firma.com Open in urlscan Pro
198.211.104.201 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://firma.com/
Submission: On January 19 via api (January 19th 2022, 5:55:45 am UTC) from SG — Scanned from DE

Summary HTTP 51 Redirects Links 40 Behaviour Indicators

Summary

This website contacted 13 IPs in 2 countries across 10 domains to perform 51 HTTP transactions. The main IP is 198.211.104.201, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is firma.com.

This is the only time firma.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
5	198.211.104.201 198.211.104.201	14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
15	2606:2800:134... 2606:2800:134:fa2:1627:1fe:edb:1665	15133 (EDGECAST) (EDGECAST)
8	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:812::200a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
1 2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
51	13

5 198.211.104.201 (North Bergen, United States)

ASN14061 (DIGITALOCEAN-ASN, US)

firma.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 2606:2800:134:fa2:1627:1fe:edb:1665 (United States)

ASN15133 (EDGECAST, US)

pbs.twimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	twimg.com pbs.twimg.com — Cisco Umbrella Rank: 668	41 KB
14	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 100 tpc.googlesyndication.com — Cisco Umbrella Rank: 124	218 KB
6	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 46	37 KB
5	firma.com firma.com	284 KB
3	google.com 1 redirects adservice.google.com — Cisco Umbrella Rank: 80 www.google.com — Cisco Umbrella Rank: 13	1 KB
3	gstatic.com fonts.gstatic.com www.gstatic.com	84 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 47	3 KB
1	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 165	38 KB
1	google.de adservice.google.de — Cisco Umbrella Rank: 8028	792 B
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 777	641 B
51	10

	Domain	Requested by
15	pbs.twimg.com	firma.com
8	pagead2.googlesyndication.com	firma.com pagead2.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.googletagservices.com
6	tpc.googlesyndication.com	googleads.g.doubleclick.net pagead2.googlesyndication.com tpc.googlesyndication.com
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com googleads.g.doubleclick.net
5	firma.com	firma.com
2	www.google.com	1 redirects tpc.googlesyndication.com
2	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	firma.com googleads.g.doubleclick.net
1	www.gstatic.com	googleads.g.doubleclick.net
1	www.googletagservices.com	googleads.g.doubleclick.net
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
51	13

This site contains links to these domains. Also see Links.

Domain
twitter.com
t.co
www.blog2social.com
mobile.twitter.com
www.zazoom.it
desolate-dusk-12138.herokuapp.com

Subject Issuer	Validity	Valid
*.g.doubleclick.net GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-12-08` - `2022-03-02`	3 months	crt.sh

This page contains 8 frames:

Primary Page: http://firma.com/
Frame ID: 9749DF9204F13C78D3BEA7891BE4F875
Requests: 30 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220113/r20190131/zrt_lookup.html
Frame ID: 1CB6142682483C6A4AD727320904C9F3
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&h=90&slotname=3710581098&adk=2256647989&adf=3175363789&pi=t.ma~as.3710581098&w=728&lmt=1642571741&psa=0&format=728x90&url=http%3A%2F%2Ffirma.com%2F&flash=0&wgl=1&dt=1642571741152&bpp=4&bdt=809&idt=248&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=4888858955500&frm=20&pv=2&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=428&ady=429&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=nDRwOXgxkr&p=http%3A//firma.com&dtd=262
Frame ID: 76F522FDB5739DFF6073DA1AFD5BEAC3
Requests: 12 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&adk=1812271804&adf=3025194257&lmt=1642571741&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Ffirma.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1642571741168&bpp=1&bdt=825&idt=250&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=4888858955500&frm=20&pv=1&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=254
Frame ID: 66DD46DD2B83F85C23AC0AE450C3B814
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 988F10A32AD78B676A303B6D011A3D8A
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js
Frame ID: BD2F4DAC85E05604D022C3051AFE7D6E
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 7E319317839F8C503259A239C1B49F69
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 592858EE9264995A9C72225EA7D583A3
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

firma | A digital asset owned by Hyperlink Web, LLC

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Page Statistics

51
Requests

53 %
HTTPS

83 %
IPv6

10
Domains

13
Subdomains

13
IPs

2
Countries

706 kB
Transfer

1272 kB
Size

3
Cookies

40 Outgoing links

These are links going to different origins than the main page.

URL: http://twitter.com/download/android
Title: Twitter for Android

Search URL Search Domain Scan URL

URL: https://twitter.com/MarleenaIsomaa

Search URL Search Domain Scan URL

URL: https://t.co/dXoDmnVmWM
Title: https://t.co/dXoDmnVmWM

Search URL Search Domain Scan URL

URL: https://t.co/bNtWJMC0Cr
Title: https://t.co/bNtWJMC0Cr

Search URL Search Domain Scan URL

URL: https://www.blog2social.com/
Title: Blog2Social APP

Search URL Search Domain Scan URL

URL: https://twitter.com/BarkoTurk

Search URL Search Domain Scan URL

URL: https://t.co/xnA24yujK9
Title: https://t.co/xnA24yujK9

Search URL Search Domain Scan URL

URL: http://twitter.com/download/iphone
Title: Twitter for iPhone

Search URL Search Domain Scan URL

URL: https://twitter.com/manueladiminu

Search URL Search Domain Scan URL

URL: https://mobile.twitter.com/
Title: Twitter Web App

Search URL Search Domain Scan URL

URL: https://twitter.com/STEinforma

Search URL Search Domain Scan URL

URL: https://t.co/oGWa5sHzmh
Title: https://t.co/oGWa5sHzmh

Search URL Search Domain Scan URL

URL: https://t.co/ZKlcUcLVLa
Title: https://t.co/ZKlcUcLVLa

Search URL Search Domain Scan URL

URL: https://twitter.com/cobras_santiago

Search URL Search Domain Scan URL

URL: https://t.co/7qnirigAnG
Title: https://t.co/7qnirigAnG

Search URL Search Domain Scan URL

URL: https://t.co/h3mAjtIPZc
Title: https://t.co/h3mAjtIPZc

Search URL Search Domain Scan URL

URL: https://twitter.com/tusletrashablan

Search URL Search Domain Scan URL

URL: https://t.co/0RDVnwuMWn
Title: https://t.co/0RDVnwuMWn

Search URL Search Domain Scan URL

URL: https://twitter.com/MARS33_official

Search URL Search Domain Scan URL

URL: https://t.co/sWJbLaz5R4%E2%80%A6
Title: https://t.co/sWJbLaz5R4…

Search URL Search Domain Scan URL

URL: https://t.co/ayQftZBmLJ
Title: https://t.co/ayQftZBmLJ

Search URL Search Domain Scan URL

URL: https://twitter.com/KursnaFunta

Search URL Search Domain Scan URL

URL: https://t.co/gZKE67n4Rs
Title: https://t.co/gZKE67n4Rs

Search URL Search Domain Scan URL

URL: https://t.co/SpDfpVUFmi
Title: https://t.co/SpDfpVUFmi

Search URL Search Domain Scan URL

URL: https://twitter.com/szlgocha

Search URL Search Domain Scan URL

URL: http://twitter.com/#!/download/ipad
Title: Twitter for iPad

Search URL Search Domain Scan URL

URL: https://twitter.com/Eki_bez_Eki

Search URL Search Domain Scan URL

URL: https://t.co/zzgmpkTkEB
Title: https://t.co/zzgmpkTkEB

Search URL Search Domain Scan URL

URL: https://twitter.com/abogados_ramos

Search URL Search Domain Scan URL

URL: https://t.co/GrO8B2b6F5
Title: https://t.co/GrO8B2b6F5

Search URL Search Domain Scan URL

URL: http://www.zazoom.it/
Title: Zazoom Ultima ora

Search URL Search Domain Scan URL

URL: https://twitter.com/zazoomblog

Search URL Search Domain Scan URL

URL: https://t.co/TLGgAmKIQc
Title: https://t.co/TLGgAmKIQc

Search URL Search Domain Scan URL

URL: https://desolate-dusk-12138.herokuapp.com/
Title: BNotizieBeastBot

Search URL Search Domain Scan URL

URL: https://twitter.com/ParliamoDiNews

Search URL Search Domain Scan URL

URL: https://t.co/nWTKrdPYnW
Title: https://t.co/nWTKrdPYnW

Search URL Search Domain Scan URL

URL: https://twitter.com/ardilla37003783

Search URL Search Domain Scan URL

URL: https://t.co/EhDoZktEfJ
Title: https://t.co/EhDoZktEfJ

Search URL Search Domain Scan URL

URL: https://twitter.com/GioiabotteghiP

Search URL Search Domain Scan URL

URL: https://t.co/EENrKCqTme
Title: https://t.co/EENrKCqTme

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

51 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
firma.com/ 36 KB
5 KB 195ms
94ms Document
text/html 198.211.104.201
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://firma.com/
Protocol: HTTP/1.1
Server: 198.211.104.201 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.11.2 /
Resource Hash: 3b0d3e6f88538728a20aad1567e7a4d615466f9b7cd076d288586bf2e90b1852

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

Server: nginx/1.11.2
Date: Wed, 19 Jan 2022 05:55:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

GET
H/1.1 200
OK style.min.css
firma.com/assets/css/ 112 KB
112 KB 118ms
118ms Stylesheet
text/css 198.211.104.201
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://firma.com/assets/css/style.min.css
Requested by: Host: firma.com
URL: http://firma.com/
Protocol: HTTP/1.1
Server: 198.211.104.201 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.11.2 /
Resource Hash: 02ba4297f195cb323288ca1d2846cf94f738ab48f5f7c39167a643371752616d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
Last-Modified: Wed, 27 Jul 2016 06:43:00 GMT
Server: nginx/1.11.2
ETag: "579857f4-1be41"
Content-Type: text/css
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 114241

GET
H/1.1 200
OK vendor-scripts.min.js Show response
firma.com/assets/js/ 142 KB
142 KB 227ms
103ms Script
application/javascript 198.211.104.201
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://firma.com/assets/js/vendor-scripts.min.js
Requested by: Host: firma.com
URL: http://firma.com/
Protocol: HTTP/1.1
Server: 198.211.104.201 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.11.2 /
Resource Hash: 12edcfe5799c76bbee9e4f84a9062e1a2b694ef4ba211b5f8b46c6fbead9754d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
Last-Modified: Wed, 27 Jul 2016 06:43:03 GMT
Server: nginx/1.11.2
ETag: "579857f7-23626"
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 144934

GET
H/1.1 200
OK scripts.min.js Show response
firma.com/assets/js/ 2 KB
2 KB 228ms
104ms Script
application/javascript 198.211.104.201
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://firma.com/assets/js/scripts.min.js
Requested by: Host: firma.com
URL: http://firma.com/
Protocol: HTTP/1.1
Server: 198.211.104.201 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.11.2 /
Resource Hash: 798b46a14cf2dc1bf54a99bda995b49198e10b310fe957f57f797641c004e9ed

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
Last-Modified: Wed, 27 Jul 2016 06:43:03 GMT
Server: nginx/1.11.2
ETag: "579857f7-66b"
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1643

GET
H/1.1 200
OK a13aEnFM_normal.jpg
pbs.twimg.com/profile_images/1425812830507393028/ 2 KB
3 KB 112ms
21ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1425812830507393028/a13aEnFM_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6794) /

Resource Hash

697db90500147755d4dc631e1dbacaaffc4e12c8dc2fced6c5041cd5e3333cfd

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 395726
X-Cache: MISS
Content-Length: 2035
x-response-time: 117
surrogate-key: profile_images profile_images/bucket/7 profile_images/1425812830507393028
Last-Modified: Thu, 12 Aug 2021 13:32:03 GMT
Server: ECS (frb/6794)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e954d63884b1162ae0455dc197cff88fd5d810be0cd4a89310088b7de93b86db
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK gidI6M3O_normal.jpg
pbs.twimg.com/profile_images/974292765755478016/ 2 KB
2 KB 10ms
10ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/974292765755478016/gidI6M3O_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67DF) /

Resource Hash

2f4bb21eccc50d518c333a9df759a8e6b013465cf46b2f56d2a875de76bd8d3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 106528
X-Cache: HIT
Content-Length: 1731
x-response-time: 108
surrogate-key: profile_images profile_images/bucket/6 profile_images/974292765755478016
last-modified: Thu, 15 Mar 2018 14:32:31 GMT
Server: ECS (frb/67DF)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: aba87d9a37840c04053c65d010f65ff28fcb58bef18ae0434aa844219dd8699a
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK qLyJy3tg_normal.jpg
pbs.twimg.com/profile_images/716005508998627328/ 2 KB
3 KB 14ms
14ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/716005508998627328/qLyJy3tg_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6739) /

Resource Hash

7fc4c33d1b014ea67455e58b3c507aa698df2314ae105325c494fca7b87d066f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 13903
X-Cache: HIT
Content-Length: 2111
x-response-time: 120
surrogate-key: profile_images profile_images/bucket/2 profile_images/716005508998627328
Last-Modified: Fri, 01 Apr 2016 20:51:10 GMT
Server: ECS (frb/6739)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: a42ecf66c51891ee87bc082f33309d01e0fcf38405f294ca038f0fc17f7628ac
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK NzzOr0te_normal.jpg
pbs.twimg.com/profile_images/633396814423523328/ 2 KB
3 KB 33ms
23ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/633396814423523328/NzzOr0te_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/674B) /

Resource Hash

1e2d49c52831d7f6d3e9701d8ecc4280832a8895f97f0c09d506558dd0524d6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 142068
X-Cache: MISS
Content-Length: 1883
x-response-time: 116
surrogate-key: profile_images profile_images/bucket/5 profile_images/633396814423523328
Last-Modified: Mon, 17 Aug 2015 21:53:43 GMT
Server: ECS (frb/674B)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 754b121e40d199b85588bc1c9226101aece5f10422e587a2b036554a6652c951
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK xGhf-EBk_normal.jpg
pbs.twimg.com/profile_images/1294490427631063040/ 2 KB
3 KB 22ms
22ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1294490427631063040/xGhf-EBk_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/673A) /

Resource Hash

fb1fff554dd4a49b5beb5e3dd29133ded1b206f30da3854aa3a2edb49d1ec56b

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 402512
X-Cache: MISS
Content-Length: 2339
x-response-time: 109
surrogate-key: profile_images profile_images/bucket/9 profile_images/1294490427631063040
Last-Modified: Sat, 15 Aug 2020 04:23:43 GMT
Server: ECS (frb/673A)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 4658cfe2ecdba222f011c99c5d8d036e4fc88d7baf72bb35b2bafe73fba2845a
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK DuiQ9_x7_normal.jpg
pbs.twimg.com/profile_images/1483584536248127489/ 2 KB
3 KB 28ms
15ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1483584536248127489/DuiQ9_x7_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6760) /

Resource Hash

1438f7210fc13ed5f25d204d41732dbd8c08fbd678bdf26eda5e8fedbd226bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 21615
X-Cache: MISS
Content-Length: 1883
x-response-time: 120
surrogate-key: profile_images profile_images/bucket/8 profile_images/1483584536248127489
Last-Modified: Tue, 18 Jan 2022 23:36:11 GMT
Server: ECS (frb/6760)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0467ef853b52835961d255abf0a645693ee5f094bc063686b9fa348b3ed89d41
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK D9ZJp-3Y_normal.png
pbs.twimg.com/profile_images/1411782965235945475/ 769 B
1 KB 26ms
13ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1411782965235945475/D9ZJp-3Y_normal.png

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/674D) /

Resource Hash

4a218ecc6b6d79f8a2e8f21683177fbc7895f0425b016a2cd9afea08bf702248

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 130206
X-Cache: HIT
Content-Length: 769
x-response-time: 118
surrogate-key: profile_images profile_images/bucket/8 profile_images/1411782965235945475
Last-Modified: Sun, 04 Jul 2021 20:22:23 GMT
Server: ECS (frb/674D)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: c0b610a3fe87099baa96d28bcc182673159357f8624070423c9792c476d65bb8
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK hHldR9O7_normal.jpg
pbs.twimg.com/profile_images/590602377088098305/ 2 KB
2 KB 28ms
15ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/590602377088098305/hHldR9O7_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6776) /

Resource Hash

8730c1f57514c8567f2413adb484c0fb42816a0ea268ac172c38aa6ab53857aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 203599
X-Cache: MISS
Content-Length: 1655
x-response-time: 120
surrogate-key: profile_images profile_images/bucket/4 profile_images/590602377088098305
Last-Modified: Tue, 21 Apr 2015 19:43:54 GMT
Server: ECS (frb/6776)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 9050939522ff6a598ba741f2b72b4968e1fc9461ea5aabba20b936163d8b5d7d
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK 6aiFKQju_normal.jpg
pbs.twimg.com/profile_images/1433816074051629056/ 2 KB
3 KB 25ms
12ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1433816074051629056/6aiFKQju_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67BC) /

Resource Hash

f1687d7bf826d896f1f3211e20850ca9eedf9b03b7ae231343e237ac8223a43f

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 395566
X-Cache: HIT
Content-Length: 2111
x-response-time: 110
surrogate-key: profile_images profile_images/bucket/3 profile_images/1433816074051629056
last-modified: Fri, 03 Sep 2021 15:34:05 GMT
Server: ECS (frb/67BC)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e7472e64efcc8e5afba28760b49e69f15c7342d2c8925b8c8b5641978285ec4d
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK H1hDS4dS_normal.png
pbs.twimg.com/profile_images/940668100973944836/ 4 KB
5 KB 8ms
8ms Image
image/png 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/940668100973944836/H1hDS4dS_normal.png

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6711) /

Resource Hash

772b02b463be329e826fcfdaa6490a770c65e270265d37bac09a9fa4e8f6b339

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 521211
X-Cache: HIT
Content-Length: 4087
x-response-time: 107
surrogate-key: profile_images profile_images/bucket/3 profile_images/940668100973944836
Last-Modified: Tue, 12 Dec 2017 19:40:06 GMT
Server: ECS (frb/6711)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/png
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: fe65928f34bae494669ff0e0b0af5fabea5b7ef1c483e5e9609fbb0a9a6c0071
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK wE7NfXqs_normal.jpg
pbs.twimg.com/profile_images/1158527569395879937/ 2 KB
2 KB 16ms
16ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1158527569395879937/wE7NfXqs_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/6752) /

Resource Hash

7a0e71c5b216592071cba7aa843f549063d5110cae32784b47e06f9e31c6f2a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 76021
X-Cache: MISS
Content-Length: 1807
x-response-time: 115
surrogate-key: profile_images profile_images/bucket/5 profile_images/1158527569395879937
Last-Modified: Mon, 05 Aug 2019 23:55:51 GMT
Server: ECS (frb/6752)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 0149952e57c098565d4800242457918e075c17ef8690f1f84264afcdc7e0762a
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK 18_copia_normal.jpg
pbs.twimg.com/profile_images/2229420387/ 2 KB
3 KB 10ms
9ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/2229420387/18_copia_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/668C) /

Resource Hash

a783d3bd1035328e4ea5ca5bbd72424d5193a59fc7debe1b785b5a2441e7f668

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 466482
X-Cache: HIT
Content-Length: 2035
x-response-time: 109
surrogate-key: profile_images profile_images/bucket/5 profile_images/2229420387
Last-Modified: Thu, 04 Nov 2010 01:42:54 GMT
Server: ECS (frb/668C)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 66f7b9f768a5a50638d54ef9d3d7f1b4084ea13da972dbd4fefc9c53f684f9f3
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK fD54tdW9_normal.jpg
pbs.twimg.com/profile_images/1441792827952930818/ 2 KB
3 KB 9ms
8ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1441792827952930818/fD54tdW9_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67A8) /

Resource Hash

3e255f18261c0f7ca2a43864c1af7cd400f94bcc2686320c55c4834a79daa500

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 245563
X-Cache: HIT
Content-Length: 2111
x-response-time: 108
surrogate-key: profile_images profile_images/bucket/4 profile_images/1441792827952930818
last-modified: Sat, 25 Sep 2021 15:50:52 GMT
Server: ECS (frb/67A8)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: e5b6ed12a3381136ebf0a90ea768a32be10aee5ef91c30efed4612cb0df72ce5
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK zrviupAQ_normal.jpg
pbs.twimg.com/profile_images/989354699001417728/ 2 KB
3 KB 9ms
7ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/989354699001417728/zrviupAQ_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/67C1) /

Resource Hash

fa935b4d40f2ee3345115198c46ec614d399db95e447c561dd422ab57cae088a

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 199296
X-Cache: HIT
Content-Length: 2187
x-response-time: 120
surrogate-key: profile_images profile_images/bucket/4 profile_images/989354699001417728
last-modified: Thu, 26 Apr 2018 04:03:16 GMT
Server: ECS (frb/67C1)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: f75a08d83101cfca6d5d4b734613e0353506854ec0fa1dff7285e108cdad2bf2
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK XCB4Ry4d_normal.jpg
pbs.twimg.com/profile_images/1064190048030154752/ 2 KB
3 KB 16ms
15ms Image
image/jpeg 2606:2800:134:fa2:1627:1fe:edb:1665
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://pbs.twimg.com/profile_images/1064190048030154752/XCB4Ry4d_normal.jpg

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2606:2800:134:fa2:1627:1fe:edb:1665 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECS (frb/668D) /

Resource Hash

cbc24e4a8eec4c86ab492b7452e504985b0d1ddbf9cb80ace7c6ed2ebd3b9b86

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
x-content-type-options: nosniff
Age: 21615
X-Cache: MISS
Content-Length: 2415
x-response-time: 123
surrogate-key: profile_images profile_images/bucket/6 profile_images/1064190048030154752
Last-Modified: Sun, 18 Nov 2018 16:12:13 GMT
Server: ECS (frb/668D)
strict-transport-security: max-age=631138519
x-tw-cdn: VZ, VZ
Content-Type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: max-age=604800, must-revalidate
x-connection-hash: 866bef37970b5d3fc0f490357f37c9897defb07aed34394ee8d07fce7f3a4603
Accept-Ranges: bytes
timing-allow-origin: https://twitter.com, https://mobile.twitter.com

GET
H/1.1 200
OK adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 147 KB
51 KB 105ms
69ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: firma.com
URL: http://firma.com/

Protocol

HTTP/1.1

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

08826c5c542d4c84fd17c08910ad3cd479011972d042db0e1190b489dad637d8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Timing-Allow-Origin: *
Date: Wed, 19 Jan 2022 05:55:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Server: cafe
ETag: 11807181418261944686
Vary: Accept-Encoding, Origin
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Cache-Control: private, max-age=3600
Cross-Origin-Resource-Policy: cross-origin
Content-Disposition: attachment; filename="f.txt"
Content-Type: text/javascript; charset=UTF-8
Content-Length: 52002
X-XSS-Protection: 0
Expires: Wed, 19 Jan 2022 05:55:40 GMT

GET
H/1.1 200
OK css
fonts.googleapis.com/ 15 KB
1 KB 128ms
53ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic,400,300,700

Requested by

Host: firma.com
URL: http://firma.com/assets/css/style.min.css

Protocol

HTTP/1.1

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

48ae37f4deb23a1855f0aa27c0b2879c7871b50cfc7e60eeb42260b98672420a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
X-XSS-Protection: 0
Last-Modified: Wed, 19 Jan 2022 05:55:40 GMT
Server: ESF
Cross-Origin-Opener-Policy: same-origin-allow-popups
X-Frame-Options: SAMEORIGIN
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=86400, stale-while-revalidate=604800
Timing-Allow-Origin: *
Link: <http://fonts.gstatic.com>; rel=preconnect; crossorigin
Expires: Wed, 19 Jan 2022 05:55:40 GMT

GET
H/1.1 200
OK glyphicons-halflings-regular.woff
firma.com/components/bootstrap/fonts/ 23 KB
23 KB 108ms
108ms Font
application/font-woff 198.211.104.201
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL: http://firma.com/components/bootstrap/fonts/glyphicons-halflings-regular.woff
Requested by: Host: firma.com
URL: http://firma.com/assets/css/style.min.css
Protocol: HTTP/1.1
Server: 198.211.104.201 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software: nginx/1.11.2 /
Resource Hash: fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e

Request headers

Referer: http://firma.com/assets/css/style.min.css
Origin: http://firma.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Wed, 19 Jan 2022 05:55:40 GMT
Last-Modified: Wed, 27 Jul 2016 06:38:24 GMT
Server: nginx/1.11.2
ETag: "579856e0-5b18"
Content-Type: application/font-woff
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23320

GET
H/1.1 200
OK memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ 44 KB
44 KB 77ms
41ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

http://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: http://fonts.googleapis.com/css?family=Open+Sans:300italic,400italic,700italic,400,300,700

Protocol

HTTP/1.1

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: http://fonts.googleapis.com/
Origin: http://firma.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Date: Fri, 14 Jan 2022 13:46:15 GMT
X-Content-Type-Options: nosniff
Age: 403765
Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
Cross-Origin-Resource-Policy: cross-origin
Content-Length: 44656
X-XSS-Protection: 0
Last-Modified: Thu, 28 Oct 2021 00:30:43 GMT
Server: sffe
Report-To: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Accept-Ranges: bytes
Timing-Allow-Origin: *
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="apps-themes"
Expires: Sat, 14 Jan 2023 13:46:15 GMT

GET
H2 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/ 284 KB
103 KB 147ms
62ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8441523053722027&plah=firma.com

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef979ae41636bb1112445e7c404cc3a34ccf4b32e7b9b556d6bdc7f464009d01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 104506
x-xss-protection: 0
server: cafe
etag: 5387996186767430246
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 Jan 2022 05:55:41 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20220113/r20190131/ Frame 1CB6 11 KB
5 KB 126ms
37ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20220113/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4885
x-xss-protection: 0
date: Tue, 18 Jan 2022 18:50:39 GMT
expires: Tue, 01 Feb 2022 18:50:39 GMT
cache-control: public, max-age=1209600
age: 39902
etag: 13671712056976469594
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 213 B
641 B 134ms
47ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=firma.com&callback=_gfp_s_&client=ca-pub-8441523053722027

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202201120101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-8441523053722027&plah=firma.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

7cd3cda11d951ddb14d95c30226ce2e9da2026317596377b25d7276f74a4790b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 196
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 141ms
48ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=firma.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 Jan 2022 05:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 139ms
46ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=firma.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 Jan 2022 05:55:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 76F5 93 KB
31 KB 652ms
651ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&h=90&slotname=3710581098&adk=2256647989&adf=3175363789&pi=t.ma~as.3710581098&w=728&lmt=1642571741&psa=0&format=728x90&url=http%3A%2F%2Ffirma.com%2F&flash=0&wgl=1&dt=1642571741152&bpp=4&bdt=809&idt=248&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=4888858955500&frm=20&pv=2&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=428&ady=429&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=nDRwOXgxkr&p=http%3A//firma.com&dtd=262

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8ca01d4d0bc41fde0ad6200101a4d3a139619af88f9156e32098f87a19778f5a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: br
date: Wed, 19 Jan 2022 05:55:42 GMT
server: cafe
content-length: 31461
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 Jan 2022 05:55:42 GMT
cache-control: private

GET
H2 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 66DD 0
180 B 48ms
47ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&adk=1812271804&adf=3025194257&lmt=1642571741&plat=3%3A32%2C4%3A32%2C9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=http%3A%2F%2Ffirma.com%2F&ea=0&flash=0&pra=7&wgl=1&dt=1642571741168&bpp=1&bdt=825&idt=250&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&prev_fmts=728x90&nras=1&correlator=4888858955500&frm=20&pv=1&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=23&ifi=2&uci=a!2&fsb=1&dtd=254

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 Jan 2022 05:55:41 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 Jan 2022 05:55:41 GMT
cache-control: private

GET
H2 200 css
fonts.googleapis.com/ Frame 76F5 8 KB
1 KB 129ms
46ms Stylesheet
text/css 2a00:1450:4001:812::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&h=90&slotname=3710581098&adk=2256647989&adf=3175363789&pi=t.ma~as.3710581098&w=728&lmt=1642571741&psa=0&format=728x90&url=http%3A%2F%2Ffirma.com%2F&flash=0&wgl=1&dt=1642571741152&bpp=4&bdt=809&idt=248&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=4888858955500&frm=20&pv=2&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=428&ady=429&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=nDRwOXgxkr&p=http%3A//firma.com&dtd=262

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 Jan 2022 04:27:46 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 19 Jan 2022 05:55:42 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Jan 2022 05:55:42 GMT

GET
H2 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220113/r20110914/client/ Frame 76F5 1 KB
954 B 131ms
45ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220113/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:43:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 712
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 848
x-xss-protection: 0
server: cafe
etag: 2277666839114365613
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 05:43:50 GMT

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 76F5 0
0 57ms
57ms Fetch
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CHJbl3afnYeTpGtaf7_UP5NGpmAnCpcmbYpyFzK-KDcCNtwEQASD4jPwJYJXikIKgB6ABvpaj4wPIAQGpAhLw3Kgi_rI-qAMByAPLBKoE0QFP0DKKEbIwmDoZ2ZKCL3RjCCJwUpmqBZaQaPjtugk24QoKyWgxZQj1EYKEk75xUWYtM9cMVdaL-AhXCAH36taulOJML26nLsmJWG7hk6Ay2wLD9iYf0DsP3UtvIBGY9gcJb03wQsBykQz4sPGvGN9AMVtbCitsej80CdYqngKQYOLJ-_GkC7jqdFRd8kiTZ7HKWoLS4YGj5sNaxaBSBBISgxSz_wQxmcreuyiOmcI4drb_60Ol7Kq9rn2HANPiELmTWofTrJxJQjOhPVuViPjDecAEyuPR588CkgUECAQYAZIFBAgFGASAB6rp3ByoB47OG6gHk9gbqAfulrECqAf-nrECqAfVyRuoB6a-G9gHAfIHBBDM5zLSCAkIgOGAcBABGB-ACgHICwHYEw2IFATQFQGAFwGyFxwKGggAEhRwdWItODQ0MTUyMzA1MzcyMjAyNxgA&sigh=vXDxewVTLHE&uach_m=[UACH]

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&h=90&slotname=3710581098&adk=2256647989&adf=3175363789&pi=t.ma~as.3710581098&w=728&lmt=1642571741&psa=0&format=728x90&url=http%3A%2F%2Ffirma.com%2F&flash=0&wgl=1&dt=1642571741152&bpp=4&bdt=809&idt=248&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=4888858955500&frm=20&pv=2&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=428&ady=429&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=nDRwOXgxkr&p=http%3A//firma.com&dtd=262
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
date: Wed, 19 Jan 2022 05:55:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 19 Jan 2022 05:55:42 GMT

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220113/r20110914/ Frame 76F5 19 KB
8 KB 105ms
37ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220113/r20110914/abg_lite_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:47:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 515
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7881
x-xss-protection: 0
server: cafe
etag: 7605774008668088057
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 05:47:07 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220113/r20110914/client/ Frame 76F5 2 KB
1 KB 114ms
47ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220113/r20110914/client/window_focus_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:51:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 275
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1205
x-xss-protection: 0
server: cafe
etag: 18074202747124231361
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 05:51:07 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 76F5 121 KB
38 KB 149ms
57ms Script
text/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:55:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37895
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1641990413359145"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Jan 2022 05:55:42 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20220113/r20110914/client/ Frame 76F5 15 KB
6 KB 108ms
42ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20220113/r20110914/client/qs_click_protection_fy2019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:47:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 488
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6473
x-xss-protection: 0
server: cafe
etag: 5124071950003790117
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 02 Feb 2022 05:47:34 GMT

GET
H2 200 fccbdb50d0e11463e1edb3d8fcf7c364.js Show response
www.gstatic.com/mysidia/ Frame 76F5 27 KB
12 KB 127ms
39ms Script
text/javascript 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/fccbdb50d0e11463e1edb3d8fcf7c364.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 19:13:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 470510
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11411
x-xss-protection: 0
last-modified: Thu, 13 Jan 2022 18:31:08 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="mysidia"
vary: Accept-Encoding
report-to: {"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Wed, 13 Apr 2022 19:13:52 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 988F 143 B
163 B 38ms
36ms Document
text/html 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-8441523053722027&output=html&h=90&slotname=3710581098&adk=2256647989&adf=3175363789&pi=t.ma~as.3710581098&w=728&lmt=1642571741&psa=0&format=728x90&url=http%3A%2F%2Ffirma.com%2F&flash=0&wgl=1&dt=1642571741152&bpp=4&bdt=809&idt=248&shv=r20220113&mjsv=m202201120101&ptt=9&saldr=aa&abxe=1&correlator=4888858955500&frm=20&pv=2&ga_vid=1948521859.1642571741&ga_sid=1642571741&ga_hid=1901885076&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&adx=428&ady=429&biw=1600&bih=1200&scr_x=0&scr_y=0&oid=2&pvsid=727383957872558&pem=632&tmod=161&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CoeE%7C&abl=CS&pfx=0&fu=0&bc=23&ifi=1&uci=a!1&fsb=1&xpc=nDRwOXgxkr&p=http%3A//firma.com&dtd=262

Response headers

x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 145
x-xss-protection: 0
date: Wed, 19 Jan 2022 05:04:56 GMT
cache-control: public, max-age=3600
content-type: text/html; charset=UTF-8
age: 3046
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 988F
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

84ms
84ms

Document
text/html

2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 Jan 2022 05:55:42 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 Jan 2022 05:55:42 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 19 Jan 2022 05:55:42 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ Frame 76F5 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e8c695eb909e7e9a22caf8888806c64f32bc6b2e1d8308c6b087c35f8ca0cf3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2
fonts.gstatic.com/s/googlesans/v41/ Frame 76F5 28 KB
28 KB 122ms
40ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesans/v41/4UasrENHsxJlGDuGo1OIlJfC6l_24rlCK1Yo_Iqcsih3SAyH6cAwhX9RPjIUvQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://googleads.g.doubleclick.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Tue, 18 Jan 2022 18:14:29 GMT
x-content-type-options: nosniff
age: 42073
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 28196
x-xss-protection: 0
last-modified: Tue, 18 Jan 2022 17:53:50 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 18 Jan 2023 18:14:29 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 12 KB
9 KB 99ms
51ms XHR
application/json 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220113&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

c5f84d035525074e519b4674bfa1e9a3b16caaed7d4239da70110de4f3e5108f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 19 Jan 2022 05:55:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9116
x-xss-protection: 0

GET
H3 200 VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js Show response
pagead2.googlesyndication.com/bg/ Frame BD2F 35 KB
13 KB 81ms
36ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:21:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 466455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:21:27 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 102ms
52ms Script
text/javascript 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Wed, 19 Jan 2022 05:55:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Jan 2022 05:55:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 7E31 13 KB
5 KB 40ms
39ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 18 Jan 2022 22:18:28 GMT
expires: Wed, 18 Jan 2023 22:18:28 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
age: 27434
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 5928 783 B
536 B 98ms
52ms Document
text/html 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

684572049689100cc5def3b2259200e1cd3c2d65d0da3cf367a4c67cc896336e

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2V/Z1tzGV8PQ3m3HQQsjRg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 19 Jan 2022 05:55:42 GMT
date: Wed, 19 Jan 2022 05:55:42 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-2V/Z1tzGV8PQ3m3HQQsjRg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js Show response
pagead2.googlesyndication.com/bg/ Frame 7E31 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/VYSAmqkCqqI2p1vG7N0EZhME2mSBj47Ds8I6nIhDmP4.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date: Thu, 13 Jan 2022 20:21:27 GMT
content-encoding: br
x-content-type-options: nosniff
age: 466455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13526
x-xss-protection: 0
last-modified: Wed, 12 Jan 2022 16:08:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 13 Jan 2023 20:21:27 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 5928 0
0 53ms
52ms Image
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220113&jk=727383957872558&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

GET generate_204
tpc.googlesyndication.com/ Frame 7E31 0
0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 72ms
71ms Image
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220113&jk=727383957872558&bg=!e3ileDzNAAZ_DxPPfw87ACkAdvg8WlFuD_vJXp4oeIbuBxanzGRyJalqIyTXA2Eu_9akpe00atfhtAIAAABYUgAAAAJoAQcKALD3Zee3L0bWlVTw74btDlpZ6aSCNmnUGrSDi8FAmG-v5DzAZH3B1KgIMQzFBV3KhW1vWlTVKnWpWOHXaWMktr3oYqsT9zVYBKriiUipCvQN6wwc2tJAnW_9Dnt7gpEXrkCsYADKbWyR5DnhdQ4RZWmrNRnk_OTCb65jQNcpJWRDyy6ACQV8rVj3T-sYWF6o0ZrvAjNc6HIWzX47nJ3sjL-Owz7gvVwXCywi3v1N0waZh5kCtJQSjMGtpV1jH9l4ey-f555wOAmLPbIUtTEjAF8K1e8Y5FCrZk0RTASL4lbi-uRp6dVdMgWWYgyukc9oyBdtrpWXKeHe3uqoQkmPiFLlvEvUlgHnn9ALPPR5kSe4dxb-uA0UH253zJtTf5Lsps8JmkVY0fg0VMiYyYxR7ECjtuv2LOVubR7dHpX9NiOuVhSZJioF5C5vRKq5qSnQt9E8MDQOypcuq9u7q7DoNvWu5WaQVwV0H0hlNg1zvk0FaBWA6VNu7dK8rmGzSqiOWn33XbfoKo_3KKaMG5tHtcSwmghK_FHtrMOj-UNRkJnzmZitJGmxLlQGCvm5TAq2z1QSHTDvZvpp1gRKvtCbrct6wQLsE8zvaPW5EqZhjF4Gx2vu22VHEuG_VA9F7daKd3N-Fo6EjQh0BDwJKIDvIx2RcYeZ11i4SX5st6W084X5DFqr95Jn2CdSTzkyxP-uOGOII6aaGEyLlum6ptqI9u_E5TsJavFXCo4yfyr1XKdtPDHbqAE869yOVG868Qd79VfnKB54LwwFGJsxV2NWI3NI8OoO03qb_wEI-9qk_WA9scqB9y6EjCuofgz2IBeCymzRf4CYgbxrDEHr4ZZrt_0mSB_maLdg9ZO2F--l5xSy9loHjO_TakDmmpivF7HmmTAvL4A9i_m8qjeqaHjFyOB-ZWgqXUCI2r82mWzo9JCTRALYzmYVFrSJn-EvMnHqp20GOxeIMuOoKO0m6nvHdRUK6rx2EcLSqS7y9BZj8hQ_mvBPHT8OkZU3Z0U5DkUXrukg2f9hsyOmbP0Qh6-I4IjgLK4aHlXLKhfJbulLqKD-kTSj1lnBzxOuTT6-qNRNouGk0oOeeyrhoR4o7GLUsfWID9Qwa9HAYuCbMET2JdI0TECGWuUdPcy26-7xdDcEyJ0m6fMAZ1nz

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: http://firma.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 05:55:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 76F5 42 B
64 B 50ms
50ms Fetch
image/gif 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvbJ3DBJsbj34mkvQNXuDRcJSss42AvD0hgf6c1r3RM6xtO-LQeMimkbC17Ped8FDut96yzWUsKrFy3GoOBYUQAiKYRzqRkMourwAwsqkW25QpFtJTBYg&sai=AMfl-YSJI47WyrmFUU-1emy2JZNgooesvNL1ec-SvjL2cYbVbTwIHFaOzV3pRNULflX5iFhmC1sp4ZlXB2wC&sig=Cg0ArKJSzMyIonG7oP36EAE&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20220112&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=2256647989&rs=2&la=0&cr=0&vs=4&r=v&rst=1642571741416&rpt=1127&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Jan 2022 05:55:43 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/generate_204?vWCv9A

Verdicts & Comments Add Verdict or Comment

38 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.firma.com/	1970-01-20 09:37:47	Name: __gads Value: ID=159ac6c5b4c7f453-220d3c2d23cd0042:T=1642571741:RT=1642571741:S=ALNI_MZaf8_q6f2314vQgbq8AqkcUebA6w
.doubleclick.net/	1970-01-20 09:37:47	Name: IDE Value: AHWqTUk8EbEhXPIy6Qq_flJqUgnERW-BdHHYZijSU9FAJsuMKpXO1QXgxY5z0_-z2-s
.doubleclick.net/	1970-01-20 00:16:15	Name: DSID Value: NO_DATA

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adservice.google.com
adservice.google.de
firma.com
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
pagead2.googlesyndication.com
partner.googleadservices.com
pbs.twimg.com
tpc.googlesyndication.com
www.google.com
www.googletagservices.com
www.gstatic.com
tpc.googlesyndication.com
142.250.186.130
198.211.104.201
2606:2800:134:fa2:1627:1fe:edb:1665
2a00:1450:4001:808::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:810::2002
2a00:1450:4001:810::2004
2a00:1450:4001:812::200a
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2003
2a00:1450:4001:830::2001
2a00:1450:4001:830::2002
02ba4297f195cb323288ca1d2846cf94f738ab48f5f7c39167a643371752616d
043cafc63f50b2ba976044bc7dfba6ccb1a1878d527f883cb81984c5585cd9da
05e2888e835d97fe6e4cfb256f62f47d5dccf6d9ac202ea9d82a6bc2b1716c1d
08826c5c542d4c84fd17c08910ad3cd479011972d042db0e1190b489dad637d8
12edcfe5799c76bbee9e4f84a9062e1a2b694ef4ba211b5f8b46c6fbead9754d
1438f7210fc13ed5f25d204d41732dbd8c08fbd678bdf26eda5e8fedbd226bab
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1e2d49c52831d7f6d3e9701d8ecc4280832a8895f97f0c09d506558dd0524d6d
2039446f8956518da2c2d70116d18c92fac3b04110942de074748aa4041067fb
2f4bb21eccc50d518c333a9df759a8e6b013465cf46b2f56d2a875de76bd8d3a
3b0d3e6f88538728a20aad1567e7a4d615466f9b7cd076d288586bf2e90b1852
3e255f18261c0f7ca2a43864c1af7cd400f94bcc2686320c55c4834a79daa500
425b48211e0ebe795b6ead9ec2f1bcd9e04e9930a7dd30e08cdb2fef0bcb834c
48ae37f4deb23a1855f0aa27c0b2879c7871b50cfc7e60eeb42260b98672420a
4a218ecc6b6d79f8a2e8f21683177fbc7895f0425b016a2cd9afea08bf702248
5584809aa902aaa236a75bc6ecdd04661304da64818f8ec3b3c23a9c884398fe
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
684572049689100cc5def3b2259200e1cd3c2d65d0da3cf367a4c67cc896336e
697db90500147755d4dc631e1dbacaaffc4e12c8dc2fced6c5041cd5e3333cfd
772b02b463be329e826fcfdaa6490a770c65e270265d37bac09a9fa4e8f6b339
798b46a14cf2dc1bf54a99bda995b49198e10b310fe957f57f797641c004e9ed
7a0e71c5b216592071cba7aa843f549063d5110cae32784b47e06f9e31c6f2a2
7cd3cda11d951ddb14d95c30226ce2e9da2026317596377b25d7276f74a4790b
7fc4c33d1b014ea67455e58b3c507aa698df2314ae105325c494fca7b87d066f
83a9ab434109bc8045cf6ccdd0365b0e53b6acf155438de7370ce67fd0facc79
8730c1f57514c8567f2413adb484c0fb42816a0ea268ac172c38aa6ab53857aa
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
8ca01d4d0bc41fde0ad6200101a4d3a139619af88f9156e32098f87a19778f5a
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a783d3bd1035328e4ea5ca5bbd72424d5193a59fc7debe1b785b5a2441e7f668
c5f84d035525074e519b4674bfa1e9a3b16caaed7d4239da70110de4f3e5108f
cbc24e4a8eec4c86ab492b7452e504985b0d1ddbf9cb80ace7c6ed2ebd3b9b86
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8c695eb909e7e9a22caf8888806c64f32bc6b2e1d8308c6b087c35f8ca0cf3e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef979ae41636bb1112445e7c404cc3a34ccf4b32e7b9b556d6bdc7f464009d01
f1687d7bf826d896f1f3211e20850ca9eedf9b03b7ae231343e237ac8223a43f
f1b3a51250ea5d2b293615f08241269ed8277b95654cddafbc0f5df8d61e6cc1
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fa935b4d40f2ee3345115198c46ec614d399db95e447c561dd422ab57cae088a
fb1fff554dd4a49b5beb5e3dd29133ded1b206f30da3854aa3a2edb49d1ec56b
fc969dc1c6ff531abcf368089dcbaf5775133b0626ff56b52301a059fc0f9e1e
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4

firma.com Open in urlscan Pro 198.211.104.201 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

51 Requests

53 %HTTPS

83 %IPv6

10 Domains

13 Subdomains

13 IPs

2 Countries

706 kBTransfer

1272 kBSize

3 Cookies

40 Outgoing links

Redirected requests

51 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

firma.com Open in urlscan Pro
198.211.104.201 Public Scan

Screenshot
Live screenshot

Full Image

51
Requests

53 %
HTTPS

83 %
IPv6

10
Domains

13
Subdomains

13
IPs

2
Countries

706 kB
Transfer

1272 kB
Size

3
Cookies

51 HTTP transactions
1 data transactions