Mwkvq5mTTwheOQwkQtWUCW8CzABTt3MnGNoCJKJzZDrL_J8gNgQmPUmZBam50VAiQWamL3v8C7u-JdLG3mMpcxuCqtwFXQiHPqPAtkCJDx03DWQoe5uKl8gRi9hLua-6oqubpUypmpME5jgu_8IUfMjkE71MKdGUq8nJA7bASv_ZRJsDzdmudLhvSeJKw8mH6qAnDpmnSEo_ugZ9owJwNtisRZrRRVn00_xI_d83mxfqtfCBA66zGtFELoiA-AgfDmwQ8hSpNVGe5i_fIq9UGCMG3M4Oy_QxcWIrKxH2hwftBU0I481A0kIFea3DWPu-Y9IXck23d7lTHsAdZwO-ks6B9ZZ7sAtOpIk0DT4MXiAZ2_qjlsIQvBTdJK-8ZudZ69CmLOO7zyKqNQ5Moqdij-Fal2l5RgOq-yN-IUuVHSquuLjgcthugL38N9fYDaFnTS1pof4QwPSC8mGQP0BkyhDQfdhDsMdsRbArFDiwwu3f2hINz2xmnWC0YzgOGiHdzT4MHz0Vk_1ZjhGbaaXQCZcbRkJMm6YdW4r-gTad4vS8zTK_YDgqSMsLVko-lXHj8YvYTeDWnCbAWvuGHoi-1c9CazaFXDhnPN6A4QThc4ghwrc53d2Yov1jLTWjC_-m7KsnPeglvARpUbMF5csYAv1CqZKOweCrw5fzsI5GhCF2SP9NDWJbtpeJtvZjVlFgZZ8rDs5ZR9IkArh830xKh1ciniSOxqTrsSRQJe8X4nhsJK2td7mba341EYirzjjDY800SHpXE76-ihwE_-HXhjCmgZ5zb3WC4U-fmokEn7aHkam46zyU6MAy5RnL9i50lBS0S4sQSunIHCnYkZ5y5oZ5-Tpw0iYdqup_MplY4BXh8sDWVrCFXw_WqnEcKI4wmTJfCBTE1Ped7xiMNL9GCcv_8GS1B4-rnmkj-p5wEXntgxI57CSOczQ9B2Twc0QXxPFVq3GPLUriVVcQJq5wHnGtYP_-rpIULke3VoB5I5Gph0sgBKm2P5qjxR3NL2croumONq-NUZgjUI7dUOrJGuzzNJIAGv3g930ZYhjo-XZy0vXx6wCMgCVrOsVa_6RDPR6XL00_N7xf9PBsNqqJ200U1EfMKHHMZE8GDVoDrSHZDxFo0pC66pCqZRIvtDvi5khiRH8Ael43uyRJzEl29GY_bSLOm1oR1yIhs-Jc1bhs7m2xdl1YWZg3Y9ou78sRcamOMUw1lmZgb1Ue1RXroCvo4pkplB0SpxblK0gDvxNjLA5huuzEKmn-3aqPhHEd1PW0RFzVgACiVotwBX_doZ7EKX6gLUatAI1slEvvPOLK8JH0nbkorXTNdybTqltUACu2iib9CqnwvE3zsDKvrDCQxH2zgjoOs_5-na9hB_dZOVma5b2ovGqaSkK-fDXdpLZLc6_AfNugSMGx6QURJi4KpGdiiElHgstISr1ejr_ELbG9Qm8K9OWv2FQBhxLdrsSnfUNlvCP1qYfipoCghXQQKdJo9avgzgiW_wqObjjoY1_oberH-v0seCaQ03CI44Pm-NuWY2mlzpIP5FqfjVeYx8FjuIx96gX3rv9Z27As99iDnq1rycWlvAJ6aN3cdDeO0RTqQ2K8WjU3ysqJfyQUTmB0Uk2A_Ys5ZlW68aLwY26EeftxzyeRCd7mJfQOMLrIVjJfgLSC8iZPBv3LzLB9X-bgicDltjzU0YdQ6f2H8Jmwv7umNGsPgssSPY97TEMWJJ6lnQtVE3dYdbWcz5w-94vkQ2EEWoX7E43QbJ41AG4T2bn1PPyxeWLKSy-hWWWSNfhXCdE34e_lhJGEHc4iHIyum7tyVpa5xnW1spWNhsXVY351Jl5rgIZ5pdwyE02qZG9EnQFEQRQ_-6EVpY7XFdPpX0_O4139hqVd0DDlnNx9F6YImfn6apMp5rIQ_QA_Fi6qRQ_Wbpp37tpo2P6eZi_58QTpLMsHyhGW9IHqczjwKsJ76Y1B-wSzWX8-fNNC-p_EPTlVTwdCd5bC4r27jV8euvvP30fYQGJ5VfSvdDaEo4V678K_cHqG2fxjXPOL0gb-yHEpPtwRgXukDQoorE2-_1SVBtTnzd5pVNjjegMidu-rCr55WmaludVZdj3JRMu0aDsR4lVXl_-16ME3OWlLFZ--bEGrHikO_dD_F35PMthOwzjCEqs8K22uiKWhXcFdmf3K2V3bwSp2JVG2t7js203JAdmeYEQo1K6HCICxvO4SU64ANMe90VoaHDMh2qSXGkLb2gvjuc7Knazj3OCkafCU6qqW0tibzGgSDFEzejMcTRIpzjK2f_3xN7g475gedaP376QGtleL2SwxrkngtzBg5uzyJlgiq3ZNQZJg0RlVVDZ6bkyhqZpuMNJvhjXokENCinMHeAnFE-geOA3cacqFSU9WOWcVTMaJ6loWrcctpAz4HB-C9tDD1HndsVKg3_ZUgJEApWTA3g_bXFpmw2EuRccTYFeh5hy6XXxQ8MAVWjLdeuRYNkb897bwDeDjGTLQz_twyspsglrwHbU2K7MJHi4ddT6SspVWWnbXXf4oLQhlQNN7_y3_9peXm9aTLA32Prr6DSVR_R559q8IJEHMkkYTkw8txKggXzcSSbRSzWiKDuV9Y_yZlPJTnJ6pzvX14XMqe3xCjvkpqZEGFdVsk4TgOPijEmtBAwwzcA6hKhbXF8bklRv2kypn4zWLnT_KpMfS9xTi9dEGUJfo9y_z436K_TAzb3DZ-oVQlHbg_GWy1uGZ_GlYiWKWgByB3mYZCWQIq0hirbP8xDiWb6hOVS9wzwR4BDJ-Q4kDGwWcFzhUi74mF48762D4dCexbsZCsh08gbQvjYmaDNaW3oNCC-vm-qgj0TUXiUEuhH0kSiwW3PgEd9SPvIJdC7Mmfb3fJG8ByCJLGsmpX25KgkegypjHfGYUVSnMzKZcbZqkX65dejZuvuUVqrkET9GmQdi-FtJVaa_EAsvGk656SEqID5gjUee38dL-0kaBu7LbGp84XqshGWITxg8zrEqavZZFljA94BaQvVaybreyx9b5YCDaC_xRLpqU5uavR9rDe0JDzICBjOBWqAXMJYSiJKhY0reK1BHw-5mGS3W-iRJZfW8_aF7teVOlKwPQ0L2WA4vDg-9OrWPENvrR-z32HbeHW1xGTRcUubHLuQ6Nt2aLjoPoyjvx5Nweo4GNk1hlPrJI4bo0YJw7pCLoPTiqoui8U36AfI7P21_ckbr0TWbMjD07qZY08IxO8Y5qGas1WINZrnvfwbGSJ4kpnRGdPo9fUL9Gd9U5c7-8xuQkhDd_FE7gQS-bvCMdTlhkyvjr6oY_PF0nnuasJg1qjBjk23ZwBE9t0fiJg-dMfnl9LaZ0la0mCRbh1oy86rFHE638-NcPCC17XC7PNytADVjzEUeXYt0niW-6rzs_NUAvZCON5B0Bk6dnaEos8Yhrx4G0whAlwhtiui1unQsoyMBtsXCYfVKObOcOSyDlzxPp2XOqR0M0hUYltW3qR_7z8D5jx3ye5Q6QhfZq_bTHxkNt9LJeqX9kziQRrGX5d3YgzpVm2_iml8tkLBASm2FJBQbJBr1R9fUPvUw9txMYA6oU6TiSkjQjFn-yOTdSax7137F&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dc_eid=31072035&dv3_ver=m202301300101&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=13143234079973513000&adk=3037181500&idt=63&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 17:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 451007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:13:20 GMT

GET
H2 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame 590F 170 KB
59 KB 12ms
7ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Origin: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 11:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38672
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 11:45:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/ Frame 590F 8 KB
3 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ACJ3QhRBeLKTE-pQX-grR4k8dRglmp_UP-0ZTpKX0fQxanzkPwzXkgbp34qtlgFwo61jJG0bAcqvT59OOm0R7O3dQN_zIucIzWH08pFU7b-LESYajDxgjb7kUKeOS8smeRqjLZM97e3qJQiSKbh09Hb8yvNbwKLpIgN6O-GT-jeZQo3NI&dbm_d=AKAmf-D4SVo7LFGw2uuDtD9BgwO7U8eqlyLtHxNHhtWyJ-FBo5OIrEM2AP9TPqIE3zwk2MYI75CrZZdX689cSE9RWzGNKFdgVO6aBEuAFx0rD-UIgKboPSgLv2rFUeJ8rmahv5bn9F0socaj47LDrypMaHA6f3Zn7ITj6n4lQj7W91W7UCbJ_etXFZNJgeC4zXPX4X2Z1f7XrOJNAfv6vMKCaE3n0b2wrFMA0JrJVYYJ-BSCf2--DwDOoVx6kN4lCGO5qTbH50nCStLjagiwX_LcNHqMBvfcNzYBp7zo7JLJ3UKP0asi-GtqBtH1Mlw-emcPUJYxufJ1RzGyk1elsLb1-z-Hbg29MUHlQWYweT_9_Xgbq0QSw7uRm9rpVfY4-DbAOOD0l0hkeYgTqWdEkUbT-cBhZJeWwDeEPpmj8ZDTJ35M683WJeEarZ1NJFuYWSIyj4S59Czsyf_1QJ0NzI9Rtr6hucEe7_e4Y82Vpp4NzCgxwIWEN9nq7cwv1tqwTHmA5R39c2wbqrPAuZOZ4jqHJast1BEuQuHGc0Asi0hATmwcOESVoW5aoSpxPkwuQnizh4wsDSJIK4n6H6Saz_hDwxOsQSsgAeav3BDvMSP9i_3cx0BhA1omtWmyR79pMmilb2BswUm9dWsA5KiewrH0zCv0IMbx_i3wlkigEroQ38VIT6aMMSHtGCTvCHvaibCT30Fl8NhtvQRSRX3pXkuIwOiXkZ8cBRLlYEKDQciZn0z_-i8GKLBTyRMg1Ifp9oYjywXoAOvvVteqnnOwz7MxbrM9kmYWCdcqcyuNwlM4vlGZhVxS7fNgIOViqhM9Q3zNWx5AGhasUH9Jm0LMNZ_mm94TNhL9xEN-VDF6LmjagWzz4hZ-7N9yI5klPMkPz7hg8HvIXcUYA5SCHITdpVS3lnyXgMZL3BJ9KxzSBljpg11cYX6YI40ZJUl3ARP6ngZMHyQ3U7vANZpo3m0AKXe4AfHEv0fLyfDU3g0NFItdotiKb-DgoAtOMToz4-pRCM6pjBRwNq0uKiekReK3TirVp7DUp7UVI-Ob3uJj1kjDVqQs8xogZ-nUS0H5NORJedAVfl-Jf4CY3QA68H3JHaRGtUkzwXJuBvqOFy9X3QvJlkuui9hUYzEAujpX6ZwVuU7c2ZZYgBPVV-MppKo545YIOAZ3x3wqyb0wWkwFNb09TVGlHuVh9sXWwB1a5e_34I4Ing2H1mc5ZpAVzGFxUc_R93wXMl3XL_fCSNnj--GiQRHgEOLeDdMYQIZygVJaKB6zWXgawXYQ7pb7IThpWJh_A9yawTojjRKjKHyD1YKUOMVybBzTr98JdXPqt_fnGy9fqiRvu1CfLeEaL7-_oSgkPJXqQPwzfTGRvZj_uXVSpMwh6D9232DsxmHkLTCXnNAAhY1HcdeBQimMwcE7fuJIjacdbE3bSF5_ZZ7VnJ-usx_kGYZGovM3Hwbd3N6B3k0gAEjeL8HglKYxneGmsHjuC90728X_5rtGzErzWmRyCpyoTm48uR5L3-6cEEYi2antbAsTNsYoeB4ZqEOxk-1r05uUKrMZk25Pb26aUOK-bWXZdROGrfo98y9Ke4ctqk2XxVriIpTM5ZBI7TeD-FnrFS33NvM7C26KSN8370MUm4dG4PmlXED4pQyF_SCDl387e8AE0QD6T_odrxc4C6dW21S-FXSQmOzZ0RaVpA2tRY4Qf3MAfeAKxgfLhDauUuL1ai8mRZ9bHN1M0X7VtuS6L6JJWlTPjZBlBzgVZF8NVE2TNArJa2xfv7tI9fhCjdzxh-Zf2NaUoKApP61EXQb1Y84uEveRmkvfPiPAuvtXD1uq2bXdNoWI0fWPwL73DTdWpV7Vc46Jt1cHvGnltFhq8rTlJUqazjIzRqwdqgp2w27EJbq32alNM6mrgsoY_b_O5JLnQY_aPhFsNhwFJGH8vHNWMtsvpujjOhikHLlx98yZ2Y0kO9U3kR3GA14WbnhXjcNkxebokXEREvpnRT_jx2o_EcVKfmK_qRpLgkGzcMTYbJdp_kDUZNBD1TRomX1001t1FxwfPOdP9cCSyfz_z_tRHjrNUHPo3lh5fz9yb3sjdp5wrMTjJiVsyzhdgHiYqHOiQXMefub333QUEVy0cmF_RzZRFUtE2y4bTk1T7cpE0aXP3_UeIRCH5dNARTVNFUPTs8CWdM5YlYyjBOuE3UXgDSjFWMb_G8xv1YBMCFqmo33-imUB1tr8NI6pw-q56VSo1xZM5xHiHEE1nwnHtnpbDgqFEy_PqOWeHcEu9qtnqQK-K4ZuJTbx-hpp79qCSMGZToF7EREmOjMDlhSaGMnKPTdc94M3sTW-ZwZJWGEyae9hyj4aCXI340idXjOz5OG-JZBJqfZsrHXW3Am_lDGQ8qqYFl6Num41hq67cI8fGidB_SgW08WVZxNM7SIkZ4ebCOj1eexVriuy1gRgfCIS7cjgS6hMivHhuacpLSkDBrkvSxqWiyWIkoSwYsUCqJ9bFCoQVRF_wtn1quJVM0S2QfIZ2zGn-OqiwHZyeC6OrxgdbABjtXezquziolwSNFptMdaip9_YcteTjwJTQjWUt0QobdMPe2MGHKegFdmkJmbFMZME57pip8fJliO8Xt9q1-BgRPQrqbvBH-NRmp409QvHsQelO-WsA69CBCHnrRmRsTokPp-ImmVYLCxxYF4xZvbb6lUQw-UMe9zEFhzEOQKtJOuZbQ6jNGnueum6v4uowFxd_y6mKtFzsFHXt329iLtRhSydvIPCzhXFKRbgOKqs_8uhFMcqGTPEsLZzqa8H1SAb2xgvFYOFQ8IqeYmUFwdSk_RoEpzV8A0AWrd2GtWyc1DlPxyovT-X8s55VZkNzpGv5zl_Y0EEjwtOcgBIenyoXbe33Ae6r3Wz1G2wjKMrnnopZHefm-oro842NQ2nrQCOmcUzzhQVoTj05-wNdGsz8pFTRnwEx7CtSl_mxUkcOfr30U2U96SdIMV7Jqc8JMOqkeNG4SJX3KpJWuyKW0xMjxZPsDCK2mKWl4xwqgRMUuHArV8lbv-QkJgfp3rKOCzEyrTbywOvWab9UY-wCxSDyPrdMwqBlA1cSiMD0KbEX_EuUsqefQydoDxpCpFUU6nrobJcvL4QlcmKiG00Pnv2taKcrdKg0-rP9dVfkAqE7frvuHmlqgVhfeP0UtggXZgUGmQqIqv1FBRSeeCZfkoqQnMWIBBkaWP7r1rGM8GhgcuqdFq2_cvUvgQ-I-84a676RWsgDbvyCGOVX17qXpY_dUWM7NEmxaXtwp_67-gNZl751-05mEWEeuXhAHgXkqaX6YLMuJV8zCL4cdjRc-y9&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=14653678245303700000&adk=943508955&idt=88&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12508
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3023
x-xss-protection: 0
server: cafe
etag: 4221495933888618527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:39 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame 590F 28 KB
11 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8294f47c10ab9172680f9bba780fecd122dbec7acc578a6973704c97903a8915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10818
x-xss-protection: 0
server: cafe
etag: 16521218800250601078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:38 GMT

GET
H/1.1

200
OK

request.php Show response
hal900023.redintelligence.net/ Frame 2964
Redirect Chain

https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

88ms
74ms

Script
application/x-javascript

78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 3639d369e9cabef9cdb223d5457a37e9e1b6e26986a8e460509beaf87fa41408

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 80764500171863404445002012244023
Connection: close
Content-Length: 1304
Expires: Thu, 23 Feb 2023 22:30:07 +0100

Redirect headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Content-Type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Length: 0
Expires: Thu, 23 Feb 2023 22:30:07 +0100

GET
H3 200 html_inpage_rendering_lib_200_276.js Show response
s0.2mdn.net/879366/ Frame A267 170 KB
59 KB 11ms
10ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Origin: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 11:45:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38672
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 60311
x-xss-protection: 0
last-modified: Wed, 02 Mar 2022 23:07:25 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 11:45:35 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/ Frame A267 8 KB
3 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BQbeSnQr1fkATynHcXgwWxKCDT1uW02zXkKdOCGSCErnumH2J3Z2ZV2566iGyU8iiKHnf_-xHkZqfLln7wsPS2rQpnno4cm-Al7TJHQTWtK_hpaJTyMdNCLfcDmqj8Gc5bHPXP5JxRVkXHN068wlSk1S90pt6aAQkIqeKb1gpRMihc2cU&dbm_d=AKAmf-DqM7ow3olHln5Ez869v_yQ_xlfO3H5sp8iSDb8SivQ5ZpRmk3iDNriZPZj3T9zD5KUkf9FMAwc-1VZ007BZSp1Q-9Lp-RzEn5UCWeuI7gzvtquF15R2aESPDM0GUn3wBuKx-uDTk61VlLhQkP-xoBpMoGCZP2Z-ieqbrfVDzWnY5LKZeB3kEQWYM4_Sv8HW1qLWaJKKym2tpCda_uokIiCOPXEsCKfkghPivNbcldPS9tJDYPs6w-DV7inuzapf2z6dVE8sRSzeewWTFL8aB_zVPVGMDwzYh7BrEISydnxboQ4Ic1sczrRExUPce-yMSJQsb5X7mfBFU2rnBOppMdGxR-24heeMBI5iFeykbV9plAg2nNyaPjDq6TJnZB4_jOg5ohH45dDR2DeWTMBc2ArkeIEzJVGd9hj9BMYXmlFh65eSZ5Tcwc-KWcIuWjMsMF2_dtL_0gfa83IWKrZd1Q0cwIVdRRSNX51Gi1mvvCCLCXrXyLTKglkQrdvpEMzR8aarU_01X5zGo3ivMl1UWUAt-m0m5H87ITHlouPmCTieqCjYlfKdwJSrJgzCBd1ZBRamkIIxF6BTZ2wm3KrZdqm3iAGrPYEP8QMoWJjAZcs_XRdAWNShxiXSJXwSMlzh8RfKr4k05wRbF_7CXScjJ6t4F7kxhD3mlIkUhYN_L_TNtCZHUPOssLzKG6mOuxjqUd45ZAR_oUMUefrzbDdFZKs7AGooyetMUZ2rVw5gwqnHIa9ktp20KMP--Pc-BcG4_3phVExVSPkzRlRZNrPQd-rGsJsfPmncAW774pcPmtpDwjyfGLEEWH-s0tvIJQrfxx6TvZxEEDjc4OW6vOidJOlVuW2giv2BrpbQV626097sBjP07vOQpS_4aTNInpHinx2kiQkFezhyvvjmNX3VUpi0V2mHpVphGz95i6d3h4dkruW4Hrpl_L3HtjuSlDwqqafk9XpFReCLkDm_a4M0dl_LbAg6YdEtGVc_DdNPOxZBuEe4BDWkQMJrouPFS4E6yR1eMOIvrRFHI07NeT7ullbRHC754IOZ1hmFINJTlDiZSgnKYjHAvEJwTaZFhWsj-DVWPkoUvMBUWYB3YYEuzykAkfYqfoEata1wG3Xu4JuNrSLXXqiMPqimreUBuBstLj53cBUQLvpRkiisnSJFu0EnqmxOZqzBG3LR2Urd4MMyrvXE-sMOqqjOjFvVESXh5AgxoRYD8baCmdLo09b3cmAdkME6M03wp5EjVOpQo4BBwtiDcAG5xBdFXZuRRi1Pr3-HcHXiq6Ly6AMbde89-SLlzxE6iiEdBvuiMb6TMJQil2QLG3gbfMAzralfBre11WCOtGn8s57tt8MVSuNHP3WuoHgVMAzvFuiqmLo3mA2pr1Sjp8tg5jdmakP7KOjkLL3DxYFQBoUlW6C_8es7l10nSDRXi_jiC7F2pdXDjPS0blmhnLasFcFo3is17EVUjDcHi9YlpxHdQQ7V2Ki7DrV-K4l6OcIt348-Ju1e-TCddaAvi4_7T6g9GpH85dTH-aOTHzOdBwxITKdRBGoFKrWQ3Wk5I3jHfGMx-l1VnGfNYALWsnpibVoFJD5fsaurx4KvUPuPmrlSCFXgjIargGQ_1XFBcMWFYXPgKr0zPpkWoQeTlo5aVxJtaXcfaEzmvjcYag8lqE7a5kq__Shq2PKLA9giw0Qm-7hER3QorhXlYC6Dx1RegU_TscYhrFSqq7XA4TNDz1lTepLS8SD4Otrxgyt4fjLLaY3sSO_dg4Wdoar8EbU0VF2bzDJ_zo1rgergaFG92w2D-l2vw9qWcqjKN1wXcZPhoP_gp7Yil7Vpvqo4Y_tp38NQNyPYd-XzNS1J6pUlDpja8TcezwmacE0ec59S281X8biF_v78dUn18lkal8Q50MkzaeYflkc-jW59VVSY3NX11aJ-kfi4hyb52Q0kxGSOED3Plsi0C4Fvk47GhCo-62dPCz_PFSnyoeGpEndH4xgUq5JL5WKijGhmJ24dzcNBLRJPkVa6W2T3hRf4PNfG3riEtfPhKZM83sozBby-yCMZNxX_H1NnSircDeGgahdZRFrSt4yDZbe9VP0IBR18s8bxXQX64gMKyTj_MbVpIkg-JGM6NIfOo40hllvNlfoRndAmnQlKo_oe12R_ns3k8oF507eQFEfEfXDQtcPf_O5COHwiPdmUQSzFi1vubHqOEvSCA_6zok1rT2FeP7D4UfrjjwukyLManwMbQ8x3yxKanA4W6KS3Up-uhi-wUZ7CLhUOKWQzhRMpEC_u4W58oXwAp_MDj4F-0T-Ut1KPsn4Ptf3alyESjH_iBPv0YSsZbgQzhcrHS0BdeQ-Rc3Mqm9APdmYbdQEtJS5cw4XPUVcxx0LxD8uxvKKKstRvOZAARoq6p7XrlPG88ma3ucJ-gFSpNTw9HA3LPOwTb1UndHmmS4sLzAdv69ykurYwzl_PB_mvu2f5bV9H8d74KpT--DCJi2-cyI85Fylm4Gz-Qi7FSaPSHe61jTTi-203BwbI0_8Pg40TxdYNyt-w4pGVejOc7c2AqIN8yn4MejamS6xFwiVZaJg0rpSc6xtdb0LLkmLGSz9gh7fXjhim8z3kauzkZlf1aR-ZTNfx1P_jSmREprPDo8IGWWkHShYUJ5qI_RlkA5uv53Z5RCHmItH-hwBeIDdy1wEeyRab-5ms-k6N0OvteXnQmZ2PWL1jUKVe1MRo2jdxCOzS1rBHZ2GXnAPxFcodVtolsqagWi5slWYssLhY3pA-DgyelYciR6ZQzfDQHmj-T6rkyBa8rvQxESoGkehucsYWm-3bI2u3AsaLtW1RBwZA5JFzdmG8ubAtgi6MPsBp5i6ga0kPc_8zQg2KNdTUpn4eKerCjr8clFJL_jAhnzRQfa-EIxJFWSywQtUBqhL0p3Y_0Gzzq3kgdUzjVrH1HrbcVjH1YISj3t9DyDmpZLxZiqy7qY8cUtJUmD-tNUPO6Stu5uIPF6PGiqirCVFft7civr1PTUpTtGAj24U-FjJRQfWGbunonHP0JzcN-c-Ffho1u9NcqkeL4nUuLKVz0DRRYO-_Xy7DnEUgi64XsGyhaIMPSle0UbUEFzuRh_mgDJkLCcMBkTIRlkExKrIE3Kj7W0Bwc1hh05lwILKmSiR_peepPgegBKJ1YCz5BIjl-g_6DaaRnS42LEsAZoIrWh-AHYflbTNqhD-22RXk01NK_O0bdRWT1Vz36M9eDie5_09HLn6BWwSfmzZF2VJheCxeRbcZWwr8nYYHuy8u39vBDCxoY_horEiKfEe112ukxValmM-fQ_MXkhMUQMhVHsJPDsgrlHv&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&dv3_ver=m202301230201&rfl=https%3A%2F%2Fobservatorul.md%2F&ds=l&xdt=1&iif=1&cor=9684460018107953000&adk=4188270525&idt=70&cac=0&dtd=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12508
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3023
x-xss-protection: 0
server: cafe
etag: 4221495933888618527
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:39 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/ Frame A267 28 KB
11 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230222/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8294f47c10ab9172680f9bba780fecd122dbec7acc578a6973704c97903a8915

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 19:01:38 GMT
content-encoding: br
x-content-type-options: nosniff
age: 12509
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 10818
x-xss-protection: 0
server: cafe
etag: 16521218800250601078
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Thu, 09 Mar 2023 19:01:38 GMT

GET
H/1.1 200
OK iju9wczm8trb Show response
hal9000.redintelligence.net/zone/ Frame 30D4 11 KB
4 KB 22ms
8ms Script
text/html 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D
Requested by: Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: 91c2533e381cf3eb842729f4a568bb42448cd8ad1d482030a4895015e3015e1f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 4093
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 412E 41 KB
15 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 17:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 451007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:13:20 GMT

GET
DATA 200
OK truncated
/ Frame 412E 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a70a88437d8706145e03db3bcc27e337345411e56c03d987067c7cd2bf14d804

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 1862 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 451006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 17:13:21 GMT
expires: Sun, 18 Feb 2024 17:13:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 5023 115 KB
25 KB 33ms
16ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b7733207cffdf30a54d5243350f4d55e696721a83a3022df349ce7ee17cbd3c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Fri, 23 Feb 2024 22:30:07 GMT
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 412E 0
0 151ms
63ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuizaPdcUmFQzWw019xmR7-d9AJuxRo9S0OQzCFZ4ZKVDQb0Ua3PcohCIuPcGnMf66-SPDIpJ1Pr0lNv9phRCSjKqTVRSdPNxqSqOrIRZpta0nPHJA9UyL56Uc_7d9tMBuorgKmkr-aSx1T-W-OrUmbMTsXW1pqAEyv8qL2VaDRDmm-5NgL_UGzyGfArH033m3qjMXdUDaB-vg7yZbqaF5qlCYCBFEG_LK3QnDZP5dH0dPZbohIGAEXzehGkaY8yt-1NtrsaP6vtmTjWoys_JoVbeaJ3l9QO4xarmBB5kwH720K4nqy-EB-j3-IfEUbyXRr6wMfOx89QbK9CPJfLRxp6aum1xSeXPIju8d53PH4QngiAncyQU1k5hgbksPF6Ki7r26QbJmHgIbgEbIsT76USwJoMd6gaK0IFgKuolbSkGJToQ_ZxUB_Ht9CKyRtnVFG8KA7AD735xXNN_wxLdLXA2VRcq5kMVB2ED3ehZ27GPHNI_BtvhlWlge5Re8PuDKSVasLErXGYMGLbBo-DVxgT2RzeCjMNM6mEPhDU73hbK5tyxFdz-TNrMK1hetLxH6Qgep5qbniSpsl7J8x_kAttYYx1gKjwuaI0XHqMAymD-7BhuFST3NjF2szPLftPeDlUUV_4l9L_iXw6xCll_w9O4YbbHBLTu1WZPrXoj3k8t5KHOytBpF_yKapnRrErJ4GfJS_A8pKyjmpcBDzxg90tdjOiNSPs2k7a4dxZvQKQAlCOIlfOmO0ntGZiHFCjrNjm7rMCoNG0tJK--Btlm-5KzcxR-yiCJ_zBNQkklmM6qOj9Pj29-LWd87j04XIqn6ZPt_BFcV8fsts8Kqaww37FMX4_j94A4sBScRO9YQnzmE-g_QZbE537IEVI25f4zjtqbXCEPc7jck2LZGkQbhUCVXtoIhM48IhqCq4JEJs3od0GpmZLr7xdqaPCP0Ozk9YboLGq4hu7tMjyo7J8lfxh9B-k6I-2T2QoJCftaYvhe3kReM1XWST-N_1xCmxLrpLSBnuAEMd153aqELpZgOFLcHlvYbGH8i72DenSUB5ho_LlE6n4c6Y4tCGJ389g_7WJ9atZaaVIb3U6lb0CF-cnaTqpZWIv2k4Bcu6twKfJyDDHPrJKI0qtgflh1PBaU6f-iqK6vfpCMNhF4d-qyuhbdsVaXC__FPO2i3BV8ZIyqCkl02k5jR_MNlf7B5dwUJ9ra1XJoncFifDCtke5WwHw7mY4kkSJMcjV9E-k4-mKC6aL5rXWGmJHKvXttMc6KeV5bHfsuWyrN-vAs-5Jg&sai=AMfl-YTJdrPcnYReSx6BZKET_bEPi_LeOUC2ngAmrFRvsjM1D2zjnS3wXenzP6W8BwfTDsc7GXqhY1_6UKvKd0EXj9frxKv35O2XPaGGLOjyARYnGSs3lq8KowJ9GEGI4IRFuSef3WP9cYygpt1ed0kGQO5cH0QMAI1CxDA1DLANWzMuAmuJOQv9d3nK3tCOzOE_NlL-C2Goi7ZZFSzHFhkAJcRbxdEfoXGrmEcI5y5AULW93fbPPF01tfAqnemOUdqTw5SIiAQRiO4c79YDBegtmcbwc1O_W84pryQK&sig=Cg0ArKJSzNusplNZefIsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=198&cbvp=1&cstd=192&cisv=r20230222.85188&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 72AF 36 KB
14 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/16845539166636067700/ Frame 0CED 21 KB
5 KB 8ms
7ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b6736a411bdb745af1f206b1ac36c5339678dfbce134f89e20c565b53b39453

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 16041
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 4834
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 18:02:46 GMT
expires: Fri, 23 Feb 2024 18:02:46 GMT
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0B76 0
0 133ms
63ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssDyz7RXs4y2c-qY4w-5I2i3u072jLzoD_MZEl6TELKBfTTOWVR4BdFMGUO3df0XH5lIBO8rNwarjRzO4jfDsh_OVayL4v4-eAObahfexFTpfZ7S9NdJOdfojFC7mB2uvxTpS4pRVKXmehCPaouuzillyAQ4iJm6SXP2JbwHWYMbUjPaK0fdkbAPg-MnjVo9zJ8xQ1KSLg7I6de7lShflLiXP5cVNYZJKOwoMlyz14u2MZJxmU1Eg8apV4XXH72Y4qOgCble558PF3TEdzoqctjDbAwYXONvi7UIQ4nfIlwpjjNEwQrUGAlqYH200sKg3bkhvz3jcs3dpqiJnkN8l_B0QhnNuG61LBHcNt-iTl5k9IE3FZqB95j1aBfYSTr9ZJFJXAIOppL6uGiYao1sWJqMOp4G6Rz1rQ0sB2tpE7Ot7_QUDkt-bjn8jy-d1lzHx7fY_LvJCs1TFgf7DIIhc3A3oCfgSyKFQyjKvpuP9UVG-E8qU_83g1K1VRjcCRwhpT0EzgKBM50QAXY6WwboTFO8RyStx2ukeN7ezGUIpGdpWf7J5yXM1e18LLhG2BK4V-Wv4-zrUiFEBDBlJdzt2PTNoKw94HuNNiZizP6RZfqEnx4z6k3t8nk5oP7x19kC_isXKtzsciByl1Wx1Fz6rB17yjrHO9fALtPxFkATqAfRfK5hb-KdalyvnWZJGCskB8GF6dL85plxw8WuU4yhrbl9jR0vFQTi3WK6x6P32zYrDS05OqJI3mDWj5FqxQvLW1-zfI5UHshvp1TSwdEnrYEJH9rbCm_gSyrQvCjkAKqaNixYG-fjp898r7e3NxFN7kgmx9F4KexLtP0i2EWVX7NsnQR2fT9KPZHu9Jb9wku9U7qRdbGMZHVJhi9H_d1JXd4QX51FWY10j4kxW4S09aHTi2QAxxphYuMwT7FywcyGDyzA3uC6IaHzD-XL555inCx67wzNnlZenjdEtg7VJEeKl1oFpqlnvFUCO9etO11vTTH83MlEbiUc7X3YPRQOMOkUurXN7oTRBUxNgJ2EPEnIQVY5WgSkVFNGqhhrFsMnnMRRcgeAT_q8lp7-WB2EWr77rOK2HrapkvYKAHLvsoEAw0-pS-KcS_h8fY9t0bR9eyD8t_-WA0PDyiQrXpSjOVGRi_GwOi1E7J8zg9bNvNmljivS6oHY4rZL_gUT1slEvaOGuyHNGjbrU5vQulb2RicGgN2pyiVLOW9P87yQwMPW2w52Gg7SjMhDbnEuU680w&sai=AMfl-YTg6Sw3yewmOMBVOg8rXeoHprJ6fM4BWr_iVB96kLMahBFTrzVRzNXNAJYjytI5zlhdJDTfl5gi8JNp5NafyxrxfjAGqI_VT_Hq4Kv3x8nhWs2pDlTuPbGTYMIe2v4NI3qqGFJkunAlP4VpqHoERO7z_UYi8kGlozB9kK1EDz53yM-Vz-G1C35wJVv7xELXVLtVI0DGxtISkw6E_ZzBr_HkJgJalIuINaTF_7RVhdMOqzakxHam8TaeP72fVMWpoGGIkF_ZxOSoReaNvbl-jJpQgf41ONO1y1Pod-Sx8lcOSnqqOSRDnOQzDGE&sig=Cg0ArKJSzMXKdL9hZqVcEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=234&cbvp=1&cstd=230&cisv=r20230222.28037&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8028 22 KB
8 KB 8ms
7ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 451006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 17:13:21 GMT
expires: Sun, 18 Feb 2024 17:13:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request.php Show response
hal900026.redintelligence.net/ Frame 30D4 4 KB
2 KB 119ms
71ms Script
application/x-javascript 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f29fb219cd&subid=&uid=7f9cd84a295392be&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=8078938211620&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Requested by: Host: hal9000.redintelligence.net
URL: https://hal9000.redintelligence.net/zone/iju9wczm8trb?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 7521d0e724aa9d43643a33c2122dc25d7010488ad43fe58d5940056b4aca8938

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: application/x-javascript; charset=utf-8
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 39191900199330504444554012244026
Connection: close
Content-Length: 1303
Expires: Thu, 23 Feb 2023 22:30:07 +0100

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AF76 108 KB
25 KB 19ms
18ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Fri, 23 Feb 2024 22:30:07 GMT
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 590F 0
0 101ms
65ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu88yMGbBBQsSRE_pOcpKh0f6CO8H-bUGO6Kvrl6P6hy9oXdvmIeKpG90eli7ukV-HmLkzGVXJD3KEIxztKREMWB0gbXuqgvyJ-3iL1WNTk2PC9srzZ3_849vzSKppDYYpy6rsGqVQ-DXI8CYToEpKpED2BePBkAR37AbD_1Hv4_JdO6ox8jpVC_jph_j9Tl2lvl4fCNlT5zFw6vBPR7Xj40VqfX3N7TIclzF6MQxCJ06wf51D4F6FSkymxmljdFDrUNiBATbcq0KvTLhd6ehkH2k-rQe5___nd2skluFrjXlmwg7XJVqFm16Y-jmG6zOuMeeVNdxSTJa2EvcTt0sawa9w91JUkV1yv8brB3Gqpvo7nhVqIpDUKVz4HqomvQqSLSKbY70bxHM3t6b7AMXkDs2inEzzf91fv3NbTgzyx2NlIc90Jjlp4FxnBgCSW7DY5ZjgthbD3zMVYNb3EUOOCkiKpOpncSoTzt-CLu_P_p5uHPCEzOSKDzS_t4phD0NlbVcki5hbAQXaEdQ4lywkOXjXbFKc-8WDWheiUE9LnK_LDFJid_rC8bQXnvYhtbbKGu5NdQjy1EG7PY06iOUH_-4xq2wie8rNe-GtcXmu231_RnB0LfITWPsXgspulbz5fxp4JVQuDZY4I1WY3Nou5JY76Rnrr17dP8ymRAdy7CwGpgdTGo-P5BpSGvbCxix2wa77AKwy3ReOCv04iVLQffM9QyZcOG_Ud3P0dtvG1e3eB1Ku-VtQ7wT-p8sxgO3lF5hy3XfF6PTJzVzgTNBAfMoggDPVIG1-DFEkBWLUB3JvjYfDont_lUz91_clgLcdGiabDKPe_WLUoMdxLyKnOi60zv28TOPx3cQzFQiMrUajKQlEqwuthyBT0LH_73HptFDD9r2NvfN4Xu9erh7j5yMSzbQMYtZrAVz-S21WtkJu4bhg9CKIY6x1wlBq_Fhm6RaLSFeOvLOaAlqArtZknP-8hfh-jEJJ5i2Fxw24DI8jHoDyEmd1ab5bGRlGIiK3FVvBC-A-5XgcGE2ZksxiOaVrEimMtwevdgbggXtmfs5QuDaiVuB2teuCOXopzDaHfRhyh5TcN5nsamsO3j5njRQk74pIii8M7opLkFUyFmQaec9XgtsavMmRNiyV386ZvQemfndqhajNyJZdvaGquW3lznwi7gCzbIUaQOPNRT2T-QvrWErNxmiHHj6b3bfk41A_rQglYjr6jGAheqfpQ72iW61LuBdY9H-T7x5QWKx2z-OawT8fug1TDH9bLcd7I0vVlDSgn_9WiW3g&sai=AMfl-YSeOo1vOfBebVwAyhfheMuWUdLOgkPcY68LKjI6moDrea4HPd4z7CGL0QnfjJznTXxCLhlI_UuOJw3xhZML5VQV-hPiZ9D9q1Tytd9qDayO8iFlNgZEk5YkLdmJHJimwjh6yGDjBV6Wkhn-NKMMZaHaseyUQoNYrOKBqCc43kGD6ODLMygv8qe3uWSu7XvBxV5Ueph189wir5hpgBqaz9UhJwHa1Rtq1MBqhBfpRW6KkHSfHX-fMm_3W-UTbOE_Q9ffepsMtplFt4YHuo5MJ6ip2yxCyr5GLgmY&sig=Cg0ArKJSzPfS2yRv2JgREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=150&cbvp=1&cstd=145&cisv=r20230222.34564&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 d12dbb370e861ada20f5553e973b3eb4.js Show response
s0.2mdn.net/sadbundle/16845539166636067700/ Frame 0CED 79 KB
20 KB 10ms
10ms Script
application/x-javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/d12dbb370e861ada20f5553e973b3eb4.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bff6030a331b81cd98d18346d460a26cf52d900edc6125022ddb4aa61c7b1ad1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 15:41:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24516
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20596
x-xss-protection: 0
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 23 Feb 2024 15:41:31 GMT

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 5023 118 KB
40 KB 17ms
17ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14273
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 18:32:14 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 98FA 22 KB
8 KB 13ms
12ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 451006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 17:13:21 GMT
expires: Sun, 18 Feb 2024 17:13:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AFEB 108 KB
25 KB 27ms
17ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_276.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Fri, 23 Feb 2024 22:30:07 GMT
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame A267 0
0 69ms
63ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2i1Y-QdZF74lt0KqSvi4AIYWe9lplJaWGC8bfe31N0xEfq2KljNUMg2RefZrmiuGYdlndCuyRLDBumfs3kDpLO-uzlL9U88tjsMBvZNvWE5uPq48IsU8oeHhY3BQ6mmOhLnIVhvLE5MA-dGmbmJzJSPtjgvDnq1ezhlpoovDbJyajXMksMEbjReA5DjpOE_DMOGulAffR5XtWRpelDcniuiU7BHTLa3Czt95abd61tCuq4Wwwp6N1uAdg2Msm4xEhyJyoE5ypfVCQz41Z9X6S6saqc_Unc3S2owK67TQX_ox_Vi6cjFev78CBPOHS_biQVz53j6auCV53OqczoZPwKe63LR8ZJuQZjEhotScfTyXmMWMUWtxlHdlJmQMfTJd5yukKIuWyDQAVDePtoK6XRZcHrzEeQTAS18mzCCy6nYtdKb65PbSECW6gxfP2d6AcIeW9iMAa9KdNH40lhK9s78NFlJZRoyov1YoQyAOUg7czjNTM5CgHQP0e1H2m2bch53EM0qjK6hhgPCcgCBSDlEhtHYfrrjAxqOqYM5H74qf0gt5My1JWHSLJdTvN-AttyPar459Gt7mw41PCZKL19FTzQ7cHGS65XnwFmrkZMQzOu2QeinOOksGI1j_j7t1ZgNJE2aMzcn5nQCmvgRU2S-Y3V5dWSUhyxy5YhjN-O6_nbRnHVFNxjP2PIDarhJgmheJmBBgRjqZnBkWu4whPIH97PhnnxWhFKFWZihXCzRmSSDvAaBn1esjnoy_Z2Ud8Yi6nQQExtGGrvth7f6PWUvQ0h_LioeZk_i4B-7YDzkk7cb42OX6K2LxY-gI8c-YNJ0ohITlZBbJ_0gCgxSNOaAupiavVGZSEO_nppy7_1XqdIvsqGH7ulwbmMXN_X7qsg3y7LCTy1TzP0o54clgTpAAYcHOR2CtB7mYxADUhagjsTShNiSij-WJ_FshvVE2IvQpTsSaZ3hT5e8ZDoik0g1XU5kf9vAZ72RtfRBvbNizwwC9qnzS9z0LOTYYemzzl2RYrBEVZm_3rI0ECj0jEVqGeD8j7Cvjng0EbvKZq5fYIOmOP5Y-Ft8I_UmRQXSUXfdC2at--6C3_CYhj7hqV5PEMdi5citJL2CWJ5S_XH4tdZFqCf2TE26umbMB1Hf-TteHPFPfrwqTDur2KBsekosVxRA1UsL1AQ-3ubYcizOZT2LJqBbs1h_GGOUanBnV0Lk07q2mw4LD21LmpB8PBmd2lC_PcuMXZ0lM8giKFxv6gpvzMS_c02D6pGdTpuMXAqeK5foNhvhVhhcY&sai=AMfl-YTKLXM1QQFeiKfsad1evsBajsNA-vAq4-BoabZlMC6UAvdX_Wx8fYkoqUgXSQw49CSFYf9oqe-eB_gfKe0CsbXpblP39A0wQZ2DMzWuCCqNTMgmcmdNI5Lv5O-TJtZZbP0s_T0nftw09Dz4_HMxhQj5GYAO7ANm8b_mtsQQfBC2e1BgV1UPpJX8d6wJTHe4MnYpgOc6YrzUl_SgoXkcY1K0wvSnBHcmcxQ9Nesw8d7R5t9OjQAnUYfOD1STWNWIJ6OTqCHf4Ib2T_BxIgQWba-HTUv-723DKJW_&sig=Cg0ArKJSzPeLyz0wAcAqEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=145&cbvp=1&cstd=141&cisv=r20230222.65107&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 590F 41 KB
15 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 17:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 451007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:13:20 GMT

GET
DATA 200
OK truncated
/ Frame 590F 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9720c5a1033ef0329e72108986f25df943a8329ae3932457dbabb5d1d75939c

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame AF76 118 KB
40 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14273
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 18:32:14 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame A267 41 KB
15 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Sat, 18 Feb 2023 17:13:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 451007
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 18 Feb 2024 17:13:20 GMT

GET
DATA 200
OK truncated
/ Frame A267 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 9801565355f9994078489336cd3fddca254f0c95307086c83136d509ddcf5b03

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame AFEB 118 KB
40 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:32:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 14273
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 18:32:14 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 1862 36 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame A8C8 930 B
931 B 101ms
16ms Document
text/html 2a0b:4d07:401::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:401::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 23 Feb 2023 22:30:07 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 02 Mar 2023 22:30:07 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: atvi

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 18A8
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=80764500171863404445002012244023&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=80764500171863404445002012244023&actionid=981741&produktid=&dt_url=

0
180 B

46ms
19ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=80764500171863404445002012244023&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 23 Feb 2023 11:30:07 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Thu, 23 Feb 2023 22:30:07 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=80764500171863404445002012244023&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40028
X-IPLB-Request-ID: 50FF0AC7:B0B6_91EFC182:01BB_63F7E8EF_489AC2B:C02D

GET
H2

200

htlp Show response
futalis.de/ Frame 226C
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=80764500171863404445002012244023&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340529

350 B
401 B

63ms
7ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340529
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 23 Feb 2023 22:30:07 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340529
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 2964 2 KB
2 KB 148ms
69ms Script
text/html 18.170.235.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=80764500171863404445002012244023&nw=1
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.235.198 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-235-198.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: aca87497499f0fecc113f571e048583c158381431903d68c0cae7303314a52b9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
last-modified: Thu, 23 Feb 2023 22:30:07 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 23 Feb 2023 22:31:07 GMT

GET
H2

200

activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941 Show response
5994599.fls.doubleclick.net/ Frame DDF1
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941?

391 B
326 B

55ms
52ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941?

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

98af728381c06322865023cb98105cc322f91e402a5c2a23546f065c4dae3a4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Thu, 23 Feb 2023 22:30:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900023.redintelligence.net/ Frame 893C 7 KB
2 KB 22ms
8ms Document
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request.php?zone=5zyrr3xpcfb3&nw=20&renderingType=javascript&namespace=8d9c14068f&subid=&uid=aae3597e881ea26a&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=970x90&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCZ73r7ej3Y63CKciF9u8Pm5q2sAum5b2gaZ2XnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE7gFP0KdT1r7dSHqxiUirZikAwGu70jv4D4466HHUymJDV-Q6t85-IRfdR9pF155mgPCGZ9xrsuZq8CI5oONs2oDaVa5fehlbiQ9rcScdMqaxW15u_EwlXs20sFxydCO_bHxpe2ZsNRBge1u033-N63aa9ti_PbDAgBfVpFABIH5Nf3K47ZR32kePDcRfz4saUUhEILBhqrYUicHVFRYqsR5BQQ7uZCK3XIaOzXVModamh0Rf9lHHJq-m6nypnNDeR3GeiYtg9hvtVFey3shl9AbDjMTSLeydVx4fCyXKOruFQmFTzGuOdqz6u_m2hGG6wATrj_yO9wPgBAOQBgGgBk2AB6yt9Z8DqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhuoB5oGqAfz0RuoB5bYG6gHqpuxAqgH_56xAqgH35-xAtgHANIIEQiA4YAQEAEYHTICqgI6AoBAgAoDmAsByAsBgAwBsBOPtdEO0BMA2BMD2BQB0BUB-BYBgBcB%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_2YFhAOkqZ7IOTGh0U0N9ntBjdySQ%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DtXBoZkemCPEFi_fRqDEOkr1jvW5yVlFpuTeXtPt9G-nIzBlTfZQb0odiREM6oeDfnKGugjHhhG7WJZXchQdksGRHcWMxperedjZDBtYYFc01R7Lr52rFfYBo_LoQUh-A_WVRmndT_7lK5zGh45JQxbulaT_waKyEbsOr5ONkZ2eh8b4k%26cry%3D1%26dbm_d%3DAKAmf-Bhum4Y8LKAdmgooug_SBaw-jvxxEat1WK_F60hP7AoxVaR3kgzKAck1o9_nuBeNd8mkpPcJq7Qmex_i_fSqqZtHfX3VXNR6HQnuAMGcR_jhfiUwMsq4gVxWn-j9XLB-fyoW_i4w7LfY1wiW1jgv9XMC5xlJbgWzso5FVLzVuPTaCXhKDBlq_8U6bw2adYnlywDMS4RZmxs5vQ0mMEGcCCbGtt8IaV0JNZRRqP_q-4WzxiAHrXoal4WuHJWRHoJ5o2Z_HMZ-vQqeyuzYi8SirJw2bTfbghShJqGVhBLqYcHkZsRr_FQKoHjio9B-TI9yyH26m8bx48TDP6tPddsojH8nnUdSv1hdNpQl0CEMMYUVfkh6bbxzDy01_UdwH7nKSDB4NZHubGXKpp85gqYFIiIKiv1ILhxi9JjqNtyTaiTsTpmx5QjgATEqtF38Jo1Qldc1D3quI2g788hT7czjrNezILbrqF5CnB9jRDXCVHqGsicOzID2ALfjVZfJ_odf4MQAvkcfqSu8-jb34JhAXStUHHbFFR9pPn3zbDGHeHAVhlGFgE%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=175523472534&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: 5a23bcc2ce333f794dbfb8153df1c2027d15f57ae745ef36f17a3723b6342510

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2070
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Feb 2023 22:30:07 GMT
Expires: Thu, 23 Feb 2023 22:30:07 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 2964
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80764500171863404445002012244023
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=80764500171863404445002012244023
https://ad-server.eu/wm/pb/native.png

68 B
312 B

166ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:32:50 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0AC7:B0F0_91EFC182:01BB_63F7E8EF_4889175:2FD2E
X-IPLB-Instance: 40027
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 8028 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H2 200 / Show response
adv.office-partner.de/ Frame 0AA6 930 B
930 B 80ms
17ms Document
text/html 2a0b:4d07:401::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f29fb219cd&subid=&uid=7f9cd84a295392be&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=8078938211620&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:401::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=604800
content-encoding: gzip
content-length: 552
content-type: text/html
date: Thu, 23 Feb 2023 22:30:07 GMT
etag: "3a2-5c1ab16b3be00-gzip"
expires: Thu, 02 Mar 2023 22:30:07 GMT
last-modified: Thu, 06 May 2021 15:37:28 GMT
link: <https://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
server: keycdn-engine
vary: Accept-Encoding
x-accel-version: 0.01
x-cache: HIT
x-edge-location: atvi

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame C835
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=39191900199330504444554012244026&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=39191900199330504444554012244026&actionid=981741&produktid=&dt_url=

0
607 B

28ms
17ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=39191900199330504444554012244026&actionid=981741&produktid=&dt_url=

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f29fb219cd&subid=&uid=7f9cd84a295392be&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=8078938211620&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
access-control-allow-methods: GET,POST
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 23 Feb 2023 22:30:06 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Thu, 23 Feb 2023 11:30:07 GMT
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
pragma: no-cache
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Content-Length: 0
Content-Type: application/javascript
Date: Thu, 23 Feb 2023 22:30:07 GMT
Host: pv.medialead.de
Keep-Alive: timeout=20
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=39191900199330504444554012244026&actionid=981741&produktid=&dt_url=
Proxy-Host: pv.medialead.de
Server: nginx/1.17.5
Strict-Transport-Security: max-age=15768000
X-IPLB-Instance: 40027
X-IPLB-Request-ID: 50FF0AC7:B0F0_91EFC182:01BB_63F7E8EF_4889167:2FD2E

GET
H2

200

htlp Show response
futalis.de/ Frame 6871
Redirect Chain

https://cdn.retailads.net/tb.php?t=150337V2172132532M&subid=39191900199330504444554012244026&ra_cnt_active=1&ra_cnt=1
https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340530

350 B
400 B

55ms
12ms

Document
text/html

49.12.16.151
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340530
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f29fb219cd&subid=&uid=7f9cd84a295392be&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=8078938211620&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 49.12.16.151 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: lb-1.futalis.de
Software: /
Resource Hash: 582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-length: 350
content-type: text/html; charset=utf-8

Redirect headers

content-length: 0
content-type: text/html; charset=utf-8
date: Thu, 23 Feb 2023 22:30:07 GMT
location: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340530
p3p: policyref="https://www.retailads.net/w3c/p3p.xml",CP="NOI CUR OUR STP"
server: Apache
xphp81: true

GET
H2 200 link.html Show response
track.webgains.com/ Frame 30D4 2 KB
2 KB 127ms
72ms Script
text/html 18.170.235.198
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=39191900199330504444554012244026&nw=1
Requested by: Host: observatorul.md
URL: https://observatorul.md/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.170.235.198 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-170-235-198.eu-west-2.compute.amazonaws.com
Software: nginx / PHP/7.4.26
Resource Hash: 7ea4fee07e12460869576c5569bd86126c31b68475795bf3f4d986c6091434d9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
last-modified: Thu, 23 Feb 2023 22:30:07 GMT
server: nginx
x-powered-by: PHP/7.4.26
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=60
access-control-allow-headers: Authorization
expires: Thu, 23 Feb 2023 22:31:07 GMT

GET
H2

200

activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845 Show response
5994599.fls.doubleclick.net/ Frame ED4A
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845?

391 B
283 B

56ms
55ms

Document
text/html

142.250.186.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845?

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.166 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f6.1e100.net

Software

cafe /

Resource Hash

bd4043db37644ab80bf71ada4d19a3f71261e2934d07768bb70cfe9b6260665b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 217
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Thu, 23 Feb 2023 22:30:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 23 Feb 2023 22:30:07 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK request_content.php Show response
hal900026.redintelligence.net/ Frame 7984 7 KB
2 KB 27ms
10ms Document
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request.php?zone=iju9wczm8trb&nw=20&renderingType=javascript&namespace=f29fb219cd&subid=&uid=7f9cd84a295392be&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=300x250&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdc-d7ej3Y7DCKciF9u8Pm5q2sAum5b2gaa2VnKfJD_AuEAEgyqPvlAFgldqLgpgHyAEJqQIOq2M6ycuxPqgDAaoE8gFP0ODKRIUaycC0lz_gZNRiJNLSqmjK0B4kRrIK_hWjikglk8AyGuLrSXjMkwL4_MbaiKlRzQyc1NA78xl4BTXLOIEGzA7R9CwTVS2Retp8PJYrI8qDDfNprJVZhHyEmfVcWkWuOTq2cDDxld30pBsRH0KvrgfxlfkKH55U6E9LPf9yEtnV6v2HGBGFZMwk1FT9L3nYdYvqJkBcG3IOKvKhk62ulgR8YeV4wcMR-sSX1GlgJo6ECw25jlloyPGcqFAAvEWJ8ud8gADFIF63D_21jA5SCd52VVVMFopNSsogPLNEOMDnnzI47XYobgF_Hz--r8AE64_8jvcD4AQDkAYBoAZNgAesrfWfA6gHjs4bqAeT2BuoB-6WsQKoB_6esQKoB6SjsQKoB9XJG6gHpr4bqAeaBqgH89EbqAeW2BuoB6qbsQKoB_-esQKoB9-fsQLYBwDSCBEIgOGAEBABGB0yAqoCOgKAQIAKA5gLAcgLAYAMAbATj7XRDtATANgTA9gUAdAVAfgWAYAXAQ%26ae%3D1%26num%3D1%26cid%3DCAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ%26sig%3DAOD64_3PY_7-KvHm0Ii0afRWCI55Z-Y0OA%26client%3Dca-pub-6937397269932998%26dbm_c%3DAKAmf-DQlEmO-T9fjBNkJziit0ln2PEKC6T8v1kbtS3kj5pNfC8wmQaztPtRav2BO9Qf4HAQ2PKGHFVuY0gQobq5o3sUjbAp7Tn2n9MToqmZCLjmcsXzF8EK7dQbukX55O2SGp_ks1t-7GNhuJQc6rAu-I8ot5Vw8dMPzE_h4GV2wvyc0ujZAzc%26cry%3D1%26dbm_d%3DAKAmf-CohC4QJuLQIKoVv1PrKaQWUOVRE8g2Sbh8awQ0Z-rVxbIuc1qgpfSZyhXqk4mL2cn9cb2ijrAuEtr1qy7uVq7OmrH3gbvJZdf9axPwjz9tySC4F3g9unx0XPDbYBdIFCIpK7AtwZaLaUiWH2HT_n2N4_HvmFKsFx55tDEaBCnbGd4_Evpx7tjaOSsvBCT_SlzCFarA7G_6ZePLLPkVBRqlyZaxh229obUVReCJczdjkVz5j5qGv2lbWtfWJuvhdhD3GQpQLQCNpwRpKYxaBYa1HBsWxPAn0xx7FXr2IVAqjRCDFfsG-nUmTtpAHo2ANfYOB3gtp85ayrev-TVt_thDXZ9K4LqYODog3k1bqwRK77WSCbfR8rA_UdSXSKLxaAOTqW8tsf65ucLjIwbD5pjtbEYpENHYdivpm__8-k9OPDBIpzpIsjhAZvPSDroCqqEGF3fVkuzxnGwwzKxWEkSMeUNUDmWGNlTGVm5ToctnQlNQKoOAqTbnHl20ThD3_mmsRgIr1dlJpu5mluTe7tUYt7RUM47QQ3TKEfh_4DYxVhs5m5I%26adurl%3D&documentReferer=https%3A%2F%2Fobservatorul.md%2F&ancestorOrigins=https%3A%2F%2Fobservatorul.md&random=8078938211620&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: 6d725b51f41604c7a7106349635e611e7b00322c2e9edd763c86accc024a13a3

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Encoding: gzip
Content-Length: 2030
Content-Type: text/html; charset=utf-8
Date: Thu, 23 Feb 2023 22:30:07 GMT
Expires: Thu, 23 Feb 2023 22:30:07 +0100
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 30D4
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=39191900199330504444554012244026
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=39191900199330504444554012244026
https://ad-server.eu/wm/pb/native.png

68 B
312 B

162ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: HTTP/1.1
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:32:50 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Strict-Transport-Security: max-age=15768000
Server: nginx/1.17.5
Host: pv.medialead.de
X-IPLB-Request-ID: 50FF0AC7:B0B6_91EFC182:01BB_63F7E8EF_489AC30:C02D
X-IPLB-Instance: 40028
Content-Type: application/go
Location: https://ad-server.eu/wm/pb/native.png
Keep-Alive: timeout=20
Content-Length: 0
Proxy-Host: pv.medialead.de

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 82AA 22 KB
8 KB 9ms
8ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 451006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 17:13:21 GMT
expires: Sun, 18 Feb 2024 17:13:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 css
fonts.googleapis.com/ Frame 0CED 2 KB
635 B 27ms
24ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:500

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/d12dbb370e861ada20f5553e973b3eb4.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

42fc207ebec992c03f7e8b3bf2f56ed07d798add6da0d4e91777eef7c9262875

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 20:38:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 2f6dde081c73198eb463e69cc864bf45.png
s0.2mdn.net/sadbundle/16845539166636067700/media/ Frame 0CED 12 KB
12 KB 12ms
9ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/media/2f6dde081c73198eb463e69cc864bf45.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7b812daa122ae5ffa1ffa3cd7c12ce0e7f2d2a0cd70ad48fc74178c8a87406ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 15:30:31 GMT
x-content-type-options: nosniff
age: 543576
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12676
x-xss-protection: 0
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Feb 2024 15:30:31 GMT

GET
H3 200 06f91b438b5c0d7fe6dff4bf6c24cf00.svg
s0.2mdn.net/sadbundle/16845539166636067700/media/ Frame 0CED 5 KB
2 KB 14ms
11ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/media/06f91b438b5c0d7fe6dff4bf6c24cf00.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb4a29554c161fc6298d26273c106770fbe6c66bff37bb0db2e7826a9f84cb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 08:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136225
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1998
x-xss-protection: 0
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 08:39:42 GMT

GET
H3 200 d2ba67cbdf90bebda4784be3d87db586.png
s0.2mdn.net/sadbundle/16845539166636067700/media/ Frame 0CED 3 KB
3 KB 15ms
13ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/media/d2ba67cbdf90bebda4784be3d87db586.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

886981f0280d3227cd6b8391c5fcff416e580b37f7ae239f510f8c85f67e31ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 20:41:51 GMT
x-content-type-options: nosniff
age: 92896
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2936
x-xss-protection: 0
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 20:41:51 GMT

GET
DATA 200
OK truncated
/ Frame 2964 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 89b0e7bd1d2ca768848429a2c45e830ca0df41148cfb7ec8be194dc14538e1c6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame F050 22 KB
8 KB 14ms
12ms Document
text/html 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 451006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Sat, 18 Feb 2023 17:13:21 GMT
expires: Sun, 18 Feb 2024 17:13:21 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AF76 366 B
298 B 14ms
13ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 13:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 549082
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Feb 2024 13:58:45 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AF76 23 KB
23 KB 14ms
13ms Font
font/woff 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 11:45:37 GMT
x-content-type-options: nosniff
age: 125070
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 11:45:37 GMT

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 5023 363 B
294 B 10ms
9ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47a278025cea905349e975bf082b6d027e22a536a4b3d370afeb04d8fc5b2ca4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 01:46:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 593001
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 265
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Feb 2024 01:46:46 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 5023 23 KB
23 KB 11ms
10ms Font
font/woff 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 15:21:16 GMT
x-content-type-options: nosniff
age: 544131
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Feb 2024 15:21:16 GMT

GET
DATA 200
OK truncated
/ Frame 30D4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f59982bcdad7f7dcfac0864c6a1506bcbd543c53e8636206d93b2bce7dfb4488

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 css
fonts.googleapis.com/ Frame 893C 4 KB
651 B 20ms
19ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 21:10:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 893C 16 KB
16 KB 30ms
8ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: b5aa252f4896ead3a9e0385d9a6ef9b71b6b95ef2c985064a5bad95515e21e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16552
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 893C 16 KB
16 KB 28ms
10ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: a58212f483ebcd45ccb9a9fcb48e034fc312b45270447be3b3020e263a9b0642

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16267
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 893C 13 KB
13 KB 26ms
9ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: c0b8d838ecf40c07188ca2f53fd40a37c6ba8a1e2e4f17376119c222d44e14ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13012
Vary: Accept-Encoding
Content-Type: image/png

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 98FA 36 KB
14 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 7984 4 KB
651 B 19ms
17ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 21:15:24 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7984 16 KB
16 KB 25ms
8ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: b5aa252f4896ead3a9e0385d9a6ef9b71b6b95ef2c985064a5bad95515e21e0d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16552
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7984 16 KB
16 KB 23ms
8ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: a58212f483ebcd45ccb9a9fcb48e034fc312b45270447be3b3020e263a9b0642

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16267
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7984 13 KB
13 KB 24ms
8ms Image
image/png 116.202.48.214
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/55487/creativesup/1200x627.jpg
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.48.214 Krefeld, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.214.48.202.116.clients.your-server.de
Software: Apache /
Resource Hash: c0b8d838ecf40c07188ca2f53fd40a37c6ba8a1e2e4f17376119c222d44e14ca

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 13012
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 226C 5 KB
5 KB 7ms
6ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340529
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
last-modified: Fri, 21 Jan 2022 14:35:51 GMT
server: Apache
etag: "14aa-5d6188919baaa"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5290

GET
H2 200 ts.js Show response
cdn.retailads.net/ Frame 6871 5 KB
5 KB 6ms
5ms Script
application/javascript 2a01:4f8:d0a:2321::2
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.retailads.net/ts.js
Requested by: Host: futalis.de
URL: https://futalis.de/htlp?utm_medium=affiliate&utm_source=retailads&utm_campaign=150337&ra_id=2304340530
Protocol: H2
Security: TLS 1.3, , CHACHA20_POLY1305
Server: 2a01:4f8:d0a:2321::2 Gunzenhausen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
Software: Apache /
Resource Hash: c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://futalis.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
last-modified: Fri, 21 Jan 2022 14:35:51 GMT
server: Apache
etag: "14aa-5d6188919baaa"
content-type: application/javascript
xphp81: true
accept-ranges: bytes
content-length: 5290

GET
H3 200 btn_cta_arrow.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AFEB 366 B
298 B 9ms
9ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/btn_cta_arrow.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Fri, 17 Feb 2023 13:58:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 549082
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 269
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 17 Feb 2024 13:58:45 GMT

GET
H3 200 kia.woff
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AFEB 23 KB
23 KB 10ms
9ms Font
font/woff 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/kia.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 11:45:37 GMT
x-content-type-options: nosniff
age: 125070
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23072
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 11:45:37 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 590F 0
0 60ms
57ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsu88yMGbBBQsSRE_pOcpKh0f6CO8H-bUGO6Kvrl6P6hy9oXdvmIeKpG90eli7ukV-HmLkzGVXJD3KEIxztKREMWB0gbXuqgvyJ-3iL1WNTk2PC9srzZ3_849vzSKppDYYpy6rsGqVQ-DXI8CYToEpKpED2BePBkAR37AbD_1Hv4_JdO6ox8jpVC_jph_j9Tl2lvl4fCNlT5zFw6vBPR7Xj40VqfX3N7TIclzF6MQxCJ06wf51D4F6FSkymxmljdFDrUNiBATbcq0KvTLhd6ehkH2k-rQe5___nd2skluFrjXlmwg7XJVqFm16Y-jmG6zOuMeeVNdxSTJa2EvcTt0sawa9w91JUkV1yv8brB3Gqpvo7nhVqIpDUKVz4HqomvQqSLSKbY70bxHM3t6b7AMXkDs2inEzzf91fv3NbTgzyx2NlIc90Jjlp4FxnBgCSW7DY5ZjgthbD3zMVYNb3EUOOCkiKpOpncSoTzt-CLu_P_p5uHPCEzOSKDzS_t4phD0NlbVcki5hbAQXaEdQ4lywkOXjXbFKc-8WDWheiUE9LnK_LDFJid_rC8bQXnvYhtbbKGu5NdQjy1EG7PY06iOUH_-4xq2wie8rNe-GtcXmu231_RnB0LfITWPsXgspulbz5fxp4JVQuDZY4I1WY3Nou5JY76Rnrr17dP8ymRAdy7CwGpgdTGo-P5BpSGvbCxix2wa77AKwy3ReOCv04iVLQffM9QyZcOG_Ud3P0dtvG1e3eB1Ku-VtQ7wT-p8sxgO3lF5hy3XfF6PTJzVzgTNBAfMoggDPVIG1-DFEkBWLUB3JvjYfDont_lUz91_clgLcdGiabDKPe_WLUoMdxLyKnOi60zv28TOPx3cQzFQiMrUajKQlEqwuthyBT0LH_73HptFDD9r2NvfN4Xu9erh7j5yMSzbQMYtZrAVz-S21WtkJu4bhg9CKIY6x1wlBq_Fhm6RaLSFeOvLOaAlqArtZknP-8hfh-jEJJ5i2Fxw24DI8jHoDyEmd1ab5bGRlGIiK3FVvBC-A-5XgcGE2ZksxiOaVrEimMtwevdgbggXtmfs5QuDaiVuB2teuCOXopzDaHfRhyh5TcN5nsamsO3j5njRQk74pIii8M7opLkFUyFmQaec9XgtsavMmRNiyV386ZvQemfndqhajNyJZdvaGquW3lznwi7gCzbIUaQOPNRT2T-QvrWErNxmiHHj6b3bfk41A_rQglYjr6jGAheqfpQ72iW61LuBdY9H-T7x5QWKx2z-OawT8fug1TDH9bLcd7I0vVlDSgn_9WiW3g&sai=AMfl-YSeOo1vOfBebVwAyhfheMuWUdLOgkPcY68LKjI6moDrea4HPd4z7CGL0QnfjJznTXxCLhlI_UuOJw3xhZML5VQV-hPiZ9D9q1Tytd9qDayO8iFlNgZEk5YkLdmJHJimwjh6yGDjBV6Wkhn-NKMMZaHaseyUQoNYrOKBqCc43kGD6ODLMygv8qe3uWSu7XvBxV5Ueph189wir5hpgBqaz9UhJwHa1Rtq1MBqhBfpRW6KkHSfHX-fMm_3W-UTbOE_Q9ffepsMtplFt4YHuo5MJ6ip2yxCyr5GLgmY&sig=Cg0ArKJSzPfS2yRv2JgREAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=534&vt=11&dtpt=384&dett=3&cstd=145&cisv=r20230222.34564&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 412E 0
0 57ms
57ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuizaPdcUmFQzWw019xmR7-d9AJuxRo9S0OQzCFZ4ZKVDQb0Ua3PcohCIuPcGnMf66-SPDIpJ1Pr0lNv9phRCSjKqTVRSdPNxqSqOrIRZpta0nPHJA9UyL56Uc_7d9tMBuorgKmkr-aSx1T-W-OrUmbMTsXW1pqAEyv8qL2VaDRDmm-5NgL_UGzyGfArH033m3qjMXdUDaB-vg7yZbqaF5qlCYCBFEG_LK3QnDZP5dH0dPZbohIGAEXzehGkaY8yt-1NtrsaP6vtmTjWoys_JoVbeaJ3l9QO4xarmBB5kwH720K4nqy-EB-j3-IfEUbyXRr6wMfOx89QbK9CPJfLRxp6aum1xSeXPIju8d53PH4QngiAncyQU1k5hgbksPF6Ki7r26QbJmHgIbgEbIsT76USwJoMd6gaK0IFgKuolbSkGJToQ_ZxUB_Ht9CKyRtnVFG8KA7AD735xXNN_wxLdLXA2VRcq5kMVB2ED3ehZ27GPHNI_BtvhlWlge5Re8PuDKSVasLErXGYMGLbBo-DVxgT2RzeCjMNM6mEPhDU73hbK5tyxFdz-TNrMK1hetLxH6Qgep5qbniSpsl7J8x_kAttYYx1gKjwuaI0XHqMAymD-7BhuFST3NjF2szPLftPeDlUUV_4l9L_iXw6xCll_w9O4YbbHBLTu1WZPrXoj3k8t5KHOytBpF_yKapnRrErJ4GfJS_A8pKyjmpcBDzxg90tdjOiNSPs2k7a4dxZvQKQAlCOIlfOmO0ntGZiHFCjrNjm7rMCoNG0tJK--Btlm-5KzcxR-yiCJ_zBNQkklmM6qOj9Pj29-LWd87j04XIqn6ZPt_BFcV8fsts8Kqaww37FMX4_j94A4sBScRO9YQnzmE-g_QZbE537IEVI25f4zjtqbXCEPc7jck2LZGkQbhUCVXtoIhM48IhqCq4JEJs3od0GpmZLr7xdqaPCP0Ozk9YboLGq4hu7tMjyo7J8lfxh9B-k6I-2T2QoJCftaYvhe3kReM1XWST-N_1xCmxLrpLSBnuAEMd153aqELpZgOFLcHlvYbGH8i72DenSUB5ho_LlE6n4c6Y4tCGJ389g_7WJ9atZaaVIb3U6lb0CF-cnaTqpZWIv2k4Bcu6twKfJyDDHPrJKI0qtgflh1PBaU6f-iqK6vfpCMNhF4d-qyuhbdsVaXC__FPO2i3BV8ZIyqCkl02k5jR_MNlf7B5dwUJ9ra1XJoncFifDCtke5WwHw7mY4kkSJMcjV9E-k4-mKC6aL5rXWGmJHKvXttMc6KeV5bHfsuWyrN-vAs-5Jg&sai=AMfl-YTJdrPcnYReSx6BZKET_bEPi_LeOUC2ngAmrFRvsjM1D2zjnS3wXenzP6W8BwfTDsc7GXqhY1_6UKvKd0EXj9frxKv35O2XPaGGLOjyARYnGSs3lq8KowJ9GEGI4IRFuSef3WP9cYygpt1ed0kGQO5cH0QMAI1CxDA1DLANWzMuAmuJOQv9d3nK3tCOzOE_NlL-C2Goi7ZZFSzHFhkAJcRbxdEfoXGrmEcI5y5AULW93fbPPF01tfAqnemOUdqTw5SIiAQRiO4c79YDBegtmcbwc1O_W84pryQK&sig=Cg0ArKJSzNusplNZefIsEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=644&vt=11&dtpt=446&dett=3&cstd=192&cisv=r20230222.85188&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H2 200 dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941
adservice.google.com/ddm/fls/z/ Frame DDF1 42 B
262 B 55ms
55ms Image
image/gif 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CKCcv_DYrP0CFRqWmgodHzUIjA;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=900076176212.5941?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845
adservice.google.com/ddm/fls/z/ Frame ED4A 42 B
107 B 58ms
57ms Image
image/gif 2a00:1450:400d:805::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CJucv_DYrP0CFXjIOwIdKq8PSQ;src=5994599;type=invmedia;cat=wieh99wc;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=462403151601.8845?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:805::2002 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 0CED 16 KB
16 KB 21ms
20ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:500

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 16:57:30 GMT
x-content-type-options: nosniff
age: 106357
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 16:57:30 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame A8C8 104 KB
40 KB 19ms
17ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

77f5a18b6642c47b2db73047d2a40465028a86a9337a36a3f39ddb6f1cd00208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41180
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 21:56:01 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 0AA6 104 KB
40 KB 25ms
24ms Script
application/javascript 2a00:1450:4001:827::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

845df2e3ba9f62696cd844667dd1c9168859b8b6139826789d222fe92a820470

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41182
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame A267 0
0 57ms
56ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss2i1Y-QdZF74lt0KqSvi4AIYWe9lplJaWGC8bfe31N0xEfq2KljNUMg2RefZrmiuGYdlndCuyRLDBumfs3kDpLO-uzlL9U88tjsMBvZNvWE5uPq48IsU8oeHhY3BQ6mmOhLnIVhvLE5MA-dGmbmJzJSPtjgvDnq1ezhlpoovDbJyajXMksMEbjReA5DjpOE_DMOGulAffR5XtWRpelDcniuiU7BHTLa3Czt95abd61tCuq4Wwwp6N1uAdg2Msm4xEhyJyoE5ypfVCQz41Z9X6S6saqc_Unc3S2owK67TQX_ox_Vi6cjFev78CBPOHS_biQVz53j6auCV53OqczoZPwKe63LR8ZJuQZjEhotScfTyXmMWMUWtxlHdlJmQMfTJd5yukKIuWyDQAVDePtoK6XRZcHrzEeQTAS18mzCCy6nYtdKb65PbSECW6gxfP2d6AcIeW9iMAa9KdNH40lhK9s78NFlJZRoyov1YoQyAOUg7czjNTM5CgHQP0e1H2m2bch53EM0qjK6hhgPCcgCBSDlEhtHYfrrjAxqOqYM5H74qf0gt5My1JWHSLJdTvN-AttyPar459Gt7mw41PCZKL19FTzQ7cHGS65XnwFmrkZMQzOu2QeinOOksGI1j_j7t1ZgNJE2aMzcn5nQCmvgRU2S-Y3V5dWSUhyxy5YhjN-O6_nbRnHVFNxjP2PIDarhJgmheJmBBgRjqZnBkWu4whPIH97PhnnxWhFKFWZihXCzRmSSDvAaBn1esjnoy_Z2Ud8Yi6nQQExtGGrvth7f6PWUvQ0h_LioeZk_i4B-7YDzkk7cb42OX6K2LxY-gI8c-YNJ0ohITlZBbJ_0gCgxSNOaAupiavVGZSEO_nppy7_1XqdIvsqGH7ulwbmMXN_X7qsg3y7LCTy1TzP0o54clgTpAAYcHOR2CtB7mYxADUhagjsTShNiSij-WJ_FshvVE2IvQpTsSaZ3hT5e8ZDoik0g1XU5kf9vAZ72RtfRBvbNizwwC9qnzS9z0LOTYYemzzl2RYrBEVZm_3rI0ECj0jEVqGeD8j7Cvjng0EbvKZq5fYIOmOP5Y-Ft8I_UmRQXSUXfdC2at--6C3_CYhj7hqV5PEMdi5citJL2CWJ5S_XH4tdZFqCf2TE26umbMB1Hf-TteHPFPfrwqTDur2KBsekosVxRA1UsL1AQ-3ubYcizOZT2LJqBbs1h_GGOUanBnV0Lk07q2mw4LD21LmpB8PBmd2lC_PcuMXZ0lM8giKFxv6gpvzMS_c02D6pGdTpuMXAqeK5foNhvhVhhcY&sai=AMfl-YTKLXM1QQFeiKfsad1evsBajsNA-vAq4-BoabZlMC6UAvdX_Wx8fYkoqUgXSQw49CSFYf9oqe-eB_gfKe0CsbXpblP39A0wQZ2DMzWuCCqNTMgmcmdNI5Lv5O-TJtZZbP0s_T0nftw09Dz4_HMxhQj5GYAO7ANm8b_mtsQQfBC2e1BgV1UPpJX8d6wJTHe4MnYpgOc6YrzUl_SgoXkcY1K0wvSnBHcmcxQ9Nesw8d7R5t9OjQAnUYfOD1STWNWIJ6OTqCHf4Ib2T_BxIgQWba-HTUv-723DKJW_&sig=Cg0ArKJSzPeLyz0wAcAqEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=635&vt=11&dtpt=490&dett=3&cstd=141&cisv=r20230222.65107&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 5023 7 KB
6 KB 19ms
18ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

80cfa5fd889c3e11d127ee3b1fffc53cc8f6df9e1836f9df2850e8302c43fdd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5698
x-xss-protection: 0

GET
H/1.1 200
OK viewability Show response
hal900023.redintelligence.net/ Frame 893C 0
150 B 22ms
8ms Script
text/html 78.46.23.46
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900023.redintelligence.net/viewability?s=80764500171863404445002012244023&a=2ce5c95c&vb=m
Requested by: Host: hal900023.redintelligence.net
URL: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 78.46.23.46 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.46.23.46.78.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900023.redintelligence.net/request_content.php?s=80764500171863404445002012244023&a=4fa9a78b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H/1.1 200
OK viewability Show response
hal900026.redintelligence.net/ Frame 7984 0
150 B 25ms
10ms Script
text/html 138.201.84.244
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900026.redintelligence.net/viewability?s=39191900199330504444554012244026&a=8d4b888b&vb=m
Requested by: Host: hal900026.redintelligence.net
URL: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 138.201.84.244 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.244.84.201.138.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://hal900026.redintelligence.net/request_content.php?s=39191900199330504444554012244026&a=ffb5779f
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date: Thu, 23 Feb 2023 22:30:07 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AF76 7 KB
6 KB 20ms
19ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

02059741f67023af2d0e7fd275753370a8212eaa30f3f9ea14c249a273672385

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5730
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0B76 0
0 56ms
56ms Fetch
image/gif 142.250.180.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssDyz7RXs4y2c-qY4w-5I2i3u072jLzoD_MZEl6TELKBfTTOWVR4BdFMGUO3df0XH5lIBO8rNwarjRzO4jfDsh_OVayL4v4-eAObahfexFTpfZ7S9NdJOdfojFC7mB2uvxTpS4pRVKXmehCPaouuzillyAQ4iJm6SXP2JbwHWYMbUjPaK0fdkbAPg-MnjVo9zJ8xQ1KSLg7I6de7lShflLiXP5cVNYZJKOwoMlyz14u2MZJxmU1Eg8apV4XXH72Y4qOgCble558PF3TEdzoqctjDbAwYXONvi7UIQ4nfIlwpjjNEwQrUGAlqYH200sKg3bkhvz3jcs3dpqiJnkN8l_B0QhnNuG61LBHcNt-iTl5k9IE3FZqB95j1aBfYSTr9ZJFJXAIOppL6uGiYao1sWJqMOp4G6Rz1rQ0sB2tpE7Ot7_QUDkt-bjn8jy-d1lzHx7fY_LvJCs1TFgf7DIIhc3A3oCfgSyKFQyjKvpuP9UVG-E8qU_83g1K1VRjcCRwhpT0EzgKBM50QAXY6WwboTFO8RyStx2ukeN7ezGUIpGdpWf7J5yXM1e18LLhG2BK4V-Wv4-zrUiFEBDBlJdzt2PTNoKw94HuNNiZizP6RZfqEnx4z6k3t8nk5oP7x19kC_isXKtzsciByl1Wx1Fz6rB17yjrHO9fALtPxFkATqAfRfK5hb-KdalyvnWZJGCskB8GF6dL85plxw8WuU4yhrbl9jR0vFQTi3WK6x6P32zYrDS05OqJI3mDWj5FqxQvLW1-zfI5UHshvp1TSwdEnrYEJH9rbCm_gSyrQvCjkAKqaNixYG-fjp898r7e3NxFN7kgmx9F4KexLtP0i2EWVX7NsnQR2fT9KPZHu9Jb9wku9U7qRdbGMZHVJhi9H_d1JXd4QX51FWY10j4kxW4S09aHTi2QAxxphYuMwT7FywcyGDyzA3uC6IaHzD-XL555inCx67wzNnlZenjdEtg7VJEeKl1oFpqlnvFUCO9etO11vTTH83MlEbiUc7X3YPRQOMOkUurXN7oTRBUxNgJ2EPEnIQVY5WgSkVFNGqhhrFsMnnMRRcgeAT_q8lp7-WB2EWr77rOK2HrapkvYKAHLvsoEAw0-pS-KcS_h8fY9t0bR9eyD8t_-WA0PDyiQrXpSjOVGRi_GwOi1E7J8zg9bNvNmljivS6oHY4rZL_gUT1slEvaOGuyHNGjbrU5vQulb2RicGgN2pyiVLOW9P87yQwMPW2w52Gg7SjMhDbnEuU680w&sai=AMfl-YTg6Sw3yewmOMBVOg8rXeoHprJ6fM4BWr_iVB96kLMahBFTrzVRzNXNAJYjytI5zlhdJDTfl5gi8JNp5NafyxrxfjAGqI_VT_Hq4Kv3x8nhWs2pDlTuPbGTYMIe2v4NI3qqGFJkunAlP4VpqHoERO7z_UYi8kGlozB9kK1EDz53yM-Vz-G1C35wJVv7xELXVLtVI0DGxtISkw6E_ZzBr_HkJgJalIuINaTF_7RVhdMOqzakxHam8TaeP72fVMWpoGGIkF_ZxOSoReaNvbl-jJpQgf41ONO1y1Pod-Sx8lcOSnqqOSRDnOQzDGE&sig=Cg0ArKJSzMXKdL9hZqVcEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=840&vt=11&dtpt=606&dett=3&cstd=230&cisv=r20230222.28037&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&arae=0&ftch=1&adurl=

Requested by

Host: observatorul.md
URL: https://observatorul.md/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.180.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bud02s34-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 motif.svg
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 5023 451 B
342 B 12ms
11ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/motif.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

524c55c8d2300cce448d346b995650dc7fcd703ab0c3734c057147b5c69d3773

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 05:21:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 234533
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 21 Feb 2024 05:21:14 GMT

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7024728442041512453/ Frame 5023 1 KB
707 B 13ms
11ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7024728442041512453/logo_kia.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 09:08:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 134484
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:01 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 09:08:43 GMT

GET
H3 200 23717839_20220615053527728_bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 5023 28 KB
28 KB 17ms
15ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220615053527728_bg_01.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

725b03afa58a562e616fc50b46e25ac2198949ef365fd70215eec874fa3afceb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 13:46:06 GMT
x-content-type-options: nosniff
age: 31441
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28677
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 12:35:27 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 13:46:06 GMT

GET
H3 200 23717839_20220615053518230_bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 5023 38 KB
38 KB 14ms
13ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220615053518230_bg_02.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2df8c2e1525992c72ee30e6e57e57c302808b343d3149f629df7929713ff0839

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 08:48:47 GMT
x-content-type-options: nosniff
age: 49280
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38996
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 12:35:18 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 08:48:47 GMT

GET
H3 200 23717839_20220615053521387_bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 5023 27 KB
27 KB 14ms
14ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220615053521387_bg_03.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1925796b9ad5cab2500599dc96085cd017eae1c007b023d8d987c09d34b33051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 10:48:58 GMT
x-content-type-options: nosniff
age: 42069
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27683
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 12:35:21 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 10:48:58 GMT

GET
H3 200 23717839_20220615053524701_bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/23717839/ Frame 5023 31 KB
31 KB 13ms
12ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/23717839/23717839_20220615053524701_bg_04.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

990a271e4c03eec99796de451f8be26d0402175358ae426d6e46c270a0bc9e64

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7024728442041512453/index.html?e=69&leftOffset=0&topOffset=0&c=EI58lYpcF0&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 18:15:15 GMT
x-content-type-options: nosniff
age: 15292
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 31470
x-xss-protection: 0
last-modified: Wed, 15 Jun 2022 12:35:24 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 18:15:15 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 82AA 36 KB
14 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 2964 85 KB
31 KB 72ms
12ms Script
application/javascript 65.9.66.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=80764500171863404445002012244023&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 07:03:06 GMT
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 55622
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: 6BqCfwy4Qbp-NNdbOLqusuSKC5N7d5rT5JiCHb67M5YEHiLo_uI4Lg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 2964 85 B
437 B 58ms
7ms Image
image/gif 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1677191707&Signature=G2NQc9GYCkDTVwupF1O-7N0JQ-tvBLAbYFCwYKm-zRQfR2JJjdRRlPe9OGIDLHw2aWb8LCH539HfQGFtN6MP00c4U6VP171MaViFM6mxlxtIzF09NsMJkaBruxMINf4PrTZY3CvajPWR5P34jfAoXJSbnzzm5Tm5siN6SCndh-sGDwHStgqPQF-czv5aR1yDoNTEv~Gg0E4kkd0P-HsJFXARuwiWYR3aVCIllJBZ-DqfF85WIQzGAstOON7X3aXcTimmo-kuHjqqe7OOq6lnaiNayskXNLYgpw932Q~A~GtsIsFF-lnP0RgdYij24UhgH7PYl8F8zwWYqEGKJw4-HA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 23 Feb 2023 04:56:43 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 63205
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: VUFYhTF6VXzT487gQMw0q9pha76yLtuu0dhoeD6_k0j8jgv0W0134Q==

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 30D4 85 KB
31 KB 78ms
18ms Script
application/javascript 65.9.66.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=39191900199330504444554012244026&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.92 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-92.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 07:03:06 GMT
content-encoding: gzip
via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
last-modified: Fri, 09 Dec 2022 10:53:01 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-C1
age: 55622
etag: W/"0d5045593d14c9612a5d5576928a5209"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: i6oBytusYT_VefgpoWKCBdNrWa9P2XLqlKiqQsy6fCgWDqm5cQ8xRg==

GET
H2 200 1x1.gif
cdn.track.production.webgains.team/7121/ Frame 30D4 85 B
438 B 63ms
13ms Image
image/gif 99.86.4.52
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.track.production.webgains.team/7121/1x1.gif?Expires=1677191707&Signature=G2NQc9GYCkDTVwupF1O-7N0JQ-tvBLAbYFCwYKm-zRQfR2JJjdRRlPe9OGIDLHw2aWb8LCH539HfQGFtN6MP00c4U6VP171MaViFM6mxlxtIzF09NsMJkaBruxMINf4PrTZY3CvajPWR5P34jfAoXJSbnzzm5Tm5siN6SCndh-sGDwHStgqPQF-czv5aR1yDoNTEv~Gg0E4kkd0P-HsJFXARuwiWYR3aVCIllJBZ-DqfF85WIQzGAstOON7X3aXcTimmo-kuHjqqe7OOq6lnaiNayskXNLYgpw932Q~A~GtsIsFF-lnP0RgdYij24UhgH7PYl8F8zwWYqEGKJw4-HA__&Key-Pair-Id=K28VXAGA7VWE0O
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=39191900199330504444554012244026&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-52.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id: null
date: Thu, 23 Feb 2023 04:56:43 GMT
via: 1.1 1b412557b82dda96e078541f9ee8dfb2.cloudfront.net (CloudFront)
last-modified: Fri, 06 May 2022 11:40:06 GMT
server: AmazonS3
x-amz-cf-pop: FRA6-C1
age: 63205
etag: "70af33d70b6810475aae19743c8c435b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 85
x-amz-cf-id: KklnHZYOm6nemyFB8ZeZEkoKDGhME4Fq9aCNBuq1AjGF4cnhbPKTWg==

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 5023 17 KB
6 KB 31ms
31ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AF76 17 KB
6 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame AFEB 8 KB
6 KB 19ms
18ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

271f044dbafa75bde2a5673bca969fb7953268daf9d0700743c18ceb132aa137

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5821
x-xss-protection: 0

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame F050 36 KB
14 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19057
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AF76 1 KB
712 B 11ms
8ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/logo_kia.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 01:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 334792
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Feb 2024 01:30:15 GMT

GET
H3 200 bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85803309/dirty/ Frame AF76 17 KB
17 KB 12ms
10ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85803309/dirty/bg_01.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de0612c4b4b44658387671e1dc3095ac9fb94e44e61a2d42363c10a386fcea8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 15:01:42 GMT
x-content-type-options: nosniff
age: 26905
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16993
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 15:01:42 GMT

GET
H3 200 bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85749131/dirty/ Frame AF76 15 KB
15 KB 16ms
14ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85749131/dirty/bg_02.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8b9f230be361444ca929718ca596995ed4519288374b7f69530dd931474325a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 05:19:14 GMT
x-content-type-options: nosniff
age: 61853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15025
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 05:19:14 GMT

GET
H3 200 bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85803315/dirty/ Frame AF76 11 KB
11 KB 13ms
11ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85803315/dirty/bg_03.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb1f667f1c1811ad36406f4c24055bc1cd750d9517a836acd40e0cdd38769e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 12:19:34 GMT
x-content-type-options: nosniff
age: 36633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11049
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 12:19:34 GMT

GET
H3 200 bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85803312/dirty/ Frame AF76 15 KB
15 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85803312/dirty/bg_04.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7449c651cd98e922e90c54da024e3fbb9f8ca32f4bfa42ec98fe8fbf4e215a0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=EMq2ylVSsT&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:26:26 GMT
x-content-type-options: nosniff
age: 18221
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15453
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 17:26:26 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 893C 13 KB
13 KB 27ms
23ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900023.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 09:03:55 GMT
x-content-type-options: nosniff
age: 134772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 09:03:55 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 893C 13 KB
13 KB 29ms
24ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900023.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 00:02:13 GMT
x-content-type-options: nosniff
age: 253674
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Feb 2024 00:02:13 GMT

GET
H3 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 7984 13 KB
13 KB 24ms
23ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900026.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 09:03:55 GMT
x-content-type-options: nosniff
age: 134772
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13052
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Feb 2024 09:03:55 GMT

GET
H3 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v21/ Frame 7984 13 KB
13 KB 30ms
30ms Font
font/woff2 2a00:1450:400d:80d::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400d:80d::2003 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://hal900026.redintelligence.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Tue, 21 Feb 2023 00:02:13 GMT
x-content-type-options: nosniff
age: 253674
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13036
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 21 Feb 2024 00:02:13 GMT

GET
H3 200 logo_kia.svg
s0.2mdn.net/sadbundle/7314573151872791710/ Frame AFEB 1 KB
712 B 8ms
7ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/7314573151872791710/logo_kia.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Mon, 20 Feb 2023 01:30:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 334792
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 674
x-xss-protection: 0
last-modified: Thu, 23 Jun 2022 10:58:10 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 20 Feb 2024 01:30:15 GMT

GET
H3 200 bg_01.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85803309/dirty/ Frame AFEB 17 KB
17 KB 8ms
8ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85803309/dirty/bg_01.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de0612c4b4b44658387671e1dc3095ac9fb94e44e61a2d42363c10a386fcea8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 15:01:42 GMT
x-content-type-options: nosniff
age: 26905
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16993
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:47 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 15:01:42 GMT

GET
H3 200 bg_02.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85749131/dirty/ Frame AFEB 15 KB
15 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85749131/dirty/bg_02.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8b9f230be361444ca929718ca596995ed4519288374b7f69530dd931474325a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 05:19:14 GMT
x-content-type-options: nosniff
age: 61853
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15025
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:53 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 05:19:14 GMT

GET
H3 200 bg_03.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85803315/dirty/ Frame AFEB 11 KB
11 KB 11ms
11ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85803315/dirty/bg_03.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dfb1f667f1c1811ad36406f4c24055bc1cd750d9517a836acd40e0cdd38769e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 12:19:34 GMT
x-content-type-options: nosniff
age: 36633
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11049
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 12:19:34 GMT

GET
H3 200 bg_04.jpg
s0.2mdn.net/ads/richmedia/studio/pv2/85803312/dirty/ Frame AFEB 15 KB
15 KB 12ms
11ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/85803312/dirty/bg_04.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7449c651cd98e922e90c54da024e3fbb9f8ca32f4bfa42ec98fe8fbf4e215a0d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/7314573151872791710/index.html?e=69&leftOffset=0&topOffset=0&c=bb2yCdfyPs&t=1&renderingType=2&ev=01_247
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:26:26 GMT
x-content-type-options: nosniff
age: 18221
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15453
x-xss-protection: 0
last-modified: Thu, 02 Sep 2021 12:07:57 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 24 Feb 2023 17:26:26 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame AFEB 17 KB
6 KB 20ms
17ms Script
text/javascript 2a00:1450:4001:803::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:803::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 22:30:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Thu, 23 Feb 2023 22:30:07 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 51DC 36 KB
14 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame 46C5 36 KB
14 KB 10ms
9ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 72AF 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BMy7u7uj3Y6CsOJP33gP-t5_wDQAAAAA4AeAEAg&bg=!2dql2o7NAAZYlHKzeJQ7ADkAdvg8Wq4rJXqoXY0ckTg2JhEw-Wj9eibn-3b1au4pRFg6V_OpnjtbbZVwCoOjFyS9b-FXuDd_iOoCAAAChFIAAAACaAEHCgAl5EsYl9xuMRA56sOUmyKVPWxTPc98yGAmEAqY7qguYMeCOmo005kC51jHKnME-ebxQpQQavzFG_HuvmIZ66JXHbBtml14IYvwwvy0xSZAdwM4gNn4_SkksERng4X2QUSv5RLKy1vmTb6PEwZItgoPWTjiOc-KbFmyL8TZwO7dwiHPZs7sbLf_uZwnfC0I_VOiXYd4FXsDneg3byBVXn8eBS970w3F2N6aEro4KXty4jJ9BolgRCwB1rwU5MbUkIvQTjlpAjvLOzoZas8yF9-mKHGmeLn7yjPQ72fuI_DcQHyEZY6cuNwp9znozWxlcMZOwc_rqN2xSlvE8K3ZFrouEauxkW3tSxWpUM2eAzLmt3iQ7YBXIsWCC1792D5-MZ4fH_gYcrGal-R5J_KYK-OjeF6LtjdB6Kaq7Xozh0XyDh_p8OKEm6SFF8WvjyIvxlBb6AFxfTkcgYb19OnAVh-LvA-Qg45yata893Na9nSZeaTz201UMtfPk4OkgoKBEMT5SSLn5XSs25xostbIc7vbgdjzzdYwXUE5vqO_EgP-oGAPf0l18knKq_3XWSgz_Fd0Sbivmwpkm7nc7QBa-7nwd5lKbwqoxNFRxiq6VSMXXa1ZGHmReNA857wdUn9yPMwcParKSH51wu7ofzs4EDybrLuKpynlldtTWFH6BdG9GtLWmDV_n_I2KRuNoteo_XUE7cin_mtIiYr2hDYjUMOnzUZ0kmEZIskXqE7ygH-9HcgsYamjaAZEYPLubslno-h5RkiKWWIc2Bh0qBc8MWYIOiztatzjioAJDJOTUFKW17gRtqIGBvsKCrhmFsVbHj6j6qAD9Uksqufg4dZToGzUUSDnIBLhezyj99SEFapmjaAhdG3TvHjuVxeT51sRt7ugPuOWHIcHDY015uoSJXYXljDILbWEwrOuqmn0Y4Qz2xmdpQUeeXxaqYrCzGPNaxqM_e5g5Dz4BPr7Ek9DvKij5nyA6Fa4fWDOMwJFiXkXfm9C8aneKeQ2Wxje0FAjSOcAR4dH4WpG77C0PCZaIwzq

Requested by

Host: d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
URL: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 0B76 42 B
64 B 46ms
45ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvGdxWHFDIq27HP3SgQqKHgBMnk1GSTUAhyr8nVF-TPoFTCXTEywXNbUcmkw1lYHc4lwsjXZl8W54ToloMbXsS1I07O20hy5rdrprgJq_NT7pm4z-Hip9WHg1E-SfXyO8Od7NqfPw&sai=AMfl-YQABwPOLaVaY0sTqsIf2h_2hOZ-Mkucw-P48pe2xm6l9A00JTzFZ-nSNCbOPKQJmbspluUz8-MuX_bDaKy-f7n2wIfg1S2h2J0MwvDYAGCU3l4i1SwGwOQ1MdPvN38bgvIJn0SCzspP2YODrg&sig=Cg0ArKJSzEUR9XMVJ_GmEAE&cid=CAQSTADUE5ymAENeKgoQ-UP80kPTg-JElmBACHSlyNQ3do0OhI7HLrUVk1zcgeTJbCDGqWu6-x81xJ2h5HlVf0f0IRXqDfc-SaGioeFX78UYAQ&id=lidar2&mcvt=1067&p=231,436,321,1164&mtos=1067,1067,1067,1067,1067&tos=1067,0,0,0,0&v=20230222&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4087693662&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1677191406691&rpt=339&isd=0&lsd=0&met=ce&wmsd=0&pbe=0&vae=0&spb=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js Show response
pagead2.googlesyndication.com/bg/ Frame FE13 36 KB
14 KB 10ms
10ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7Lg35lthZ5bMa2_BIKuudMRVkX-RcQ_BXpABKM-oZgA.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Thu, 23 Feb 2023 17:12:30 GMT
content-encoding: br
x-content-type-options: nosniff
age: 19058
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14233
x-xss-protection: 0
last-modified: Mon, 13 Feb 2023 15:48:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 23 Feb 2024 17:12:30 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1862 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWkfc7uj3Y8DLNryL9u8P44iCyAUAAAAAOAHgBAI&bg=!Tk2lTRnNAAZYlHKzeJQ7ADkAdvg8WkvzLazN2761PXqYKm2Kb60i0ItbF6I8iO2JlAHDT5zlQeRd6qFxuotCVynI7ZbruPVjv3QCAAACUlIAAAACaAEHmQLps9M0krY7wyiXxJ_8_U0ZLkxwjbXfhUSQLtO_4UMrOpqFEOyf43G9vwve-Q86HDJcohRvXLnb5OlYwuZ1C84rg81JstwH2cfwpsEbiEUoQvm2ZYdDADe_OVi9AMTCYOQ1Fjv7VeJQpIff0NhAZtMHolCklA0s0MKIXtj7qKHIfUmMr__2I2OwPPHYQ1v5mq_WwZ3s4TOmC1XzRD_OOvzGNuRG9H3mWuR7rYMEXMf0Up_MwULi7GBvuiQJJpK1WvBC5lZAbYE0uAixrDTril_c4OxOIKaxWEpRp1I3tkG7-Nyhoaf6xRLqziR4CASvkuCiowef-cvmQGXWCue7tdkPZ08hppwSPGpHNuYi9TzidQ00dFpbjHsaS6M7ObfIn-8jTV5CGzkJAn5_Gdse2ql0KQuP_BhNHp9_frpeQtvgZn8yyKhteHwG75OnKt1ViRDpQyYusB2e6gpVxt6lw9wwoQ3o7m2QbfIY9RJJv6STiXTNocidEXoabk8yzA4rlG8Rucf0Bh4a_utMCvuPFY8Ck7xY7RWtNTPVaHpJ7XGsxxoyWyRyD17hkWjfnST3Kw4_oqnUIF2bT_iM6UzX4E0xJCTbbUc4PCzP3eqZ0rU1YZD6laTLUvxnihWLCLB-6TZgeoF2jL9bWC4KQ3lgRmHq2GGd73WISqXsb5XeXEIyCOAb8x8XWLEFclsb5jeU0LjgP-R-H_P5-PmKW72xkwVaMMNubMRMREo0hVsotlcpcsCOEPXAyKglZvF97Bmon-xvt3KX6nSH2jkbXEwGrkdsYnlGl20IL_VVP6rD2gcZp0KLcjSzAFxAqzLXm_sGpEvgIAqL-rA5Wnapqr9z62LRU3F_gcnUOFrD3PMyZoZIpYmmxJVvbVSoLO5dfZnVp7nwMmZD99nPsSVm5HEKSUf-CxSspG6oQYT9C6Km3-03yzlu6GcEJWZG_4UCyiO2X82_eHtIaaw4HwbHAHrOPpltbgr--PBNpPm7Ng

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8028 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BVjGB7uj3Y4GgOpOy9u8Pmd2b0AIAAAAAOAHgBAI&bg=!r6ylrPjNAAZYlHKzeJQ7ADkAdvg8Wmey6CAu_J7_yF-ImZ381GqkbR7BFmOqv9jxwsts1L5GD5MD_w5SWpA9XYvsy3azSIbX1vgCAAAB4VIAAAAGaAEHmQLpkLEdWdPtqxauUfNNmfxOkJ_c4ZGcUGLSiKf0LsWzUkjDvwQBsZPQIEYFYpbrmv_chCx9tBp8XAJAzJODbQXokLXn8Aa2ZJjj4fvhrNSbSKi-OW01i5DYpNo25Jm9rWhqp6HH-Yk_yWp0xEXi5P5FtcjfaK-F2OnGebXMX2Wesise-tKurghER6BrLbOwLDUJnEUofCHsqKRHmygZ8tnwDMJNbRSZog2420KvZ2yIWILVyGWwxil755HKmnfZg7Rl3EGw04f2i7bfmRq3Nqsen2BKWuaBnDQGeMPN8NVgyKjKyKOsku-1VHjcelfvhM0VcTq6LG4S9IA0tY5xTgrwycumqH1odUHspXvIBCLnEdhV_oGTOqkFOIdYxDVHWMkepEoulnBpbEe_xmSobBRlYdhMUKFWk-rwXWze-20db3B9xd_EftDrT1PvnoMqHw5HSw2VVLp1f7t4jwKMKB2oeonpR--bOyPLkzWiGeeRw9NWK_HQqdjJ7lZzDar0tA-hwtOG8spbunu4LkVycdr2CQkgdGLoNVkL5uWUXr7tXSSLOwqofI0OmIb58Tg6S8wMaDCD_PSaFylOyNLjC_SfAu6IzyxbbQV8-yuKPxDQ95UNouniHiqMCFpw2T6aw3vvLt8x0a1eP92KHxJ1_LM-yW93FcKvuY5H41H3QlIXbMUjlvcaE1ATV0LDSLm9peKtcQgcKhvvpfqsUgFsrwF4ebIKsgKNNGAH6X31YhsQMtL9asmFhh1viu3waBXR8fgoIGYNBn2bGn20BW1ZH_-ypXy9Z88PlJQXLzywonOYt4gEFsnhzwMsa9706ZP5d5HXDy-uvhOB9HV9JzF-2upbksZUT-VoKM_awb694HY6GGPgFHh41SCnBlAQG3c3u-3Q3RVOE3ja70CtqojIomnnqqed8ii6KeeMWonIRDo7XQdpihUP87HgwB85BQ1GWIh2Dnx0f05mxU_YjcgtwfXPI_PMGFnI4UR0lQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 98FA 0
20 B 47ms
47ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BUyHg7uj3Y-bSN7qPjuwPv6W4GAAAAAA4AeAEAg&bg=!ZGelZzPNAAZYlHKzeJQ7ADkAdvg8WikdLrhlocLdU8KVPHDeJqUrK9samjGkrXuSXgE5QQ0oIXB8BEu6Jggrr_ujldG6wJ6Ste8CAAAB71IAAAADaAEHmQLiwi1TAmj4QRjH-5H6SWEDSLqzKX2mmelR_D9VbzFTqWxebjkq_w-GvYL4CtKK4CIchExJAzbeAOFSp-bVCXECGA5Sb6l-TAOCiHi_h7_gVdQKJ2eLWCN2wgF9_0s0aBida2bD7RpRo3_dtCC3vebZBfwnSFHoJ7hpROaEm1Yy9plSXIjegRws96CMbCYhO1cW6I6fF2U4IWrPS3CWEIaTH1jFPC7FLfMiq1QCKJPKDWTctZjDGvYTVazh-s7UYblO4Fa50xuQAbR23r6ka03PQVvYl6tarMXlSeL6yS1a1tg55xFHPuQt_15gU6i3ujbuzeZfBpwUXXQ6eZKr_oVuXVp4OVBBXpsEqWYpqHYN5KZQtbLt_H4zTyOKM-jsAHMf7lLIBWKNoswV8zzLGzcxnNUjhIevsqRpY4J76QJQgvqtffgatcJuhzsquvTTohXxGgmHBV_PaQ_3k8e23USs0L00mowPyUW_1XmlL38ArYajmu0ItofuSAE66oT6HJjo-R5Tw9uZmtyhwgy9TXDLXWZepoOUuxoJLYBx2w8JTPALJRTJDNk4BwY9I2cRB0vF3Kbzeut3MTCrR1AFuIYOZKCDlqzcWJPkCDiKMPTAoa8FkpICeCEeb9QD57Rto2gU5F07gUeQRxc7bekwUgPaVZ4RxAzlHFUdfF7jlTxrYOQtB0XwB07ZJTmC2JgzOyOmQbGD-jCos0yjG-oaKA2OgP_zhswa2t3sfQScXCEdfEG_mR_nn0aDbNtzCFOG05XKxrmRUg9wMQnbXJnawhPbfjJXIAwaAk7h1ITzFjYOXH_zIJjJcQUDAX2DijQ1Zu2zJ1H9Z1Jjrgr-DTiPEpOoqVymKYAzW0vdwtG12k2bUD-ewez_3bBBkFkYpFJBInXEiad1X_IMsP-hM54FnARhrX51x7TQ-OEnN4FEJ6u_3yfd-1GTm-AhDkklFQQFEVpvsB7rAkNwGZmMCoJsN0O3H-m4

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 82AA 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BIKtu7uj3Y6zFOd7jx_APhN6ZoAQAAAAAOAHgBAI&bg=!BAelB1PNAAZYlHKzeJQ7ADkAdvg8Wu_FSWHXpHB5-1eAuiZhvaZ6lrnlenSXdNec5d0DNm-v2pITMSMaaBfiqpHaDuNZYuoTbz4CAAABeFIAAAACaAEHmQL1j8MUqmHaluVWTgIWpvKp6UeOPxczE16FC2fIBN0KVzlQqjSiHx9aEpfgJz9APFVuP8Fo8ZTT-jjmPR2CsfUbjHb2qaNOIlhP7zTWl3QcqJWron6mWQ0auch8dHKLFIJnR2RXj1DGjG9I12-X7LdebA0sTv38-m8LkjPYmFDVOIB8wcJXr8QiqX-R8Md3rq1yHN8aogNfUqhR7EM766WP_U2n4Qdp5yIvbwTqJj4f3ji-wialXP776tSRPqS4CVaG3e7pVTA37tAlqH3Re7QRKXhYYziQeTXia_O6NAx9Ol7EGXurvOeMrthU8ZUQMaUdyjTZ4-uBzWwrcaw7Gb4ldkNmv-DDCCQvOsa3gTUR_DeOoH3XDJxnAmtdia7coBZOw03J4OqJYvcI2Qq9jgL1iSjyjJw-Vd_M5bsWJUe-eBSCk4WjQZ54I61bN_0Mg9meMnEyCAe1ykHX8VDAdaH7pRI__iMfIpQM8sMejJO6UVkE-OcqD-aujz9r0TdecKsXXB92scYDOEnGsjj_Zjaqtin2AV7BIdq5E-9cvPnQYN0T63t31hOpg3r71NWICeBBsC3Lycax8ku0J7Hi_4BIfZn8Vq6fYC8LzUWdmRiLsaf-OeuW7j_L-tTVbnNLLAjUpihNjuin-nWRcftN-JX-LNZB_BDU1QVSxiAqAxCD4U6IlgvwEaYsr0ZUp58VU23y4kliI2jw-RJBtRUqtUEEyNEo38pVBs6upMRj69rgesNRedO666s7rg1GRwirYoIuw-rdhGglhRnAlbRMot6LWADr3Q3eFyO2OUMC9qgnPFQR3sBOZBXm95mxztybSHXG81YhjtlLHE-rykuZ2hFk0_6iaDSeTeuhnOVEHHzewhIrcJBxIutTiQuINyp48SMNqSyA1ju0dVQVw8DYcJGxm95STrv9Sd19thoJI36p5VXh1EMTn_uZ-Ih2nJaaQea0OGzNfl5S3AQ213zALO674l2igG-CH-s2i1tvKdgD02a9ae1I8w

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame F050 0
20 B 47ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BewnB7uj3Y-CDOtfi7gPpwaDQDwAAAAA4AeAEAg&bg=!7e6l7rrNAAZYlHKzeJQ7ADkAdvg8WqT_eAPYvyXzbxdjrCcOC_DhmtckNTIhZ4VAIg1TdfR3tQlFKSTPaCCDok0PzcwSChhkVe0CAAABgVIAAAADaAEHmQL3CzX9Wt_6cPp_ZtkjCXhOS4w7gf0qVCgkK05Lx8V6q5GZ59hJmILfr3lJRLM1TgNZ2JsbZL5ZElHAckEiZFnk4bjmNlTHepSZMnQdlxxb2yubsecCMb81KkYH5ME6_oEwvySD0_xfHiDgHG7XfVTEyixNGjsOBftaQYvBcmsTDChPWPYB-wm7pjV2W4ERw7mdIn_INNxEVojoyAJpbLh_fOACl7GYRGj32-h1e2r6gRykcS56_ob7-YcGK4me0de3NbR0-k5cw59eQna5wMvSW-BldOipiC6LebLh9nTlN5Zi8xUbikLbT4yS9xYAEIHXUfHyTkzoY8xOlyulf55EdMpX8DzqJ6HuPn6oZ0FQNUGR4zUExUWr2WjcVXBRnN_1Gb5lMUvCsZghQQWg8BHA1NetByKF1U7sfPgshJ6GaM1RwT9nqLDCBMKfhPqsUQnBcOPvYoXzfNo-UPOEaMpP8hy91mVERhSjOLE3Ah4P17vkV453P1bISGp2VhLiCrdeXrF169C_FD2yovIKAU7S0AggYKeaOr-tRKFQ926QKBFkKPiVBEFASWff3IaXkawvwu1Zd46PcpFY2f1BzJV1_-l52G1E61UwwfCoFxsh5-mDZ7dAAJ7onelVRCG9_9focKyQNMMCFIKEFnqe5d1vVtPhzCCtK27ZuBFHEsqzLPHC19gQn90qppYveQoe5P4alKjqqgJkvMAc8QVSEogvJ0qid9kV45hKiPmmpzgCbQaZ5Lskfba0krNDiqrJpXICX2vN60-9IsbJR9nlRXA-q7GjP1eJQZjw-h8M02lAItsRGApDevIPu8fijgpwOYcrxHDrQi8rDi_3mvDcKI7LD9uppmG11ESERGrxEHU3K8ukN9UsN92Y3t0Yw2WYIyvnpi7P-db-fs-J2-FHqIPEHatYt2BPDGfqSQMA10GSyxJ8-dmcWA-MC4CQmNimsuiLAK0xVnpE8DpFCr8AqG4753lR2j6OXR0COVYlg-mTEWdLrn5VmuXE

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 412E 0
20 B 45ms
45ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5272363263334&version=m202301300101&ct=76&x=1&cor=6358083363451280000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 590F 0
20 B 43ms
42ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=1216178913500&version=m202301230201&ct=76&x=1&cor=14653678245303700000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0B76 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=3495568889606&version=m202301300101&ct=76&x=1&cor=1035135912888594400

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A267 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=4589946411642&version=m202301230201&ct=76&x=1&cor=9684460018107953000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 94ms
20ms Preflight 35.177.2.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.177.2.226 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-177-2-226.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 23 Feb 2023 22:30:09 GMT
server: nginx

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 30D4 16 B
232 B 58ms
58ms Fetch
application/json 35.177.2.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.177.2.226 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-177-2-226.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 23 Feb 2023 22:30:09 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 2964 16 B
232 B 78ms
77ms Fetch
application/json 35.177.2.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.177.2.226 London, United Kingdom, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-177-2-226.eu-west-2.compute.amazonaws.com

Software

nginx / PHP/7.4.26

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 23 Feb 2023 22:30:09 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.26
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 86ms
20ms Preflight 35.177.2.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.177.2.226 London, United Kingdom, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-177-2-226.eu-west-2.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

access-control-allow-headers: Authorization, Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin: *
date: Thu, 23 Feb 2023 22:30:09 GMT
server: nginx

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2964 0
20 B 43ms
43ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=8040859590768&version=m202301230201&ct=77&x=1&cor=7514744574299424000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 30D4 0
20 B 42ms
42ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=5401077671337&version=m202301300101&ct=77&x=1&cor=13143234079973513000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 23 Feb 2023 22:30:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 06f91b438b5c0d7fe6dff4bf6c24cf00.svg
s0.2mdn.net/sadbundle/16845539166636067700/media/ Frame 0CED 5 KB
2 KB 10ms
9ms Image
image/svg+xml 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/media/06f91b438b5c0d7fe6dff4bf6c24cf00.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/d12dbb370e861ada20f5553e973b3eb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eb4a29554c161fc6298d26273c106770fbe6c66bff37bb0db2e7826a9f84cb4d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 08:39:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136230
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1998
x-xss-protection: 0
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 08:39:42 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 0CED 4 KB
594 B 21ms
20ms Stylesheet
text/css 2a00:1450:4001:82a::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:900|Roboto:700

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/16845539166636067700/d12dbb370e861ada20f5553e973b3eb4.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

80e498438e934eb29a3200d9c942f9b38067fda5fbf64fc1a63c1fa66741b581

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 23 Feb 2023 22:30:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 23 Feb 2023 21:47:53 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 23 Feb 2023 22:30:12 GMT

GET
H3 200 84d1cb445acb954de3d40ded6b0e2abd.png
s0.2mdn.net/sadbundle/16845539166636067700/media/ Frame 0CED 1 KB
1 KB 10ms
9ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/sadbundle/16845539166636067700/media/84d1cb445acb954de3d40ded6b0e2abd.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

066cf6c36c56efd0decee2cfd9fb46a45bfcf1d196f12e7d8b87eaa6754af50c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/16845539166636067700/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date: Wed, 22 Feb 2023 09:02:54 GMT
x-content-type-options: nosniff
age: 134838
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1462
x-xss-protection: 0
last-modified: Tue, 14 Jun 2022 11:37:07 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 22 Feb 2024 09:02:54 GMT

Verdicts & Comments Add Verdict or Comment

247 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

20 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-20 14:12:23	Name: _GRECAPTCHA Value: 09AJBLKW0Zn5Cg0R-MGUSE7VWpMIOyL8cLPvWtzLPj_vHwoy5BUwcaYIuS4cYqsW_G64VyZx-t5P8Ii85v3pbXc9A
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: z41qgp4QHN0
.youtube.com/	1970-01-20 14:12:23	Name: DEVICE_INFO Value: ChxOekl3TXpRNE1qSXpORGszTkRReE1ERTJNZz09EO3R358GGO3R358G
.youtube.com/	1970-01-20 14:12:23	Name: VISITOR_INFO1_LIVE Value: Oh071QkdJVc
.observatorul.md/	1970-01-20 19:29:11	Name: _ga Value: GA1.2.1333178682.1677191406
.observatorul.md/	1970-01-20 09:54:37	Name: _gid Value: GA1.2.1600126100.1677191406
.observatorul.md/	1970-01-20 09:53:11	Name: _gat_gtag_UA_68382926_2 Value: 1
.observatorul.md/	1970-01-20 19:14:47	Name: __gads Value: ID=80ebfe372defbd17:T=1677191405:S=ALNI_MbOn46L8NmYdCEGsngfKbQDaJMovw
.observatorul.md/	1970-01-20 19:14:47	Name: __gpi Value: UID=00000bbb34d38026:T=1677191405:RT=1677191405:S=ALNI_MbMlyMDkQBUvwd3eKXA0bBOZpwjeQ
.doubleclick.net/	1970-01-20 19:14:47	Name: IDE Value: AHWqTUkGEHD4AX_DMHeyGkD-RBeIYr3meWHcfH90caUs0fz5fky4t8GOqlU_Fpmd
.casalemedia.com/	1970-01-20 18:38:47	Name: CMID Value: Y-fo7leb0R.BtUELNJMy2wAA
.casalemedia.com/	1970-01-20 12:02:47	Name: CMPS Value: 3398
.casalemedia.com/	1970-01-20 12:02:47	Name: CMPRO Value: 3398
.adnxs.com/	1970-01-20 12:02:47	Name: anj Value: dTM7k!M41.D>6NRF']wIg2E>@sh(NP!]tbPl1M>e)ZlrFUfJ+tGXxoaLB(g*Ae3sA_d)rf?sTt'HM/jm^NG%su_NpW3If)y3KL9D3I?+B[^Xra
.redintelligence.net/	1970-01-20 12:02:47	Name: 8lcfmzhxc8d6_uid Value: 8565c0de1be513c8
.adnxs.com/	1970-01-20 12:02:47	Name: uuid2 Value: 1744556960495643172
.retailads.net/	1970-01-20 10:36:23	Name: ppb2172 Value: 2304340530
pb.media01.eu/	1970-01-20 19:29:11	Name: DTU Value: 274FF5586A2C86CBB1ADB050E6B5A64D
.futalis.de/	1970-01-20 11:19:35	Name: raSIDb Value: 2304340530
.office-partner.de/	1970-01-20 19:29:11	Name: source Value: {"webgains_webgains":{"timestamp":1677191407976,"clickCookie":false}}

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5994599.fls.doubleclick.net
ad-server.eu
adservice.google.com
adservice.google.de
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cdn.retailads.net
cdn.track.production.webgains.team
cm.g.doubleclick.net
d8f2c91d3b8d048cb5aeb859da9e01e6.safeframe.googlesyndication.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
futalis.de
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900023.redintelligence.net
hal900026.redintelligence.net
ib.adnxs.com
medialead.de
observatorul.md
pagead2.googlesyndication.com
pb.media01.eu
pixel.wp.com
pv.medialead.de
s0.2mdn.net
securepubads.g.doubleclick.net
stats.g.doubleclick.net
stats.wp.com
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
us-u.openx.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.youtube.com
104.111.217.42
116.202.48.214
138.201.84.244
142.250.180.226
142.250.186.166
142.251.39.34
145.239.193.130
18.170.235.198
185.80.39.216
185.83.142.19
192.0.76.3
194.31.42.8
2a00:1450:4001:803::2001
2a00:1450:4001:80b::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:812::2006
2a00:1450:4001:812::200e
2a00:1450:4001:813::2002
2a00:1450:4001:827::2008
2a00:1450:4001:828::2001
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2002
2a00:1450:400c:c0b::9a
2a00:1450:400d:802::2002
2a00:1450:400d:805::2002
2a00:1450:400d:80a::2003
2a00:1450:400d:80d::2003
2a01:4f8:d0a:2321::2
2a0b:4d07:401::1
35.177.2.226
35.244.159.8
49.12.16.151
54.76.176.197
65.9.66.92
78.46.23.46
88.198.250.30
94.23.99.218
99.86.4.52
02059741f67023af2d0e7fd275753370a8212eaa30f3f9ea14c249a273672385
066cf6c36c56efd0decee2cfd9fb46a45bfcf1d196f12e7d8b87eaa6754af50c
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
092804d065eee9d096bea623a228ce7fe27d7791cd9f50f2d3faa63b1c54668a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0fbd6de851ede030dce80e9796da65a1b45754f4ddbbd56a06d525508f853b77
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
133aae04f1b1832056cc5c2203cd3436b6858da2d489747987bb0d6058476c69
16b432ac8f43a6b2d8aa358f41ee60e2ef5923b2645bf2c37f3a06f8334b1557
17e5512817e7ce7b7a4f2077034a6000103d1d55dc430f2c3a96c52cb8ff4cb9
1925796b9ad5cab2500599dc96085cd017eae1c007b023d8d987c09d34b33051
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
21437cf9c0d87c2e3c6ade864137f5536fd865a64333075ce431174e342dee74
22ec56df25744866a27efb0d3a95c71bec34cd151f986376a9f2e10f498760c9
24c0e724005344165ee0a0ff4c96a914e174bb4caa20c8a533fb194d92853e95
271f044dbafa75bde2a5673bca969fb7953268daf9d0700743c18ceb132aa137
2a2ac34136c00e48cd04edf792aec5e6dba2b4cd5942b9383f3f56764125e808
2d9846c89c050a3b3da15e71d6dce930167d20fe186483fb5f053376b5c1fe8c
2df8c2e1525992c72ee30e6e57e57c302808b343d3149f629df7929713ff0839
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
346b4947f4d3bcd96033f857abbbe4c27fd141d7029db1476965956351ed6b6c
347994f2b271030fae86aa3b0de7cbc7ffcdb19b612c61cad0bea5847b1c12fe
3639d369e9cabef9cdb223d5457a37e9e1b6e26986a8e460509beaf87fa41408
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
39189fbede22ba55e9742912e4b5784e73b9ec3f02e5f4f00c99a686a2cc9f18
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
420f070bc8e451625ad83e325ab4ca173e328ff44e4786dcebb5affbe5840d0e
42fc207ebec992c03f7e8b3bf2f56ed07d798add6da0d4e91777eef7c9262875
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
476ddba57ec47018813504af107bf61f11ef9cb6b7edfd75595070fc49296a86
47a278025cea905349e975bf082b6d027e22a536a4b3d370afeb04d8fc5b2ca4
48cea39a6d9f368a9d78b07ddca02043a884d1e871b5b39267d4ab6d245753cf
4974622fff31e0fe9dcc6c31c33e3f74dfb665d2678bd876ab807506e3bab60c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4caec19fb48c8b123d8f1dd3443f2bd70863adf6408db3ea83b1ee46df65c454
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4ee867c767f824c3e0a7aeb61f999c06c5016f0e949f25848ef053c56282c8a4
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
524c55c8d2300cce448d346b995650dc7fcd703ab0c3734c057147b5c69d3773
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
582ca1c5738fa2697949cc4a495418e42df462e2bc3fc62bdae126bf159b6af5
582e283baa4cce4006055beb2eb8fe257c1ec5ef573a40f173b880636089e8cd
5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de
5a064c8f9ca44c02248a7e18e762f6ca616477ebc3b9e13a896fa4d6f74ef202
5a23bcc2ce333f794dbfb8153df1c2027d15f57ae745ef36f17a3723b6342510
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5bcd48bc60c8cf15dea9969227f2a353937b4b50d1201fa811f7b8c7d3ce5aaf
5c9fbf03e48789eb400de4db9fe508e3d651774864af09b07a99a75a42b23609
5e713a207017a40f54387d0e25bbb3cbbe1b3d10338cdd4a7342cc1486b19140
613d9712a6ef240f7c59a380d457bb6bc5d5a7b93c0202c4daf0beb61005acdd
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
65ecaacea233cbd58cd42e885e80df77cbc92fc6cfd6e85f1d0e9d2852e1e7ed
67c6b0c8607dab460d3192871acbe8682637608c9d575875454379cf669d7330
6b39918a1e0cd845703ab0632c597ac316e4fd27ef61beda023e43f929229c48
6bca06fb9b679d59cdc80c60910dc0eb308a54ba791cee15ecfe4a1da67a5c82
6d725b51f41604c7a7106349635e611e7b00322c2e9edd763c86accc024a13a3
72217fac30d9f3543af6009012ed0c8209afa264dfbd81a64ec57b9e8ce130dd
725b03afa58a562e616fc50b46e25ac2198949ef365fd70215eec874fa3afceb
7449c651cd98e922e90c54da024e3fbb9f8ca32f4bfa42ec98fe8fbf4e215a0d
746038be346c1d43d531ede4dbe2398bcd82d2224346dc6d2589ba0c6f663b1e
7521d0e724aa9d43643a33c2122dc25d7010488ad43fe58d5940056b4aca8938
7548a15897e3d28f454cc04615e5b512da26b995a847d5b547773affa67cae22
77f5a18b6642c47b2db73047d2a40465028a86a9337a36a3f39ddb6f1cd00208
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7b6736a411bdb745af1f206b1ac36c5339678dfbce134f89e20c565b53b39453
7b812daa122ae5ffa1ffa3cd7c12ce0e7f2d2a0cd70ad48fc74178c8a87406ad
7ea4fee07e12460869576c5569bd86126c31b68475795bf3f4d986c6091434d9
7f1c829b0c90fd664a03bb714a74f7d35d9e38ee1687104abc8ad5bd9c8ccb6c
80cfa5fd889c3e11d127ee3b1fffc53cc8f6df9e1836f9df2850e8302c43fdd0
80e498438e934eb29a3200d9c942f9b38067fda5fbf64fc1a63c1fa66741b581
8294f47c10ab9172680f9bba780fecd122dbec7acc578a6973704c97903a8915
82d0aae1e7b8cfc0574d6548d1f35096f5e4310321aa964ff3fdb46c4d12e302
82d63ecef7851ffd217020b3817b0206328488879b0c782f9b67d43bd1479a2a
845df2e3ba9f62696cd844667dd1c9168859b8b6139826789d222fe92a820470
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
855e15fcdc7a729b06238328936629eac46e2251d9d3d71a5d65510451f4e7c1
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
8810ba3440bf482ced33d2f74b7803bba711f689d8e4caa7da5c6ae6844a1b49
886981f0280d3227cd6b8391c5fcff416e580b37f7ae239f510f8c85f67e31ed
89b0e7bd1d2ca768848429a2c45e830ca0df41148cfb7ec8be194dc14538e1c6
8f164669dce7392902490a595365c17c94c5dbd093283b1b40b29bde0da9a649
91c2533e381cf3eb842729f4a568bb42448cd8ad1d482030a4895015e3015e1f
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
952833e41ba7a4b64c31a2d7b07dde81bf5bbacf5cbb967821cfe459d0c4a0d8
9616b76c3b0cb92677905d1a288f0ba3192550f11ea33a1dcea9f16321fbe50c
96da839661d63f7cab3dc3e43613fee97166a472555cc91df21777d6d83e58d9
9801565355f9994078489336cd3fddca254f0c95307086c83136d509ddcf5b03
98af728381c06322865023cb98105cc322f91e402a5c2a23546f065c4dae3a4b
990a271e4c03eec99796de451f8be26d0402175358ae426d6e46c270a0bc9e64
9b69d681b11f17c376a97d3ca8a1aca7eae44d51937a7df9ab019a7fd1095547
9da238ca619f3bf71312de3c9c913c653941ada56cb5e1601aafb6094ae51cdc
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a0a2f225a1a083ea23e6d337b13cf22c0d4e5076e9316b7c9d520dc954b01c09
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76
a58212f483ebcd45ccb9a9fcb48e034fc312b45270447be3b3020e263a9b0642
a70a88437d8706145e03db3bcc27e337345411e56c03d987067c7cd2bf14d804
a89e8ee1fb1de9b897d586b5a1f86d998cb19cd64a09175e1ee6d5f8fc2f8dba
aca87497499f0fecc113f571e048583c158381431903d68c0cae7303314a52b9
ad30314069f6cea8140fd310a500780fc7e93ccac49ced3eec9cb199ac626536
ada205dcd0b85b27eb80f85833212b3241a82ee768ea8e604e83365fd0eb2c2d
ae6c7726f70351527b6ceb96d4cd80db96c4e010eba59e8bbbcf161eb08dd792
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b1a9f51121ef00d4bc11c410113432813ddbdcd85c9f2aabbd2c2c23c87408e4
b58adfc8c469954318cf589569676e6affe4a2813307810803e4c361d0454427
b5aa252f4896ead3a9e0385d9a6ef9b71b6b95ef2c985064a5bad95515e21e0d
b7733207cffdf30a54d5243350f4d55e696721a83a3022df349ce7ee17cbd3c2
bafbffcdc5341f7736830ddba5c58e285b7ed6e936ae97a717d80edba16afe21
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbf1f50f64c6fe71d10d27b6364653f2d2750de095209fe0fb39fe0bb7cbabbf
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
bd4043db37644ab80bf71ada4d19a3f71261e2934d07768bb70cfe9b6260665b
bda4626079d40384245b08cf2cbe79ba640b342ae024acefa024896a51a5d92f
bff6030a331b81cd98d18346d460a26cf52d900edc6125022ddb4aa61c7b1ad1
c0b8d838ecf40c07188ca2f53fd40a37c6ba8a1e2e4f17376119c222d44e14ca
c104b0d3d4860a56c07fff4d1d596827a5e69eb5f27ebdcfc33f7ea17af63a1a
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
c45a84e5e0ff6ed83afd426788be38a5cbc442dc6cce4631bfd5c22fdd1fc8df
c8c0d9cef77103cb6223f3e4c503a04953b74b12478978dac2738342652b0ca0
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9a612722eed86936463bc8772a9d4509e0c24f22485221beaa583a60079fef2
c9f5cca9cfd7ad1f3d001037f5c31ee9a742d19cecb906b3dbd8dc8f1462bed7
ceb3e60256b9878db098e1011f6daf19c14b64c1b59b41933fb57a83482610c0
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d2054b9fb412f742d8d13aa75a48e59b830094999f9000ae8c69916e11b8d805
d2c9f518ec6a8748dd27703e15b4c4c1f44590cee03193fe9c542678c80c6b27
de0612c4b4b44658387671e1dc3095ac9fb94e44e61a2d42363c10a386fcea8e
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
dfa1ecdb69b9ee93e87159bfcd4ad2b1248a7de0d6346fd42e0b600723ae7b6b
dfb1f667f1c1811ad36406f4c24055bc1cd750d9517a836acd40e0cdd38769e7
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3278f1623c1fc62edc513808d2592a3803c9dc90a1056c80f527fb2f67f11d1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41d1ae45acbf836b8dcc29544c7e41cced4211214df601d5284a7e9c7134c73
e7820bfbe592313279ce97e810a7a5c5bb6243e38a920c3bc3d5eaa43043cef2
e8b9f230be361444ca929718ca596995ed4519288374b7f69530dd931474325a
ea33a2995f3392ca00dd434d36340f42a5aa0c575d4647803bb1009ba8ae4fd8
eb4a29554c161fc6298d26273c106770fbe6c66bff37bb0db2e7826a9f84cb4d
ecb837e65b616796cc6b6fc120abae74c455917f91710fc15e900128cfa86600
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f031d0330fa0902ad02a7158a8b4aa01cefacc0f4743ab7b78f4ed517723d130
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f59982bcdad7f7dcfac0864c6a1506bcbd543c53e8636206d93b2bce7dfb4488
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f9720c5a1033ef0329e72108986f25df943a8329ae3932457dbabb5d1d75939c
fa4504085c45f760f430b2e0e9e96913be740096e91795392de854c2a6679556
fc66f942651a9fe1a598770d3d896529dcd7a03d02f40655451513093103e61b

observatorul.md Open in urlscan Pro 194.31.42.8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

305 Requests

92 %HTTPS

48 %IPv6

27 Domains

42 Subdomains

40 IPs

10 Countries

4730 kBTransfer

10930 kBSize

20 Cookies

9 Outgoing links

Redirected requests

305 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 14 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

observatorul.md Open in urlscan Pro
194.31.42.8 Public Scan

Screenshot
Live screenshot

Full Image

305
Requests

92 %
HTTPS

48 %
IPv6

27
Domains

42
Subdomains

40
IPs

10
Countries

4730 kB
Transfer

10930 kB
Size

20
Cookies

305 HTTP transactions
14 data transactions