candorium.com Open in urlscan Pro
44.226.27.167 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://candorium.com/
Effective URL:
https://candorium.com/
Submission: On October 19 via manual (October 19th 2022, 6:09:47 am UTC) from IN — Scanned from DE

Summary HTTP 126 Redirects Links 3 Behaviour Indicators

Summary

This website contacted 26 IPs in 4 countries across 16 domains to perform 126 HTTP transactions. The main IP is 44.226.27.167, located in Boardman, United States and belongs to AMAZON-02, US. The main domain is candorium.com.
TLS certificate: Issued by Amazon on March 3rd 2022. Valid for: a year.

This is the only time candorium.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 27	44.226.27.167 44.226.27.167	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
12	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
17	2600:9000:206... 2600:9000:206f:200:8:aaff:ad40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	3.5.80.162 3.5.80.162	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:809::2008	15169 (GOOGLE) (GOOGLE)
14	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
1	18.155.145.106 18.155.145.106	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:800::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9c	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	52.222.236.122 52.222.236.122	16509 (AMAZON-02) (AMAZON-02)
1	18.66.147.113 18.66.147.113	16509 (AMAZON-02) (AMAZON-02)
1	63.34.182.251 63.34.182.251	16509 (AMAZON-02) (AMAZON-02)
1	52.31.217.27 52.31.217.27	16509 (AMAZON-02) (AMAZON-02)
29	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80f::2006	15169 (GOOGLE) (GOOGLE)
3 4	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
126	26

27 44.226.27.167 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-27-167.us-west-2.compute.amazonaws.com

candorium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:9000:206f:200:8:aaff:ad40:93a1 (United States)

ASN16509 (AMAZON-02, US)

mapi.associatedpress.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.5.80.162 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-r-w.amazonaws.com

10kinfo-appdata.s3.us-west-2.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.155.145.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-155-145-106.ham50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

partner.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.236.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-236-122.fra56.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.147.113 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-113.fra60.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.34.182.251 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-34-182-251.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.31.217.27 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-31-217-27.eu-west-1.compute.amazonaws.com

ws40.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80f::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
41	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 104 tpc.googlesyndication.com — Cisco Umbrella Rank: 147	553 KB
27	candorium.com 1 redirects candorium.com	1 MB
17	associatedpress.com mapi.associatedpress.com — Cisco Umbrella Rank: 66377	869 KB
15	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 stats.g.doubleclick.net — Cisco Umbrella Rank: 84	118 KB
6	google.com 3 redirects adservice.google.com — Cisco Umbrella Rank: 78 region1.analytics.google.com — Cisco Umbrella Rank: 5017 www.google.com — Cisco Umbrella Rank: 2	2 KB
5	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 619 script.hotjar.com — Cisco Umbrella Rank: 789 vars.hotjar.com — Cisco Umbrella Rank: 916 in.hotjar.com — Cisco Umbrella Rank: 1656 ws40.hotjar.com — Cisco Umbrella Rank: 59810	70 KB
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 193	140 KB
3	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 394	28 KB
2	google.de adservice.google.de — Cisco Umbrella Rank: 8724 www.google.de — Cisco Umbrella Rank: 6045	1 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 32	20 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 61	134 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 44	1 KB
1	gstatic.com fonts.gstatic.com	27 KB
1	2mdn.net s0.2mdn.net — Cisco Umbrella Rank: 273	49 KB
1	googleadservices.com partner.googleadservices.com — Cisco Umbrella Rank: 888	698 B
1	amazonaws.com 10kinfo-appdata.s3.us-west-2.amazonaws.com	66 KB
126	16

	Domain	Requested by
29	tpc.googlesyndication.com	candorium.com googleads.g.doubleclick.net tpc.googlesyndication.com pagead2.googlesyndication.com
27	candorium.com	1 redirects candorium.com
17	mapi.associatedpress.com	candorium.com
14	googleads.g.doubleclick.net	pagead2.googlesyndication.com candorium.com googleads.g.doubleclick.net
12	pagead2.googlesyndication.com	candorium.com pagead2.googlesyndication.com tpc.googlesyndication.com googleads.g.doubleclick.net www.googletagservices.com
4	www.google.com	3 redirects tpc.googlesyndication.com
3	www.googletagservices.com	googleads.g.doubleclick.net
3	cdn.jsdelivr.net	candorium.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	candorium.com www.googletagmanager.com
2	fonts.googleapis.com	candorium.com tpc.googlesyndication.com
1	fonts.gstatic.com	fonts.googleapis.com
1	s0.2mdn.net	tpc.googlesyndication.com
1	ws40.hotjar.com	script.hotjar.com
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	www.google.de	candorium.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
1	adservice.google.com	pagead2.googlesyndication.com
1	adservice.google.de	pagead2.googlesyndication.com
1	partner.googleadservices.com	pagead2.googlesyndication.com
1	static.hotjar.com	www.googletagmanager.com
1	10kinfo-appdata.s3.us-west-2.amazonaws.com	candorium.com
126	25

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
*.candorium.com Amazon	`2022-03-03` - `2023-04-01`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-02` - `2023-06-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.associatedpress.com Amazon	`2022-10-04` - `2023-11-02`	a year	crt.sh
*.s3-us-west-2.amazonaws.com Amazon	`2021-12-17` - `2022-11-29`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
www.google.de GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-09-26` - `2022-12-19`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh

This page contains 17 frames:

Primary Page: https://candorium.com/
Frame ID: 62B0DF8FD056577D4E30671465CDFE96
Requests: 68 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20221017/r20190131/zrt_lookup.html
Frame ID: 6BC86CA645265327008AA754D6E49CCE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=90&slotname=5565695447&adk=880337784&adf=800173418&pi=t.ma~as.5565695447&w=1200&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=1200x90&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=90&rw=1386&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781687&bpp=4&bdt=977&idt=121&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&correlator=7896586340906&frm=20&pv=2&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=107&ady=151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Qw1yK3WuxS&p=https%3A//candorium.com&dtd=137
Frame ID: EE5317291EAA11288A719AC1B051BAA0
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=100&slotname=3241708067&adk=3011240405&adf=3819214084&pi=t.ma~as.3241708067&w=289&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=289x100&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=100&rw=289&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781691&bpp=1&bdt=981&idt=141&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=30&ady=304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=9MwgLsa8PV&p=https%3A//candorium.com&dtd=145
Frame ID: 77AD00BA938622D24582603D01F0BC00
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=300&slotname=3476726338&adk=2412121383&adf=2749753813&pi=t.ma~as.3476726338&w=299&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=299x300&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=300&rw=299&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781692&bpp=1&bdt=982&idt=146&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=464&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=HvKaZKLpkg&p=https%3A//candorium.com&dtd=149
Frame ID: 39494ADE26AEA18E73228262C109EDBB
Requests: 10 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&adk=1812271804&adf=3025194257&lmt=1666159781&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fcandorium.com%2F&ea=0&pra=7&wgl=1&easpi=0&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781723&bpp=1&bdt=1014&idt=119&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100%2C299x300&nras=1&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=124
Frame ID: 57A6EA2F6FF8DF8283D25F10B9AF1EBF
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-c1417f7b48595d0dbca01c86f95d6dbb.html
Frame ID: 2B29E826AC198EAC2ABB96214CD8ED2B
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html
Frame ID: 54FF71C9D441FAB3B90236B7A8AD7EDE
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=CG0MYpZRPY4vYNY6-7gStypOoCpmSpJZh-eDy4OMKv-EeEAEgjL7ze2CVgoCAuAegAb_RsowDyAEJqQIV-ylmIY2wPqgDAcgDSKoExgFP0NR_rc3LMBicrIHY89AMf3_d-FLS7FBw4YQyuJ80ntMTgcoxPuOr6ifpJbzsKKrtCuOFIjwnjN972OVVpoYGK0RBgEyO0RNbm2WMSgiQ190zk6cRa2OV6FMsNuw-4eNnN0nF1jzGktAEYyf4M7RtK6vGx0etqIZUFtZkBwQ8V46ECuqSC1wl1FrrEIrAocsNknkkXHzBK3qeqKOeKn_pIfHZOnNcvTp-TWTikUJsIHVZfLiINqboOHqoz8RFuB3eiWBZ-eHABLa5ubCGApIFBAgEGAGSBQQIBRgEoAYugAeprs1zqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQzrYB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNjEzMDg4ODQzMjUyNjU2MRgA&sigh=JLw3rIYgXG8&uach_m=[UACH]&cid=CAQSGwDq26N97aAHLonJGoEQXnxVtFdAEruzjLdRNBgBIA4&template_id=419
Frame ID: 794A79AF48E48BDF134C9F5C0871D1D7
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 99CC086C57C155AEC5676870851D6459
Requests: 2 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html
Frame ID: DF14D43ACE3F8CE2C14A7F35B0B1EC2B
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/adview?ai=Cf2lCpZRPY6vDNJPtgQfdjJjQB_TMmPBskLr2qeoQlL-1q64BEAEgjL7ze2CVgoCAuAegAZ7-_NgByAEJqQIW7MzSgsyBPqgDAcgDSKoExQFP0HoSfhUEqhJdYqCwEYEzbcx_q7CIK-Qbhd7cIg7Q4hevTDN0gAmFhRQU6ZJqzeKRxsXW7rQtXd-XShZrl0sZGfUOajICnmPx4yvfMI_kc398-_sZrJwFgFPEfjRkr323S0mx8ee7DTwqFiHndDjRhjmeeiTnVyRkjF7yvBV7MuzlE79aBy1v4h6yUnvqwemkVPypCBF-jR7iC_--jIX7Vr2hh1Xw7JU6BN73kMaI3Tc0CgagcjU2O1x1LxyXEY6nT8RLK8AE35OE058EkgUECAQYAZIFBAgFGASgBi6AB8qBg6cCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ7IsF0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwrQFQGAFwGyFxwKGggAEhRwdWItNjEzMDg4ODQzMjUyNjU2MRgA&sigh=uCd2SaU_tyU&uach_m=[UACH]&cid=CAQSGwDq26N9-fBJUfcCUPIUM4KlYxojcBmRaEkvlBgBIA4&template_id=419
Frame ID: 78EE6ED4D330E0C29A44CB2AD86AB95A
Requests: 7 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 7B640C24A036229266B484F8B6126584
Requests: 2 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: FD72EC7B3670D69C80B5B40EC284D0D9
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js
Frame ID: 886D81E734CF36C063DECE05FD11BCC4
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 91A320C757B2862C4D84AD5F4CCD840C
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 1EAA1B7AACEAD74DA470C1909F00AE54
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Business News | Latest Headlines on Candorium

Page URL History Show full URLs

http://candorium.com/ HTTP 301
https://candorium.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

OWL Carousel (Widgets) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+owl\.carousel(?:\.min)?\.css
owl\.carousel.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

126
Requests

99 %
HTTPS

72 %
IPv6

16
Domains

25
Subdomains

26
IPs

4
Countries

3331 kB
Transfer

5173 kB
Size

17
Cookies

3 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/CandoriumNews

Search URL Search Domain Scan URL

URL: https://twitter.com/candorium

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/candorium/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://candorium.com/ HTTP 301
https://candorium.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 87

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 109

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 112

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

126 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
candorium.com/
Redirect Chain

http://candorium.com/
https://candorium.com/

50 KB
50 KB

4149ms
3812ms

Document
text/html

44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 4c4e2c1eeba940528fb398aa2437344e4cd5ae16fd67c8d79e969ce4c53f092e

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

content-language: de-DE
content-type: text/html;charset=UTF-8
date: Wed, 19 Oct 2022 06:09:40 GMT

Redirect headers

Connection: keep-alive
Content-Length: 134
Content-Type: text/html
Date: Wed, 19 Oct 2022 06:09:36 GMT
Location: https://candorium.com:443/
Server: awselb/2.0

GET
H2 200 bootstrap.css
candorium.com/css/ 143 KB
143 KB 172ms
162ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/css/bootstrap.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e469061df2d98b8a403da5bca3ef97e34f4cec6ecc9b2e5b8db5fd8c27defe36

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 146137
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 all.min.css
candorium.com/fonta/fontawesome/css/ 58 KB
58 KB 347ms
334ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/fonta/fontawesome/css/all.min.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 59305
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 css
fonts.googleapis.com/ 664 B
858 B 50ms
16ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 19 Oct 2022 06:09:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 05:20:51 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Oct 2022 06:09:40 GMT

GET
H2 200 niceCountryInput.css
candorium.com/css/ 2 KB
2 KB 339ms
327ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/css/niceCountryInput.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 197a767102ff118b94c2e223bbad91e2434cdc73945f53a5f2fb2b8e4cc466e2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 1972
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 owl.carousel.min.css
candorium.com/css/ 3 KB
4 KB 339ms
328ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/css/owl.carousel.min.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 3351
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 owl.theme.default.min.css
candorium.com/css/ 1013 B
1 KB 340ms
329ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/css/owl.theme.default.min.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 1013
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 generalized.css
candorium.com/css/ 65 KB
66 KB 336ms
325ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/css/generalized.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a0f1fc0d64c54dd70a8490fda96c89d8fdd115679892aa9be5675c19e3dffb15

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 66746
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 index-new.css
candorium.com/css/ 42 KB
43 KB 346ms
336ms Stylesheet
text/css 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/css/index-new.css
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 0251ea9760306c70bac70c526f13bbea8a418239be3096e0f5f476cce3686dd4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 43212
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/css

GET
H2 200 jquery-1.11.1.min.js Show response
candorium.com/js/ 94 KB
94 KB 341ms
332ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/jquery-1.11.1.min.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 95786
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 custom.js Show response
candorium.com/js/ 2 KB
2 KB 342ms
333ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/custom.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: be13de92cd9ebbdb8e89cd7aec229113e60ca1948fe829663542fcf6b5364b17

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 1574
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 jquery-ui.js Show response
candorium.com/js/ 232 KB
232 KB 339ms
330ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/jquery-ui.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 0617837406853c26cef2f8afb0b8c0332606705b7decf90202ed4b32e4bf404c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 237112
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 bootstrap.js Show response
candorium.com/js/ 68 KB
69 KB 497ms
488ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/bootstrap.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 69707
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 niceCountryInput.js Show response
candorium.com/js/ 200 KB
201 KB 649ms
641ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/niceCountryInput.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 60784ff1e48f1123ad3be73ff5ba8b0c25c3551de96697bf2a6c103b2bda68cb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 204806
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 owl.carousel.min.js Show response
candorium.com/js/ 51 KB
52 KB 497ms
489ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/owl.carousel.min.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 9a616c0a2540108ee781c5617f802fb038b6fe147fc5db354f9e203bd672a1e9

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 52598
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 moment.min.js Show response
cdn.jsdelivr.net/momentjs/latest/ 50 KB
18 KB 52ms
19ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/momentjs/latest/moment.min.js

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 11917934
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19158-FRA, cache-itm18827-ITM
server: cloudflare
etag: W/"c909-Mv32cwvjRTjgk3jsbMVSKdmnAVE"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iNt6sErN4pytTS3z6ygTAQXk75vLZa3rbcop98Ks5tj7tiRA2lFxO9JiPhHElFzxveMatcex1z5AudlNvp3oZbggl3IDzS6cITnmFIhpHKsGh5qQoFzShe2YuzF3YvV9TZ%2F5qUUIv3AURoBPeWY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin: *
cf-ray: 75c758a5bdb391ed-FRA

GET
H2 200 daterangepicker.min.js Show response
cdn.jsdelivr.net/npm/daterangepicker/ 32 KB
8 KB 54ms
21ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.min.js

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 4596
x-jsd-version: 3.1.0
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19152-FRA, cache-iad-kiad7000149-IAD
x-jsd-version-type: version
server: cloudflare
etag: W/"7f60-yn4DlHkED3KaP/biww3JCbN4kvM"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Twlgqazpa16iTT6KEHBeVVFyWVLJOW8huDa6A84%2FkkDzWSZoXh7XNrVl9JbbgpZrORustIiyXrBqcH%2B3RWjCMXqRjOI5lI3Hl3UmbZSi%2F%2BUH75h%2FMdsAaQPpbkeI11l6nlsPPxGE9JO7PHcrLO0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 75c758a5bdb691ed-FRA

GET
H2 200 daterangepicker.css
cdn.jsdelivr.net/npm/daterangepicker/ 8 KB
2 KB 54ms
22ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/daterangepicker/daterangepicker.css

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 16739
x-jsd-version: 3.1.0
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-served-by: cache-fra19148-FRA
x-jsd-version-type: version
server: cloudflare
etag: W/"1f85-jqRIojRLzDZKkujJKC/BWFh0US4"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q9l8bj6o1YjKGPlMSN8sxiT5xZ5CR4jtnsf1X0XdTZVeUjhnLoQLqS1CxGDDdEprxKnLFERcFv1c%2FKLAXt%2FhRXt9CVjS%2BCP0keXxMzrRyC8pZQapfOK%2Blgk2fWW37kEC0oS0lbwMHL6oyUTPTfg%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 75c758a5bdb191ed-FRA

GET
H2 200 signUp.js Show response
candorium.com/js/ 4 KB
4 KB 643ms
638ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/signUp.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 06176cd95610da96c30ba037710c378484fdd7784f0e4db14b87a8a9c859ed72

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 3854
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 commonScriptFile.js Show response
candorium.com/js/ 12 KB
13 KB 644ms
640ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/commonScriptFile.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 4e8b14b0df2f2e8919c33cfe97d6e1ca449b432661b35717182a84278686bf60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 12662
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 newsCandorium.js Show response
candorium.com/js/ 22 KB
22 KB 647ms
642ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/newsCandorium.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: ca17215c828c71e28315a0edf10476db2cf8c674c5fcb0764bedab56dd0a495d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 22485
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 typeahead.js Show response
candorium.com/js/ 6 KB
7 KB 647ms
643ms Script
application/javascript 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/js/typeahead.js
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 5c1aa98d3518f47668464401ea743b80b378f2280cbc3dfc4d2be2499e35da7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:40 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 6151
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/javascript

GET
H2 200 logo.webp
candorium.com/images/ 6 KB
6 KB 175ms
174ms Image
image/webp 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://candorium.com/images/logo.webp
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a89c9828fbf347d46e907d3b6fe25bf384866110911be12eba9d1f057f7c4cab

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 5930
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/webp

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 167 KB
54 KB 80ms
48ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

69fd6ee439045a26386a24a21e97adacd580ee158a20d6c3cf3b82b61eae0412

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 55137
x-xss-protection: 0
server: cafe
etag: 3319282856280936590
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 06:09:41 GMT

GET
H2 200 Icon%20open-reload.png
candorium.com/images/ 337 B
847 B 172ms
167ms Image
image/png 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://candorium.com/images/Icon%20open-reload.png
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: d17a1075834b2e297c34fee854cf3bd30f0977e264ace48ff3b4083031a5a701

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 337
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/png

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/648a82345fd74af49492a52f62dca8f1.0/preview/ 68 KB
68 KB 66ms
11ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/648a82345fd74af49492a52f62dca8f1.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~648a82345fd74af49492a52f62dca8f1!rsn~0!cid~f964932c7cb24dec84d4596ee0e2c3ac!orgId~120647!qt~XCMpVSxe9pF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

81414983fc0bb56fcb1c854987b2a85fe44d81c1a9d929cbdf5dfd0c0512718c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Tue, 18 Oct 2022 09:36:03 GMT
Via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 74018
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 18 Oct 2022 06:00:38 GMT
ETag: "be29f00bc373436a8e260e85c9f25659"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: m2s59WlbLI2T5xmMUsLYJzIPkKn75f6ZrcuwHUIycHcRcAk8GiN_bQ==

GET
H/1.1 200
OK Associated-Press-logo.png
10kinfo-appdata.s3.us-west-2.amazonaws.com/edgar0105/CompanyImages/ 66 KB
66 KB 570ms
191ms Image
image/png 3.5.80.162
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://10kinfo-appdata.s3.us-west-2.amazonaws.com/edgar0105/CompanyImages/Associated-Press-logo.png
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.5.80.162 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-us-west-2-r-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4cf57c44f8ea3e86786ca38173db0cf432846aca932f34e50b3fcf9256af12ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 06:09:43 GMT
Last-Modified: Wed, 03 Aug 2022 16:15:04 GMT
Server: AmazonS3
x-amz-request-id: CEMWP4A3RS5NMZDA
ETag: "2f3b644d6a6f792b157df53d72780ed7"
x-amz-meta-sha256: 4cf57c44f8ea3e86786ca38173db0cf432846aca932f34e50b3fcf9256af12ad
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 67331
x-amz-id-2: wufGwX3kZcuZ1OGFttOItpGDAV6V94a+8u4SjY4q1zvVAjSogU20G1JW++dXH6kC/V5MtgONJw+MFmFUd+8YQg==
x-amz-meta-s3b-last-modified: 20220803T161431Z

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/f7ab6e3ecfc143d3a240ffcf7bca38bd.0/preview/ 51 KB
52 KB 67ms
12ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/f7ab6e3ecfc143d3a240ffcf7bca38bd.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~f7ab6e3ecfc143d3a240ffcf7bca38bd!rsn~0!cid~9a3a7a0556d2406aa84bcdcdade32443!orgId~120647!qt~gviUf6hGHiF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

1c457dfb7a8bb751b947d83bd04d0939ed34dc59aad7cebe9dac95f10dc04d2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Tue, 18 Oct 2022 09:16:31 GMT
Via: 1.1 72e8bbddfffeeec486003f867d631024.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 75190
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 18 Oct 2022 08:32:59 GMT
ETag: "811de1ecf6fc6a303126457fab0b97f9"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: M5MKqBcb_47diqnIe2OmEmRq7dsXa_D15geZkLpn0Tb-dzDLcQrxQA==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/39d07a3a3b914769bf82497c15233599.0/preview/ 43 KB
43 KB 65ms
10ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/39d07a3a3b914769bf82497c15233599.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~39d07a3a3b914769bf82497c15233599!rsn~0!cid~06ecc7ab3d2248b6ac6dae7f20818a55!orgId~120647!qt~2CqqKqipZ0F!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

53b7f5e85321641226ac1515c37a532cde8c0537140da54a5617202a8ee0a938

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Tue, 18 Oct 2022 16:13:53 GMT
Via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 50148
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 18 Oct 2022 15:49:43 GMT
ETag: "97b831bf63c906fdc506713e3ba13813"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: F0zIG90vqP3tGKG5E9LT5hqPMKbAouMof-HD52Jgt-2wCbmpM7M3vA==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/45673d6598a5446e9dced9309ecbd6e5.0/preview/ 31 KB
32 KB 65ms
10ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/45673d6598a5446e9dced9309ecbd6e5.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~45673d6598a5446e9dced9309ecbd6e5!rsn~0!cid~b21afc4272bb43a79dbe640a8e208994!orgId~120647!qt~RvCdAJKWnHF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

cdea459671f549e92a9de2f71bfab2727ce08d658837aa2b184e64b4d51e5830

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 01:01:55 GMT
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 18465
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 07 Oct 2022 15:23:51 GMT
ETag: "9100c23a86fcd34afdeba7043a4a9a88"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: Y7t5STZ1tD6OYIgyypJwx75EbzFOVW-DgdMxC-wdgyum5PLMEi8Txg==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/6f193b93db54402294a5390f1ca7cb68.0/preview/ 50 KB
50 KB 71ms
12ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/6f193b93db54402294a5390f1ca7cb68.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~6f193b93db54402294a5390f1ca7cb68!rsn~0!cid~432486391f3b4a05b61409ad4a7bda50!orgId~120647!qt~gviUf6hGHiF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

493cbed12b6a7e5d577d1af86d2163e27db342fbf200d37b5fe402c7a127471f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 05:56:14 GMT
Via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 807
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 18 Oct 2022 15:01:13 GMT
ETag: "0a387f9a598414ef9f1c5d38e712a2c9"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: FwN2y5ecy576aKhbl_dawox0Pew0RKOiDu1Fwe-r5iUgWFkWlaH4Qw==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/534ebccab0ca4ea1b9ced81dabcbd355.0/preview/ 58 KB
59 KB 68ms
10ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/534ebccab0ca4ea1b9ced81dabcbd355.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~534ebccab0ca4ea1b9ced81dabcbd355!rsn~0!cid~36b7e6910ec4415aa3cd030449cba8df!orgId~120647!qt~Njft7dqlw9F!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

e00428002d6ec75cdfd2142d56d60bde10ab1ba65617881bb6b16976e331e240

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 05:20:51 GMT
Via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 2930
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:01:33 GMT
ETag: "444360ebb72590e5852e43e1adc4a2db"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: _eOj9ZjKQC3_dQ0L8UsYVqP7YjG5ru83MjX0dPPnHrotZAqDez3gpg==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/aca64e9269d44684947c1d926f2eb79b.0/preview/ 69 KB
70 KB 12ms
12ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/aca64e9269d44684947c1d926f2eb79b.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~aca64e9269d44684947c1d926f2eb79b!rsn~0!cid~0f417113c6034c7b867d5dbf2cdbd317!orgId~120647!qt~ixu-Pb3JRAKF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

8ac6870df38e47744c33dca4ec7073daa372c58e7ef93b5061f738a66c8681bb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 05:26:32 GMT
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 2589
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:12:13 GMT
ETag: "4e2adfe87d1ab92364e95b4e5aa37b61"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: WHKwc_afnxGA6B8l42R_ia638fQ-3Pkbfv54N6X1mkqcsjKw30JA9g==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/399d2c30536548809d5f8e6384d9b1b0.0/preview/ 53 KB
54 KB 12ms
11ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/399d2c30536548809d5f8e6384d9b1b0.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~399d2c30536548809d5f8e6384d9b1b0!rsn~0!cid~6d732b13984d4b708748d7dec2335bfb!orgId~120647!qt~gviUf6hGHiF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9390f91b1402eb632520ef84406acf5884bf19af3f20e5c24482a6982322751c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 05:16:32 GMT
Via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 3188
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:45:24 GMT
ETag: "d326595a350cc541d43e4e168ff833b0"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: L2li5Faf39XLNkagkuwsJqTTat8PYxIgfQQDP4rfoNNqs-BnpT98-w==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/37897622af76420fbc73891e4b92006a.0/preview/ 33 KB
34 KB 13ms
13ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/37897622af76420fbc73891e4b92006a.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~37897622af76420fbc73891e4b92006a!rsn~0!cid~d0bb305104ec4e058f4933bd6ce050d6!orgId~120647!qt~Tor2umiWdBF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

448e85e29f3ea4e9f129d1ddeae6852297b529b85c4bc34cb418fb646de4eedf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 05:16:15 GMT
Via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 3206
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:59:03 GMT
ETag: "29535549d2f0e042962633b1f07d7f4f"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: 98A6j8M4x2LSMHzyiZ01wiCEdeuIu3_tBPkeN3HulvM8QXm6hbhCPg==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/aaf7c2272c724024aa68c61a04ab779d.0/preview/ 42 KB
43 KB 22ms
22ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/aaf7c2272c724024aa68c61a04ab779d.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~aaf7c2272c724024aa68c61a04ab779d!rsn~0!cid~64d826dbd3174824b092dd118cffa4c8!orgId~120647!qt~RvCdAJKWnHF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

736d4765a496f5211bcd949b8d2ea2f1fcba46ddfc7adb4ecfaaf47b3a222b85

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 04:31:38 GMT
Via: 1.1 72e8bbddfffeeec486003f867d631024.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 5883
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:24:28 GMT
ETag: "da89a0bc00e189c9e84cd5a18455a6fa"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: YQbp2Q3WuAn92Dg-aq7at4g18pomIa01ybzEquYKKOftb4ZMUFNl6g==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/3885f47ec9e64387946371ede194cd52.2/preview/ 52 KB
52 KB 13ms
12ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/3885f47ec9e64387946371ede194cd52.2/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~3885f47ec9e64387946371ede194cd52!rsn~2!cid~aadaef3c61334227bbb1bc5a1c7ff13c!orgId~120647!qt~Njft7dqlw9F!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

924857651c278299085640bc4778b6f8d1da795e17a0548311f9b1c2a6bbda96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 04:13:23 GMT
Via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 6978
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:00:37 GMT
ETag: "81219e46205dfb872c55e8fde82b6714"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: 2-3d7jbrApWfh739cqpK_g5Lbaie85dIntXhg96MzsOJvVfj8kAQMw==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/6edd4f90699f43eb8bef63329ccf5ef1.0/preview/ 66 KB
66 KB 10ms
10ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/6edd4f90699f43eb8bef63329ccf5ef1.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~6edd4f90699f43eb8bef63329ccf5ef1!rsn~0!cid~48815d39eb7c465c97780aed18b5f1cb!orgId~120647!qt~Njft7dqlw9F!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9e255d8044351c7bddb3479bffba13ba1a1d7a908bf52a8be7522c1d68cffc6f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 04:06:21 GMT
Via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 7400
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 04:00:32 GMT
ETag: "02b5d74eb85e76cd5f6fae448e841ed2"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: JGC911GPzC6fnK9NYTQXjSQvCYiezzVJwbTi0YwXUAmJuj8sqcVkIA==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/ff6a33d3ffec4d1ca193eb9667d1f620.0/preview/ 48 KB
49 KB 11ms
9ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/ff6a33d3ffec4d1ca193eb9667d1f620.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~ff6a33d3ffec4d1ca193eb9667d1f620!rsn~0!cid~77ef38e83fc64f64a3011164649391a3!orgId~120647!qt~RvCdAJKWnHF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

af12d3fb58896e7b684ab0fb2cc3472b8092845fc1f5e5076c72693d76a28a79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:56:13 GMT
Via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 8008
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 02:42:55 GMT
ETag: "037f4d248fccc4d42ea4d0da252a2f8c"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: -4YCRlLYXZIicna30l4kuA7T9C2zWLDrmqHJVYgYxpog17NciC74DQ==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/cf5d163beb724b7abe4b223e4da6f639.0/preview/ 39 KB
40 KB 12ms
10ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/cf5d163beb724b7abe4b223e4da6f639.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~cf5d163beb724b7abe4b223e4da6f639!rsn~0!cid~5b91b3d2e8da423fb84c25c9422347a5!orgId~120647!qt~yyC0pbJgYfF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

1b3dcb266741570d7f9293004dd2c0fcc9548acd52379a4e7734a27e89380060

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:16:13 GMT
Via: 1.1 28ccbefb54459137bb0b0d946fd75e48.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 10408
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 01:57:52 GMT
ETag: "6d04603526235f56848aaa58b70636b6"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: NVWzSasCQG_AvR9TpbVLysd86EZeYOHr-XrM58Eh_ufF1bRzoJoNrA==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/e35e7f034fb245548078a29f35cb3850.0/preview/ 60 KB
61 KB 9ms
9ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/e35e7f034fb245548078a29f35cb3850.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~e35e7f034fb245548078a29f35cb3850!rsn~0!cid~920789bf7feb49fda1f745c7c9df67cd!orgId~120647!qt~ixu-Pb3JRAKF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

ba7e9f76917bf1f90546b68716e2e162834aa89b92ae7503eb94e679830d5357

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:16:43 GMT
Via: 1.1 579a21a67e4dc50a655a7c0e9675261c.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 10378
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 03:03:05 GMT
ETag: "7498aa77c024da715eabdc83ab0a496c"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: AZY8ODgO-AM4GCInxgoan8cFo30cO6eJmyi9jfWEMHxrNCnedJOqLg==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/24226c88c70b43389c91b1610081fc65.0/preview/ 40 KB
40 KB 9ms
9ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/24226c88c70b43389c91b1610081fc65.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~24226c88c70b43389c91b1610081fc65!rsn~0!cid~31a6cbf9de9046969f43b59e96675572!orgId~120647!qt~ixu-Pb3JRAKF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

9fa6ea4edfc2e0de476b132b475788066ee152efee959878803e869713bc39c2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:15:15 GMT
Via: 1.1 4162b603e4967e54c2386fa354705d6e.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 10466
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 01:14:22 GMT
ETag: "b8332c68e60cd8b9cdf655e069525c9b"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: dboqD6Id7MEhnoNFvSgJNlD-ky5U8chruTm2kB11hcItYJRb11U5KA==

GET
H/1.1 200
OK preview.jpg
mapi.associatedpress.com/v1/items/7d6c18bcfd984764bf78915c44fb6cbc.0/preview/ 57 KB
57 KB 13ms
13ms Image
image/jpeg 2600:9000:206f:200:8:aaff:ad40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mapi.associatedpress.com/v1/items/7d6c18bcfd984764bf78915c44fb6cbc.0/preview/preview.jpg?nfe=true&s=512&app=MPK&tag=iid~7d6c18bcfd984764bf78915c44fb6cbc!rsn~0!cid~a6b2ca6dc1274f98843cfee0b2c025a4!orgId~120647!qt~ixu-Pb3JRAKF!orgNm~Candorium!role~Preview!mt~photo!fmt~JPEG%20Baseline

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:206f:200:8:aaff:ad40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

cb5185a840a027a170e92df7b8a827260f3863bb1171061df1f16b78acee41b0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Date: Wed, 19 Oct 2022 03:56:17 GMT
Via: 1.1 46546eb404789d29bf372f6a3fe43876.cloudfront.net (CloudFront)
X-Content-Type-Options: nosniff
X-Amz-Cf-Pop: FRA56-C1
Age: 8004
Transfer-Encoding: chunked
X-DNS-Prefetch-Control: off
X-Cache: Hit from cloudfront
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 19 Oct 2022 03:03:52 GMT
ETag: "6286f40649a5f194e025db8fc985b55c"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
X-Amz-Cf-Id: hM4NbrE17cVUKXYWBLkzvATLATYmPdWG7QA_UoYNrgspklfz9X-yIQ==

GET
H2 200 facebook.png
candorium.com/images/ 836 B
1 KB 172ms
169ms Image
image/png 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://candorium.com/images/facebook.png
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 488841668a6f972fe1e03dba6c21811d7e87f09c522a23a47f07e8a237a32049

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 836
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/png

GET
H2 200 twitter.png
candorium.com/images/ 817 B
1 KB 172ms
170ms Image
image/png 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://candorium.com/images/twitter.png
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: f243052fad2d79d81420f853c808fbc4da2cc867df82ebc68483c4153057f834

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 817
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/png

GET
H2 200 linkedin.png
candorium.com/images/ 542 B
1 KB 173ms
171ms Image
image/png 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://candorium.com/images/linkedin.png
Requested by: Host: candorium.com
URL: https://candorium.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: a4a2692eec84b82f7eabf6a4dcf27ca3562a15c4a94c148aeebfdb5b6ec75b61

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 542
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: image/png

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 161 KB
60 KB 48ms
23ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-5L3236P

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a2a30b542b49b8a5f880986794bfb721e4f997da136e56b321ebec912a586e47

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 60957
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 Oct 2022 06:09:41 GMT

GET
H2 200 fa-solid-900.woff2
candorium.com/fonta/fontawesome/webfonts/ 76 KB
77 KB 169ms
167ms Font
application/font-woff2 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/fonta/fontawesome/webfonts/fa-solid-900.woff2
Requested by: Host: candorium.com
URL: https://candorium.com/fonta/fontawesome/css/all.min.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

Request headers

Referer: https://candorium.com/fonta/fontawesome/css/all.min.css
Origin: https://candorium.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 78268
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/font-woff2

GET
H2 200 Roboto-Regular.woff
candorium.com/fonts/ 72 KB
73 KB 170ms
169ms Font
application/font-woff 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/fonts/Roboto-Regular.woff
Requested by: Host: candorium.com
URL: https://candorium.com/css/generalized.css
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 753b2f38660a99bdc4143fcdb42ff24d3ffa065b0b6bf193bd9226d9a25bee9a

Request headers

Referer: https://candorium.com/css/generalized.css
Origin: https://candorium.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
last-modified: Fri, 15 Jul 2022 13:25:24 GMT
accept-ranges: bytes
content-length: 74060
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/font-woff

GET
H2 200 popularNewsSearch Show response
candorium.com/ 27 KB
27 KB 3310ms
3310ms XHR
application/json 44.226.27.167
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://candorium.com/popularNewsSearch?_=1666159781557
Requested by: Host: candorium.com
URL: https://candorium.com/js/jquery-1.11.1.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.226.27.167 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-226-27-167.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: d339fb6ba54365c7c7f2d43d28742df44913aba85a61c7482b970c1961dc2087

Request headers

Accept: */*
Referer: https://candorium.com/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:44 GMT
content-type: application/json

GET newsBySic
candorium.com/ 0
0

GET
H2 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210110101/ 353 KB
116 KB 59ms
57ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6130888432526561&plah=candorium.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8824f1bd38944f6b4c7948dff3db1f9d0690c800a2937db72055eeb63b7824e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 118727
x-xss-protection: 0
server: cafe
etag: 8275423328660504097
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 19 Oct 2022 06:09:41 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20221017/r20190131/ Frame 6BC8 10 KB
5 KB 32ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20221017/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 6992
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=1209600
content-encoding: gzip
content-length: 4420
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 04:13:09 GMT
etag: 9671129459699598864
expires: Wed, 02 Nov 2022 04:13:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 45ms
7ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L3236P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 05:15:57 GMT
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
server: Golfe2
age: 3224
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20039
expires: Wed, 19 Oct 2022 07:15:57 GMT

GET
H2 200 hotjar-2893595.js Show response
static.hotjar.com/c/ 4 KB
2 KB 117ms
52ms Script
application/javascript 18.155.145.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-2893595.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L3236P

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.155.145.106 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-155-145-106.ham50.r.cloudfront.net

Software

Resource Hash

578c031a1c7b7ef9ce6c014ef868b1f535d693cc79ca17910f8776bb2ee8b6d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
content-encoding: br
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 06:09:41 GMT
via: 1.1 047bd08beb708919e51605064d34f6ec.cloudfront.net (CloudFront)
x-amz-cf-pop: HAM50-P1
etag: W/12e2526b6b02eb85c843b1f704ec20f0
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cache-control: max-age=60
cross-origin-resource-policy: cross-origin
x-amz-cf-id: K7amOSvSnG9tQnNA8gpb4Pg8it_Lt3yK5sewc3mK5DIbwsqF6IYDeg==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 214 KB
74 KB 47ms
29ms Script
application/javascript 2a00:1450:4001:809::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-ZSGG2QKPDV&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5L3236P

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

b0435def53714bfb207553e2c791a14dbd8e970df634ddf94754ca1c03b01017

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 75764
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 19 Oct 2022 06:09:41 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 393 B
698 B 39ms
17ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=candorium.com&callback=_gfp_s_&client=ca-pub-6130888432526561&gpid_exp=1

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202210110101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6130888432526561&plah=candorium.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5ad4ac0441089865923dfcbcd54b22efddec25423f9088dca44400ba6457cec5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 253
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 44ms
16ms Script
application/javascript 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=candorium.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 44ms
16ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=candorium.com

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame EE53 129 KB
42 KB 447ms
430ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=90&slotname=5565695447&adk=880337784&adf=800173418&pi=t.ma~as.5565695447&w=1200&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=1200x90&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=90&rw=1386&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781687&bpp=4&bdt=977&idt=121&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&correlator=7896586340906&frm=20&pv=2&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=107&ady=151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Qw1yK3WuxS&p=https%3A//candorium.com&dtd=137

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e740ecb810bbf0515e9c434ac273a3b5a7b95572263992d49258ea6aa5a9fc5c

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COupv-_Q6_oCFZN24AodXQYGeg&gqi=pZRPY9rmM4HR7_UPy8KyoAc&layout=/sadbundle/%24csp%253Der3%24/3311480703879820105/html5.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 42681
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COupv-_Q6_oCFZN24AodXQYGeg&gqi=pZRPY9rmM4HR7_UPy8KyoAc&layout=/sadbundle/%24csp%253Der3%24/3311480703879820105/html5.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 77AD 129 KB
42 KB 338ms
332ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=100&slotname=3241708067&adk=3011240405&adf=3819214084&pi=t.ma~as.3241708067&w=289&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=289x100&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=100&rw=289&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781691&bpp=1&bdt=981&idt=141&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=30&ady=304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=9MwgLsa8PV&p=https%3A//candorium.com&dtd=145

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

0cbef9769cd8fed8da511af9f33ed0a11de7bc8d17cebaa9c9b08428aa4d4857

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMu-wO_Q6_oCFQ6fmwodLeUEpQ&gqi=pZRPY-riM_-89u8PjLu06AU&layout=/sadbundle/%24csp%253Der3%24/9909768873720797296/Eleq_320x100.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 42676
content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CMu-wO_Q6_oCFQ6fmwodLeUEpQ&gqi=pZRPY-riM_-89u8PjLu06AU&layout=/sadbundle/%24csp%253Der3%24/9909768873720797296/Eleq_320x100.html
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 3949 71 KB
29 KB 507ms
506ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=300&slotname=3476726338&adk=2412121383&adf=2749753813&pi=t.ma~as.3476726338&w=299&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=299x300&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=300&rw=299&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781692&bpp=1&bdt=982&idt=146&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=464&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=HvKaZKLpkg&p=https%3A//candorium.com&dtd=149

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

28e93c3aec1a5efa811ae674efff4dab8d984155290edb5c4c439d05456bf1e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-encoding: br
content-length: 29299
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame 57A6 0
19 B 21ms
20ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&adk=1812271804&adf=3025194257&lmt=1666159781&plat=9%3A32776%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fcandorium.com%2F&ea=0&pra=7&wgl=1&easpi=0&easai=1&asntp=0&asntpv=0&asntpl=0&asntpm=0&asntpc=0&asna=5&asnd=5&asnp=5&asns=5&asmat=1&asptt=-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781723&bpp=1&bdt=1014&idt=119&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100%2C299x300&nras=1&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=2&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=4&uci=a!4&fsb=1&dtd=124

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:41 GMT
expires: Wed, 19 Oct 2022 06:09:41 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 31ms
14ms XHR
text/plain 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j98&a=541096967&t=pageview&_s=1&dl=https%3A%2F%2Fcandorium.com%2F&ul=en-us&de=UTF-8&dt=Business%20News%20%7C%20Latest%20Headlines%20on%20Candorium&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAAABAAAAAC~&jid=412485721&gjid=1085528844&cid=1566004134.1666159782&tid=UA-195320684-1&_gid=1523539801.1666159782&_r=1&gtm=2wgah05L3236P&z=588732250

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://candorium.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:41 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://candorium.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
336 B 39ms
15ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-ZSGG2QKPDV&gtm=2oeah0&_p=541096967&_gaz=1&cid=1566004134.1666159782&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1666159781&sct=1&seg=0&dl=https%3A%2F%2Fcandorium.com%2F&dt=Business%20News%20%7C%20Latest%20Headlines%20on%20Candorium&en=page_view&_fv=2&_ss=2&_c=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZSGG2QKPDV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://candorium.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
336 B 60ms
20ms Ping
text/plain 2a00:1450:400c:c0c::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-ZSGG2QKPDV&cid=1566004134.1666159782&gtm=2oeah0&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-ZSGG2QKPDV&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://candorium.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 42ms
19ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-ZSGG2QKPDV&cid=1566004134.1666159782&gtm=2oeah0&aip=1&z=1942016059

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 modules.5f63ca60a03298133ad8.js Show response
script.hotjar.com/ 254 KB
65 KB 54ms
9ms Script
application/javascript 52.222.236.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.5f63ca60a03298133ad8.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2893595.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.222.236.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-222-236-122.fra56.r.cloudfront.net

Software

Resource Hash

f433122da8de4f7e86aaa0422f1a1a782729938a6cf58632a1f591178b5b91f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 12:18:06 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=2592000; includeSubDomains
via: 1.1 ed91e9c9d6be32c45c1d670b7d4a6616.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P4
age: 64295
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 66045
last-modified: Tue, 18 Oct 2022 12:17:20 GMT
etag: "eb4f228026ced3bcaadde65163571860"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: UCH8OZ7sip6uAe59UyMfRvzkRh3Na1Gp75gmWKv_0jIMG0wZuB236Q==

GET
H2 200 box-c1417f7b48595d0dbca01c86f95d6dbb.html Show response
vars.hotjar.com/ Frame 2B29 2 KB
1 KB 46ms
8ms Document
text/html 18.66.147.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://vars.hotjar.com/box-c1417f7b48595d0dbca01c86f95d6dbb.html

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2893595.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.147.113 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-147-113.fra60.r.cloudfront.net

Software

Resource Hash

c0a4830af55fb7faabcbe34e804d186959aac83e6832495817e0e62122d2748f

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 75456
cache-control: max-age=31536000
content-encoding: br
content-length: 1035
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 18 Oct 2022 09:12:06 GMT
etag: "d2c298a660a1ee92f094a3d504e3e2e6"
last-modified: Tue, 18 Oct 2022 09:11:19 GMT
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
x-amz-cf-id: edNZtj-qgTqD-UxsBZCUntO59neGYd3NjnoMkxxE0KE20jHhm8vjMg==
x-amz-cf-pop: FRA60-P4
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/2893595/ 148 B
322 B 110ms
33ms XHR
application/json 63.34.182.251
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/2893595/visit-data?sv=7
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5f63ca60a03298133ad8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 63.34.182.251 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-34-182-251.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a9106f8201be70decee33d6db0ed15214e640fb5760a3ee0492dcfb6ca7b8ad0

Request headers

Referer: https://candorium.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

POST
H2 200 content Show response
ws40.hotjar.com/api/v2/sites/2893595/recordings/ 66 B
262 B 209ms
61ms XHR
application/json 52.31.217.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ws40.hotjar.com/api/v2/sites/2893595/recordings/content
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.5f63ca60a03298133ad8.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.31.217.27 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-31-217-27.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 3fb89c928c23f40b7657a3f74d405e07acddd7e24740fbbefd7eac76256dfa8c

Request headers

Referer: https://candorium.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: br
vary: Accept-Encoding
access-control-max-age: 86400
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store
access-control-allow-credentials: true

GET
H2 200 Eleq_320x100.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/ Frame 54FF 75 KB
18 KB 41ms
17ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3f82449580350c386d4c6f33bc0f4793a2ddb65bca5f3eb4f239070ba5d62964

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 149067
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 16890
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Mon, 17 Oct 2022 12:45:15 GMT
expires: Tue, 17 Oct 2023 12:45:15 GMT
last-modified: Fri, 02 Aug 2019 06:47:42 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 794A 0
0 54ms
54ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=CG0MYpZRPY4vYNY6-7gStypOoCpmSpJZh-eDy4OMKv-EeEAEgjL7ze2CVgoCAuAegAb_RsowDyAEJqQIV-ylmIY2wPqgDAcgDSKoExgFP0NR_rc3LMBicrIHY89AMf3_d-FLS7FBw4YQyuJ80ntMTgcoxPuOr6ifpJbzsKKrtCuOFIjwnjN972OVVpoYGK0RBgEyO0RNbm2WMSgiQ190zk6cRa2OV6FMsNuw-4eNnN0nF1jzGktAEYyf4M7RtK6vGx0etqIZUFtZkBwQ8V46ECuqSC1wl1FrrEIrAocsNknkkXHzBK3qeqKOeKn_pIfHZOnNcvTp-TWTikUJsIHVZfLiINqboOHqoz8RFuB3eiWBZ-eHABLa5ubCGApIFBAgEGAGSBQQIBRgEoAYugAeprs1zqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQzrYB0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEw3QFQGAFwGyFxwKGggAEhRwdWItNjEzMDg4ODQzMjUyNjU2MRgA&sigh=JLw3rIYgXG8&uach_m=[UACH]&cid=CAQSGwDq26N97aAHLonJGoEQXnxVtFdAEruzjLdRNBgBIA4&template_id=419

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=100&slotname=3241708067&adk=3011240405&adf=3819214084&pi=t.ma~as.3241708067&w=289&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=289x100&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=100&rw=289&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781691&bpp=1&bdt=981&idt=141&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=30&ady=304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=9MwgLsa8PV&p=https%3A//candorium.com&dtd=145
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 19 Oct 2022 06:09:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
H2 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/ Frame 794A 23 KB
10 KB 32ms
10ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=100&slotname=3241708067&adk=3011240405&adf=3819214084&pi=t.ma~as.3241708067&w=289&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=289x100&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=100&rw=289&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781691&bpp=1&bdt=981&idt=141&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=30&ady=304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=9MwgLsa8PV&p=https%3A//candorium.com&dtd=145

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 21:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 21:40:25 GMT

GET
H2 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 794A 3 KB
1 KB 37ms
15ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38763
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 19:23:39 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 794A 17 KB
7 KB 33ms
11ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 21:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 21:40:25 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 794A 152 KB
47 KB 58ms
18ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 99CC 143 B
166 B 10ms
9ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=100&slotname=3241708067&adk=3011240405&adf=3819214084&pi=t.ma~as.3241708067&w=289&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=289x100&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=100&rw=289&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781691&bpp=1&bdt=981&idt=141&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=30&ady=304&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=9MwgLsa8PV&p=https%3A//candorium.com&dtd=145
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 05:15:23 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame 54FF 6 KB
3 KB 26ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61042
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 19 Oct 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 54FF 34 KB
13 KB 26ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36996
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 19 Oct 2022 19:53:06 GMT

GET
H2 200 createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 54FF 186 KB
49 KB 45ms
22ms Script
text/javascript 2a00:1450:4001:80f::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/createjs_2015.11.26_54e1c3722102182bb133912ad4442e19_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/Eleq_320x100.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49100
x-xss-protection: 0
last-modified: Wed, 16 Mar 2016 13:51:35 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
DATA 200
OK truncated
/ Frame 794A 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 42a76236bef0bab34f9a7a8d2d0949c34e15ad012b79a2942f674595c374aae6

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html5.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/ Frame DF14 2 KB
825 B 72ms
72ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

af69f5f449ff9c523df2837f0f9f8e1fda6989f2cf513aae8d678c0d48e94fdd

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 795
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Thu, 19 Oct 2023 06:09:42 GMT
last-modified: Tue, 11 Oct 2022 11:50:30 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 78EE 0
0 52ms
52ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=Cf2lCpZRPY6vDNJPtgQfdjJjQB_TMmPBskLr2qeoQlL-1q64BEAEgjL7ze2CVgoCAuAegAZ7-_NgByAEJqQIW7MzSgsyBPqgDAcgDSKoExQFP0HoSfhUEqhJdYqCwEYEzbcx_q7CIK-Qbhd7cIg7Q4hevTDN0gAmFhRQU6ZJqzeKRxsXW7rQtXd-XShZrl0sZGfUOajICnmPx4yvfMI_kc398-_sZrJwFgFPEfjRkr323S0mx8ee7DTwqFiHndDjRhjmeeiTnVyRkjF7yvBV7MuzlE79aBy1v4h6yUnvqwemkVPypCBF-jR7iC_--jIX7Vr2hh1Xw7JU6BN73kMaI3Tc0CgagcjU2O1x1LxyXEY6nT8RLK8AE35OE058EkgUECAQYAZIFBAgFGASgBi6AB8qBg6cCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgHpKOxAqgH1ckbqAemvhvYBwDyBwQQ7IsF0ggRCIDhgBAQARgfMgKqAjoCgECACgHICwHYEwrQFQGAFwGyFxwKGggAEhRwdWItNjEzMDg4ODQzMjUyNjU2MRgA&sigh=uCd2SaU_tyU&uach_m=[UACH]&cid=CAQSGwDq26N9-fBJUfcCUPIUM4KlYxojcBmRaEkvlBgBIA4&template_id=419

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=90&slotname=5565695447&adk=880337784&adf=800173418&pi=t.ma~as.5565695447&w=1200&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=1200x90&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=90&rw=1386&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781687&bpp=4&bdt=977&idt=121&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&correlator=7896586340906&frm=20&pv=2&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=107&ady=151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Qw1yK3WuxS&p=https%3A//candorium.com&dtd=137
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 19 Oct 2022 06:09:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/ Frame 78EE 23 KB
9 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/abg_lite_fy2021.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=90&slotname=5565695447&adk=880337784&adf=800173418&pi=t.ma~as.5565695447&w=1200&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=1200x90&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=90&rw=1386&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781687&bpp=4&bdt=977&idt=121&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&correlator=7896586340906&frm=20&pv=2&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=107&ady=151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Qw1yK3WuxS&p=https%3A//candorium.com&dtd=137

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 21:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 21:40:25 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 78EE 3 KB
1 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38763
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 19:23:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 78EE 17 KB
7 KB 9ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 21:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 21:40:25 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 78EE 152 KB
46 KB 41ms
21ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 99CC
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
18 B

20ms
19ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 11983774377353488364
tpc.googlesyndication.com/simgad/ Frame 3949 15 KB
15 KB 13ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/11983774377353488364?sqp=4sqPyQQ7QjkqNxABHQAAtEIgASgBMAk4A0DwkwlYAWBfcAKAAQGIAQGdAQAAgD-oAQGwAYCt4gS4AV_FAS2ynT4&rs=AOga4qm2pcauHS7f_Manhq50t5Zp3r7i0A

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=300&slotname=3476726338&adk=2412121383&adf=2749753813&pi=t.ma~as.3476726338&w=299&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=299x300&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=300&rw=299&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781692&bpp=1&bdt=982&idt=146&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=464&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=HvKaZKLpkg&p=https%3A//candorium.com&dtd=149

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a345a9e87d8b7f263d452b50212d01767ad19a45de9fcfe48045e3153f83d780

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 12 Oct 2022 19:09:39 GMT
x-content-type-options: nosniff
age: 558003
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14949
x-xss-protection: 0
last-modified: Thu, 28 Jul 2022 05:33:45 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 12 Oct 2023 19:09:39 GMT

GET
H3 200 abg_lite_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/ Frame 3949 23 KB
9 KB 14ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/abg_lite_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 21:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9571
x-xss-protection: 0
server: cafe
etag: 15799940544776262544
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 21:40:25 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 3949 3 KB
1 KB 11ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/window_focus_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 38763
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1359
x-xss-protection: 0
server: cafe
etag: 1484984001845508991
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 19:23:39 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 3949 17 KB
7 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/qs_click_protection_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 21:40:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30557
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7569
x-xss-protection: 0
server: cafe
etag: 4237063375490391177
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 21:40:25 GMT

GET
H3 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3949 152 KB
46 KB 21ms
18ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47415
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1665574756386403"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
H3 200 one_click_handler_one_afma_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/ Frame 3949 33 KB
13 KB 12ms
9ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20221017/r20110914/client/one_click_handler_one_afma_fy2021.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5aaa6e5db037a6b2b9e6e59e3d88fc05553f681615d6ebe959560d97abc54c8c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 22:25:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 27880
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13731
x-xss-protection: 0
server: cafe
etag: 6374366346512913694
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Tue, 01 Nov 2022 22:25:02 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7B64 143 B
166 B 7ms
7ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=90&slotname=5565695447&adk=880337784&adf=800173418&pi=t.ma~as.5565695447&w=1200&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=1200x90&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=90&rw=1386&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781687&bpp=4&bdt=977&idt=121&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&correlator=7896586340906&frm=20&pv=2&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=107&ady=151&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7ClEe%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=1&uci=a!1&fsb=1&xpc=Qw1yK3WuxS&p=https%3A//candorium.com&dtd=137
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 05:15:23 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 c1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/ Frame 54FF 19 KB
19 KB 8ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/c1.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae655eee742732eec5653bc468a9bcee496f7b3e5e6ecde7633c96cd7cee6a79

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 17 Oct 2022 12:45:20 GMT
x-content-type-options: nosniff
age: 149062
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18952
x-xss-protection: 0
last-modified: Fri, 02 Aug 2019 06:47:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Oct 2023 12:45:20 GMT

GET
DATA 200
OK truncated
/ Frame 78EE 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 64745dedcba1ace0b660a62b2c20e5a8ee08daf195beeea018e736ef9e115506

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
googleads.g.doubleclick.net/pagead/ Frame 3949 0
0 54ms
52ms Fetch
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/adview?ai=C-zrcpZRPY8OwNZiX6gTn0qmoCpOBjvNs0K-XsM8Qzcb93wUQASCMvvN7YJWCgIC4B6ABw6uorCjIAQKpArIDHA2WyWA-qAMByAPJBKoE3AFP0GLEf2OqlgAfx4oYryH9AQfIpIjHxG6SHdCLHqrJeVDgy9mHaJSBWC8n6VHyuvlGTZkQgaxtg29o-wHxHOUg987Dc1fF_gKxKkMcjZ3z8icgbpmNZlLaCcfFU3dPoS2ICn3UVEsHLWJKZWrn6XrvKwmker9vEy9uKkjVE768hS2bjP5Ng7kabWo-TV7JpMp8yfqM-EjLMpSL0J5wws0I0RjEYkgIY_MOhqZx4cIkv59GocTWBe1io9yayy6HPCj7H60CCDzzKm1LZF5YrF4WOCN4WWB4KLQHs_LzwASCqPDJ_AOSBQQIBBgBkgUECAUYBKAGAoAHw-P4iwOoB47OG6gHk9gbqAfulrECqAf-nrECqAeko7ECqAfVyRuoB6a-G9gHAfIHBBCR_wHSCBEIgOGAEBABGB8yAqoCOgKAQIAKAcgLAdgTAtAVAZgWAYAXAbIXHAoaCAASFHB1Yi02MTMwODg4NDMyNTI2NTYxGAA&sigh=hEvq1j7ejXs&uach_m=[UACH]&cid=CAQSGwDq26N9BKm8M0dGJ8oRyy7RJ4GO00R95-wuiRgBIA4

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=300&slotname=3476726338&adk=2412121383&adf=2749753813&pi=t.ma~as.3476726338&w=299&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=299x300&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=300&rw=299&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781692&bpp=1&bdt=982&idt=146&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=464&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=HvKaZKLpkg&p=https%3A//candorium.com&dtd=149
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Wed, 19 Oct 2022 06:09:42 GMT
x-content-type-options: nosniff
server: cafe
content-type: text/html; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame DF14 6 KB
3 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 13:12:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 61042
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2655
x-xss-protection: 0
server: cafe
etag: 4618035238173732404
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 19 Oct 2022 13:12:20 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame DF14 34 KB
13 KB 10ms
8ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 19:53:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 36996
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13035
x-xss-protection: 0
server: cafe
etag: 2319883687766034370
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Wed, 19 Oct 2022 19:53:06 GMT

GET
H3 200 ads-css.css
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/css/ Frame DF14 19 KB
3 KB 53ms
50ms Stylesheet
text/css 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/css/ads-css.css

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

416518ea64d99f42bb3db6ffde30276ea744aa2fcb899fc1c1d3f4e941898c27

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 19 Oct 2022 06:09:42 GMT
age: 0
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3276
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 11:50:30 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Oct 2023 06:09:42 GMT

GET
H3 200 arrow-v3.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/ Frame DF14 5 KB
5 KB 35ms
35ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/arrow-v3.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4814267cb923c9c257e94954feb3e9e0ee30e85f8e72866bc8f9ac17703f61

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 19 Oct 2022 06:09:42 GMT
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5262
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 11:50:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Oct 2023 06:09:42 GMT

GET
H3 200 1665142849-c13c0b82-886e-476f-a65d-b3dafbe8bdf7_leaderboardSQUARE-original.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/ Frame DF14 18 KB
18 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/1665142849-c13c0b82-886e-476f-a65d-b3dafbe8bdf7_leaderboardSQUARE-original.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8f14de08b22bcea224a01fc7be4ea12c1af071c5665daf92ab96c3a44b0696a0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 18 Oct 2022 06:24:41 GMT
x-content-type-options: nosniff
age: 85501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18699
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 11:50:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 18 Oct 2023 06:24:41 GMT

GET
H3 200 1665142851-e5d1f584-62ea-49f4-a918-2b90be67c1a7_leaderboardSQUARE-original.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/ Frame DF14 16 KB
16 KB 18ms
17ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/1665142851-e5d1f584-62ea-49f4-a918-2b90be67c1a7_leaderboardSQUARE-original.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5f630ac7fc59609d9256df1f19892db3347a883d9a29fa59e939f8235841da8f

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Tue, 18 Oct 2022 06:24:41 GMT
x-content-type-options: nosniff
age: 85501
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16685
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 11:50:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 18 Oct 2023 06:24:41 GMT

GET
H3 200 company-logo.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/ Frame DF14 3 KB
3 KB 36ms
35ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/images/company-logo.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/html5.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6055aef59805c9ec96940f025d7546225b6b5253f3c4c0a13e1010c718896987

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 19 Oct 2022 06:09:42 GMT
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3274
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 11:50:30 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Oct 2023 06:09:42 GMT

GET
H3 200 c2.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/ Frame 54FF 33 KB
33 KB 9ms
8ms Image
image/png 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/c2.png

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e92603e6920f78c97c7e5e1a4f27850a820695ff6be1d8470db1f1ef0e13072

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 17 Oct 2022 12:45:21 GMT
x-content-type-options: nosniff
age: 149061
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33971
x-xss-protection: 0
last-modified: Fri, 02 Aug 2019 06:47:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Oct 2023 12:45:21 GMT

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FD72 143 B
166 B 9ms
8ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6130888432526561&output=html&h=300&slotname=3476726338&adk=2412121383&adf=2749753813&pi=t.ma~as.3476726338&w=299&fwrn=4&fwrnh=100&lmt=1666159781&rafmt=12&format=299x300&url=https%3A%2F%2Fcandorium.com%2F&fwr=0&fwrattr=true&rh=300&rw=299&sfro=1&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&dt=1666159781692&bpp=1&bdt=982&idt=146&shv=r20221017&mjsv=m202210110101&ptt=9&saldr=aa&abxe=1&prev_fmts=1200x90%2C289x100&correlator=7896586340906&frm=20&pv=1&ga_vid=1566004134.1666159782&ga_sid=1666159782&ga_hid=541096967&ga_fc=0&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=1270&ady=464&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44759875%2C44759926%2C44759837%2C44774648%2C42531705%2C44774652%2C44776450&oid=2&pvsid=1552993993380259&tmod=329586735&uas=0&nvt=1&eae=0&fc=896&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CpeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=3&uci=a!3&fsb=1&xpc=HvKaZKLpkg&p=https%3A//candorium.com&dtd=149
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 3259
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=3600
content-encoding: gzip
content-length: 145
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 05:15:23 GMT
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 3949 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 8739606beb24707ee0167cc4918f7c1bfe40b16f39535d01c3cb375a1c3b58fc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 54FF 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 06:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15945
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Oct 2023 06:48:17 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 7B64
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

28ms
28ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 p2.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/ Frame 54FF 26 KB
26 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/p2.jpg

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

44ea9961a843f816a5699d213ee7a03fa6b5076619bb5871442f622fe72e4c1b

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Mon, 17 Oct 2022 12:45:22 GMT
x-content-type-options: nosniff
age: 149060
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26482
x-xss-protection: 0
last-modified: Fri, 02 Aug 2019 06:47:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 17 Oct 2023 12:45:22 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame DF14 2 KB
457 B 41ms
18ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Libre+Franklin:400,700

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/3311480703879820105/assets/css/ads-css.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2574f935af28597eb7ac073f7098577d9570f9abbbd165a55ed10b362df2c333

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 19 Oct 2022 05:46:26 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame FD72
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
17 B

24ms
23ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 886D 36 KB
16 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 06:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15945
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Oct 2023 06:48:17 GMT

GET
H3 200 planet.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/ Frame 54FF 41 KB
41 KB 107ms
101ms Image
image/jpeg 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/9909768873720797296/planet.jpg

Requested by

Host: candorium.com
URL: https://candorium.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f13963b515a86095068f7654f44af635d4210a3f9b28a0de69f9c73439d72371

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
date: Wed, 19 Oct 2022 06:09:42 GMT
x-content-type-options: nosniff
age: 0
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42443
x-xss-protection: 0
last-modified: Fri, 02 Aug 2019 06:47:42 GMT
server: sffe
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 19 Oct 2023 06:09:42 GMT

GET
H2 200 jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2
fonts.gstatic.com/s/librefranklin/v13/ Frame DF14 27 KB
27 KB 39ms
10ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/librefranklin/v13/jizDREVItHgc8qDIbSTKq4XkRiUf2zc.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Libre+Franklin:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Mon, 17 Oct 2022 17:12:31 GMT
x-content-type-options: nosniff
age: 133031
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27268
x-xss-protection: 0
last-modified: Mon, 11 Jul 2022 18:56:23 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 17 Oct 2023 17:12:31 GMT

GET
H3 200 7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js Show response
pagead2.googlesyndication.com/bg/ Frame DF14 36 KB
16 KB 18ms
16ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 06:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15945
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Oct 2023 06:48:17 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 15 KB
11 KB 114ms
35ms XHR
application/json 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20221017&st=env

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

913d3fc54761ada07b438d9f293d6cd1afa49c6d5e38061b31e7c0ee81554b02

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11362
x-xss-protection: 0

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 19 Oct 2022 06:09:42 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 91A3 13 KB
5 KB 9ms
8ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 4890
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 04:48:12 GMT
expires: Thu, 19 Oct 2023 04:48:12 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 1EAA 783 B
535 B 18ms
18ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

ef696e44f98f3f945b1108f93aceb7f735036c0a4626ae02fbb904a4e3515878

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Wc6tI-xcLkM1mfTEju8JDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://candorium.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=300
content-encoding: gzip
content-length: 513
content-security-policy: script-src 'report-sample' 'nonce-Wc6tI-xcLkM1mfTEju8JDw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Wed, 19 Oct 2022 06:09:42 GMT
expires: Wed, 19 Oct 2022 06:09:42 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js Show response
pagead2.googlesyndication.com/bg/ Frame 91A3 36 KB
16 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/7JEUJG1jVChIMuhiOxVurQN9pIQLeBNKr_aiZz5iC5Y.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Tue, 18 Oct 2022 06:48:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84085
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15945
x-xss-protection: 0
last-modified: Tue, 11 Oct 2022 09:38:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 18 Oct 2023 06:48:17 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 1EAA 0
0 41ms
41ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20221017&jk=1552993993380259&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame 91A3 0
10 B 7ms
7ms Image
text/plain 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?-nyk0w
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

date: Wed, 19 Oct 2022 06:09:42 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 794A 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvlVCy7uFlEV3PY2AfADuaMALdO3RzujXjBTOfFzMLYhYvxrUdG5z7qzXrw5154ZTApS590C3RbKi99er5OiSexQoBjzrwpHaB89QhnNQW27beGdHa0Pw-VGPjj6ALtKLzdyA0d4w&sai=AMfl-YQoPK8nwvAHF2J92x7KIdSCpZADtYFW8v0xM3Uw7J6SXuoW8OTV56KuC844XCD6CfT_VKXA0GOVW5IBCvA&sig=Cg0ArKJSzPFxm5YwEJ4QEAE&cid=CAQSGwDq26N97aAHLonJGoEQXnxVtFdAEruzjLdRNBgBIA4&id=lidar2&mcvt=1000&p=0,1,90.3125,290&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=0.99&if=1&vu=1&app=0&itpl=2&adk=3011240405&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666159782195&rpt=177&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 78EE 42 B
64 B 43ms
43ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuonLFJd9zsJ_sGKwUCLh1SBY-u-FDH3D7wJUu7_xJGpueNgwwiIoQrrRj8ZmVZiqyZaK8-gWyDlzZsWwYZvslg1A4lINyPBXD5ARq6SWZarENWQ3en4yAVBmqpEmvcxHPEqacYoQ&sai=AMfl-YRQnqXR5zf3FmKXIcAUVCtxlVGl9Ss379CJKizS0Q2CEyL5FVIyZPUYcvGe_aqp_bFO4ZTTTui5WDQbYTc&sig=Cg0ArKJSzD9PejrTBFIwEAE&cid=CAQSGwDq26N9-fBJUfcCUPIUM4KlYxojcBmRaEkvlBgBIA4&id=lidar2&mcvt=1000&p=0,0,90,728&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=2&adk=880337784&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666159782301&rpt=143&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ 0
0 45ms
44ms Image
text/html 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20221017&jk=1552993993380259&bg=!REelRwPNAAYeOJy_Pjg7ACkAdvg8WnHHJMPDlJyZQ9LgYXaZLlgxSwPjsW7dcjOYdx5PDrVNB4GsTgIAAABRUgAAAAJoAQcKANyOkkQz-m_d56BoYX2jN4t0BXQ2bIyyXwEejfIamMxJnQuDYctC93l_NbUY964zQW83BCSbqhOyM_lmLVk5IrUpQPDTjBfyEuW08ELgME3WKdDtm1VAvOZMxMkaUihWc8eJnx5-MScgn5fRflaSo0wo9cwhDV5rned2kp1i1Vylt4STixoSYxDaZN0M6IwgUfJNNqXeX7NcvogmUQC8hTzWdvmviqglfvarKXiMWjmIm5kPoWpl2RofukdnINNmrjc_lvNaftW5vfpgunhyjU8gfO3S0vv9E4VQQ8wTmQKZmJTRL4xK7dwvVyLPkyxZra0tVPCyd182K2TzKJLBXHd6jjVGXJ20zguB-imPSqW5ep2pxmze0H5QWMfr8SkJnSisUJ5kLD84g-ktFQmG7JerOz9ZtAXyvVQfDbda4sOoAK17p5xc_nCXl7ShgB3Be_Wp7yTEq7OMs9b_ouvQ2fpAMIa6WjeLOt9aoBtpxPoa8_Afj6yOtazazFZ4uat23HhCzv39c64tSt30xJlbkdEg_UkMp1sEDp6EfC7Y8Dcox2ccn2scyhf66TQ0nUgZHqOFZqCdtF2m-U_oaiOHoRpl-cgR_1Lsb1lvdr-qrb9sGKcp90QOmWu2YNz85Q_w7O3WgkBgQylNbY3N1WMulHK_9BsTV789uptBIxASFGkPsk_9Zugf_XxiIkGmmHxAxZA6Bdb2wlYAaboiLRl8EhXew8NsQdSexwz9wiBouCZayVMFvihtKcWD3Wp4p2mVZ9AaIFvu5cDsbrlwZMP7FWnJo0B0yuPhzb1Kph1djZIoNMkKTLuSR1Cx_fCbAFEZZ0uG8F2XY-xQXJp8UrXggto3nUFlpOxODfyogioSSY4fRXU83UK07VBbK3X_1selxESQ29yBdeylm65RBzMKlwLbnDgMFAHnPtXAj6DWgapu9vM6LUSEiEjz4zQ6j7RcWu4QPZrWxn1VfYPHUYA6FFEtLefP5ewHb0hSgRbYNq2o8_1EKLwtog4QVYnHRZ2XfHQgoOthVfcs4BCED3erdAGFZlyWpRzTejqaz_Plzp1z4-DQjMTYiizmLyUwv9R8IbcdkR53PBRKiJ-SyCqU_4RnjdhfQBXvkP4g4qnqToCEFFCxDulBSKr-7B5LFPN3PM6FuUtQoSUSUopYRmVjq44ceAav5A6i9YU
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://candorium.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 3949 42 B
64 B 44ms
44ms Fetch
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsufSbMd3u0dgu1BSMJxStgFvhp_P_C4zl61iY4gu_F9sMTIHNkm1rAPNeDJ8hYJ-JJOokJaB6QaXAJYf528QOCMya8sZ6FJuCrjwMK49wUah386W6jQ-eJ7DlMEAeaahSpYyafvOA&sai=AMfl-YQsSWOe_TAGxS5q8Bymy8v4TXgl_yVaULza-pD_Vh9tnr1JVqkltIF_ENObQv4e6heOO8tZ6U5uNrPUj-Y&sig=Cg0ArKJSzBlRpW66q3MWEAE&cid=CAQSGwDq26N9BKm8M0dGJ8oRyy7RJ4GO00R95-wuiRgBIA4&id=lidar2&mcvt=1000&p=0,12,276,288&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20221012&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=4&adk=2412121383&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLGZhbHNlLG51bGwsIiIsW10sZmFsc2Vd&vs=4&r=v&rst=1666159781841&rpt=661&met=mue&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.119 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 19 Oct 2022 06:09:43 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: candorium.com
URL: https://candorium.com/newsBySic?_=1666159781558

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
candorium.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: B61EAFDCAF21F592FE24FC8195C9C5FF
.candorium.com/	1970-01-20 06:50:46	Name: _gid Value: GA1.2.1523539801.1666159782
.candorium.com/	1970-01-20 06:49:19	Name: _gat_UA-195320684-1 Value: 1
.candorium.com/	1970-01-20 16:25:19	Name: _ga_ZSGG2QKPDV Value: GS1.1.1666159781.1.0.1666159781.60.0.0
.candorium.com/	1970-01-20 16:25:19	Name: _ga Value: GA1.1.1566004134.1666159782
.candorium.com/	1970-01-20 16:10:55	Name: __gads Value: ID=72a6cc13857bb774-226b7d0e4ace0020:T=1666159781:RT=1666159781:S=ALNI_Mb3nyJfzVHZIIbtayiq-KUYuzu4Lg
.candorium.com/	1970-01-20 16:10:55	Name: __gpi Value: UID=00000b756474d9e0:T=1666159781:RT=1666159781:S=ALNI_MZJ2Kroo61tH3Pcp6rFmOmdMcL45Q
.candorium.com/	1970-01-20 15:34:55	Name: _hjSessionUser_2893595 Value: eyJpZCI6IjllYjJmZTg2LWFlNGUtNTMwNy1hYWJkLTllNzJlY2Y3OTQzNSIsImNyZWF0ZWQiOjE2NjYxNTk3ODIwMTUsImV4aXN0aW5nIjpmYWxzZX0=
.candorium.com/	1970-01-20 06:49:21	Name: _hjFirstSeen Value: 1
candorium.com/	1970-01-20 06:49:19	Name: _hjIncludedInSessionSample Value: 1
.candorium.com/	1970-01-20 06:49:21	Name: _hjSession_2893595 Value: eyJpZCI6IjAzM2E0NGYwLWY0ZjQtNGIwMi04MjFlLWIxYjczNTM1NmY0YyIsImNyZWF0ZWQiOjE2NjYxNTk3ODIwMzMsImluU2FtcGxlIjp0cnVlfQ==
candorium.com/	1970-01-20 06:49:19	Name: _hjIncludedInPageviewSample Value: 1
.candorium.com/	1970-01-20 06:49:21	Name: _hjAbsoluteSessionInProgress Value: 0
.doubleclick.net/	1970-01-20 16:10:55	Name: IDE Value: AHWqTUndxhUA5VZ_o94UayMlSVnYT_z0eBgG1kUjAFMWBDLZh0m2MR-JzF0JpDdEMgY
.doubleclick.net/	1970-01-20 06:49:23	Name: DSID Value: NO_DATA
candorium.com/	1970-01-20 06:59:24	Name: AWSALB Value: fsaaHuX/RC8jQV8Fs1R//573w/DbRGt6NfQUwpBufqjNsv6IzkVpXC2NTw78akcsZJl7L1IRWbH+zB2QqXJ2MkfsRjvbcfz20Po/tu20Le0Wd3jylKtLRFy8qvs8
candorium.com/	1970-01-20 06:59:24	Name: AWSALBCORS Value: fsaaHuX/RC8jQV8Fs1R//573w/DbRGt6NfQUwpBufqjNsv6IzkVpXC2NTw78akcsZJl7L1IRWbH+zB2QqXJ2MkfsRjvbcfz20Po/tu20Le0Wd3jylKtLRFy8qvs8

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10kinfo-appdata.s3.us-west-2.amazonaws.com
adservice.google.com
adservice.google.de
candorium.com
cdn.jsdelivr.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
in.hotjar.com
mapi.associatedpress.com
pagead2.googlesyndication.com
partner.googleadservices.com
region1.analytics.google.com
s0.2mdn.net
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
tpc.googlesyndication.com
vars.hotjar.com
ws40.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
candorium.com
18.155.145.106
18.66.147.113
2001:4860:4802:34::36
2600:9000:206f:200:8:aaff:ad40:93a1
2606:4700::6810:5614
2a00:1450:4001:800::2002
2a00:1450:4001:802::2002
2a00:1450:4001:806::2002
2a00:1450:4001:806::200a
2a00:1450:4001:809::2001
2a00:1450:4001:809::2003
2a00:1450:4001:809::2008
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2006
2a00:1450:4001:827::2002
2a00:1450:4001:827::200e
2a00:1450:4001:829::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c0c::9c
3.5.80.162
44.226.27.167
52.222.236.122
52.31.217.27
63.34.182.251
0251ea9760306c70bac70c526f13bbea8a418239be3096e0f5f476cce3686dd4
06176cd95610da96c30ba037710c378484fdd7784f0e4db14b87a8a9c859ed72
0617837406853c26cef2f8afb0b8c0332606705b7decf90202ed4b32e4bf404c
0abe8deb334de1ba743b04d0399e99eba336afed9da72fc4c0a302c99f9238c8
0c5b68b3ae23054815d89c5a2230ad7edf2d4b68732b4463d6be74cacb974055
0cbef9769cd8fed8da511af9f33ed0a11de7bc8d17cebaa9c9b08428aa4d4857
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
18ffb82a05bcd7e430f57b9428d2a6990f127948e7ff14d66c3784a84f4330ee
197a767102ff118b94c2e223bbad91e2434cdc73945f53a5f2fb2b8e4cc466e2
1b3dcb266741570d7f9293004dd2c0fcc9548acd52379a4e7734a27e89380060
1c457dfb7a8bb751b947d83bd04d0939ed34dc59aad7cebe9dac95f10dc04d2e
2574f935af28597eb7ac073f7098577d9570f9abbbd165a55ed10b362df2c333
28e93c3aec1a5efa811ae674efff4dab8d984155290edb5c4c439d05456bf1e7
3772c62c6a77a8e84e253b4fee14543a7d93e79ddbeb0327948349a70dc84e45
3e92603e6920f78c97c7e5e1a4f27850a820695ff6be1d8470db1f1ef0e13072
3f82449580350c386d4c6f33bc0f4793a2ddb65bca5f3eb4f239070ba5d62964
3fb89c928c23f40b7657a3f74d405e07acddd7e24740fbbefd7eac76256dfa8c
416518ea64d99f42bb3db6ffde30276ea744aa2fcb899fc1c1d3f4e941898c27
42a76236bef0bab34f9a7a8d2d0949c34e15ad012b79a2942f674595c374aae6
448e85e29f3ea4e9f129d1ddeae6852297b529b85c4bc34cb418fb646de4eedf
44ea9961a843f816a5699d213ee7a03fa6b5076619bb5871442f622fe72e4c1b
488841668a6f972fe1e03dba6c21811d7e87f09c522a23a47f07e8a237a32049
493cbed12b6a7e5d577d1af86d2163e27db342fbf200d37b5fe402c7a127471f
4c4e2c1eeba940528fb398aa2437344e4cd5ae16fd67c8d79e969ce4c53f092e
4cf57c44f8ea3e86786ca38173db0cf432846aca932f34e50b3fcf9256af12ad
4e8b14b0df2f2e8919c33cfe97d6e1ca449b432661b35717182a84278686bf60
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
53b7f5e85321641226ac1515c37a532cde8c0537140da54a5617202a8ee0a938
540bc6dec1dd4b92ea4d3fb903f69eabf6d919afd48f4e312b163c28cff0f441
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
575c82f23dbb9285df2f62c7c8121c65d89e8137713110a149067d695975215e
578c031a1c7b7ef9ce6c014ef868b1f535d693cc79ca17910f8776bb2ee8b6d9
5a9f9b8fdda3dc64dc104281767edc8ce0798cd76bfc307c17a7c7b4db115c86
5aaa6e5db037a6b2b9e6e59e3d88fc05553f681615d6ebe959560d97abc54c8c
5ad4ac0441089865923dfcbcd54b22efddec25423f9088dca44400ba6457cec5
5c1aa98d3518f47668464401ea743b80b378f2280cbc3dfc4d2be2499e35da7d
5f630ac7fc59609d9256df1f19892db3347a883d9a29fa59e939f8235841da8f
6055aef59805c9ec96940f025d7546225b6b5253f3c4c0a13e1010c718896987
60784ff1e48f1123ad3be73ff5ba8b0c25c3551de96697bf2a6c103b2bda68cb
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64745dedcba1ace0b660a62b2c20e5a8ee08daf195beeea018e736ef9e115506
69fd6ee439045a26386a24a21e97adacd580ee158a20d6c3cf3b82b61eae0412
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6f4813e4fe6dd891838e421479bf603f6d3f0d2a55b90517b875a77050471d4b
736d4765a496f5211bcd949b8d2ea2f1fcba46ddfc7adb4ecfaaf47b3a222b85
753b2f38660a99bdc4143fcdb42ff24d3ffa065b0b6bf193bd9226d9a25bee9a
7d4814267cb923c9c257e94954feb3e9e0ee30e85f8e72866bc8f9ac17703f61
81414983fc0bb56fcb1c854987b2a85fe44d81c1a9d929cbdf5dfd0c0512718c
8739606beb24707ee0167cc4918f7c1bfe40b16f39535d01c3cb375a1c3b58fc
8824f1bd38944f6b4c7948dff3db1f9d0690c800a2937db72055eeb63b7824e0
8aa048082094d36080fc028ab1584264596c64fb5b362038c4761ac9838d6b14
8ac6870df38e47744c33dca4ec7073daa372c58e7ef93b5061f738a66c8681bb
8f14de08b22bcea224a01fc7be4ea12c1af071c5665daf92ab96c3a44b0696a0
913d3fc54761ada07b438d9f293d6cd1afa49c6d5e38061b31e7c0ee81554b02
924857651c278299085640bc4778b6f8d1da795e17a0548311f9b1c2a6bbda96
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac
9390f91b1402eb632520ef84406acf5884bf19af3f20e5c24482a6982322751c
94fdb66ec8fe748981a4f2090fdf4a2a0a3dbe5ace2e65c4ce46e95d692bdac7
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
98578d9e429bafe2edbd9d00271e88a85fa457ead4c106485d157fd955b5f2de
99464ceb71bc9bbdcc72275faefe44f98eb5cbb6b5d8ee665b87b35376f1a96e
9a616c0a2540108ee781c5617f802fb038b6fe147fc5db354f9e203bd672a1e9
9e255d8044351c7bddb3479bffba13ba1a1d7a908bf52a8be7522c1d68cffc6f
9fa6ea4edfc2e0de476b132b475788066ee152efee959878803e869713bc39c2
a0f1fc0d64c54dd70a8490fda96c89d8fdd115679892aa9be5675c19e3dffb15
a2a30b542b49b8a5f880986794bfb721e4f997da136e56b321ebec912a586e47
a345a9e87d8b7f263d452b50212d01767ad19a45de9fcfe48045e3153f83d780
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a4a2692eec84b82f7eabf6a4dcf27ca3562a15c4a94c148aeebfdb5b6ec75b61
a89c9828fbf347d46e907d3b6fe25bf384866110911be12eba9d1f057f7c4cab
a9106f8201be70decee33d6db0ed15214e640fb5760a3ee0492dcfb6ca7b8ad0
ae655eee742732eec5653bc468a9bcee496f7b3e5e6ecde7633c96cd7cee6a79
af12d3fb58896e7b684ab0fb2cc3472b8092845fc1f5e5076c72693d76a28a79
af69f5f449ff9c523df2837f0f9f8e1fda6989f2cf513aae8d678c0d48e94fdd
b0435def53714bfb207553e2c791a14dbd8e970df634ddf94754ca1c03b01017
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719
ba7e9f76917bf1f90546b68716e2e162834aa89b92ae7503eb94e679830d5357
be13de92cd9ebbdb8e89cd7aec229113e60ca1948fe829663542fcf6b5364b17
c0a4830af55fb7faabcbe34e804d186959aac83e6832495817e0e62122d2748f
ca17215c828c71e28315a0edf10476db2cf8c674c5fcb0764bedab56dd0a495d
cb5185a840a027a170e92df7b8a827260f3863bb1171061df1f16b78acee41b0
cdea459671f549e92a9de2f71bfab2727ce08d658837aa2b184e64b4d51e5830
d17a1075834b2e297c34fee854cf3bd30f0977e264ace48ff3b4083031a5a701
d339fb6ba54365c7c7f2d43d28742df44913aba85a61c7482b970c1961dc2087
d618d4869738e0dc22360f0ec0cbb6433257843f24723fac240dda0906685238
e00428002d6ec75cdfd2142d56d60bde10ab1ba65617881bb6b16976e331e240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e469061df2d98b8a403da5bca3ef97e34f4cec6ecc9b2e5b8db5fd8c27defe36
e740ecb810bbf0515e9c434ac273a3b5a7b95572263992d49258ea6aa5a9fc5c
ec9114246d6354284832e8623b156ead037da4840b78134aaff6a2673e620b96
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef696e44f98f3f945b1108f93aceb7f735036c0a4626ae02fbb904a4e3515878
f13963b515a86095068f7654f44af635d4210a3f9b28a0de69f9c73439d72371
f243052fad2d79d81420f853c808fbc4da2cc867df82ebc68483c4153057f834
f2dbee6e8cb9bff59607fadf14404bd7fca23c704c0677fc43b902e4e15de00f
f433122da8de4f7e86aaa0422f1a1a782729938a6cf58632a1f591178b5b91f8
f7408c25067cd0a9d9fe835cb4c05e394a50751d3fcde0c461db19a309abb02a
fee86fd46a67912ffd9ae2997c583f59abe6e11c532496c52759e94136837d48

candorium.com Open in urlscan Pro 44.226.27.167 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

126 Requests

99 %HTTPS

72 %IPv6

16 Domains

25 Subdomains

26 IPs

4 Countries

3331 kBTransfer

5173 kBSize

17 Cookies

3 Outgoing links

Page URL History

Redirected requests

126 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

candorium.com Open in urlscan Pro
44.226.27.167 Public Scan

Screenshot
Live screenshot

Full Image

126
Requests

99 %
HTTPS

72 %
IPv6

16
Domains

25
Subdomains

26
IPs

4
Countries

3331 kB
Transfer

5173 kB
Size

17
Cookies

126 HTTP transactions
3 data transactions