www.controle.notisul.com.br Open in urlscan Pro
190.89.239.42 Public Scan

URL: https://www.facebook.com/notisul/
Title:

URL: https://www.instagram.com/notisul/
Title:

URL: https://twitter.com/jornalnotisul
Title:

URL: https://www.youtube.com/channel/UC0Q-3cS6YOYpVBCtJzEN66Q
Title:

URL: https://notisul.com.br/colunistas/
Title: Colunistas

URL: https://notisul.com.br/colunistas/a-hora-do-emprego-fernando-rodrigues/
Title: A Hora do Emprego – Fernando Rodrigues

URL: https://notisul.com.br/colunistas/agencia-de-inovacao-e-empreendedorismo-da-unisul-agetec/
Title: Agência de Inovação e Empreendedorismo da Unisul – AGETEC

URL: https://notisul.com.br/colunistas/arquitetura-criativa-jorge-henrique-de-souza/
Title: Arquitetura Criativa – Jorge Henrique de Souza

URL: https://notisul.com.br/colunistas/autoconhecimento-e-proposito-juliana-mendes/
Title: Autoconhecimento e Propósito – Juliana Mendes

URL: https://notisul.com.br/colunistas/de-hoje-em-diante-daniel-de-luca/
Title: De hoje em diante – Daniel De Luca

URL: https://notisul.com.br/colunistas/de-olho-na-vida-pe-sergio-jeremias/
Title: De Olho na Vida – Pe. Sérgio Jeremias

URL: https://notisul.com.br/colunistas/imperfeicoes-leo-rosa-de-andrade/
Title: Imperfeições – Léo Rosa de Andrade

URL: https://notisul.com.br/colunistas/inteligencia-financeira-camila-scussel/
Title: Inteligência Financeira – Camila Scussel

URL: https://notisul.com.br/colunistas/leis-e-ladainhas-felipe-de-souto-advogado/
Title: Leis e Ladainhas – Felipe de Souto – Advogado

URL: https://notisul.com.br/colunistas/luiz-henrique/
Title: Luiz Henrique

URL: https://notisul.com.br/colunistas/minha-vida-de-cao-cris-carara/
Title: Minha Vida de Cão – Cris Carara

URL: https://notisul.com.br/colunistas/nazareno-schmoeller-souza/
Title: Nazareno Schmoeller Souza

URL: https://notisul.com.br/colunistas/no-look-com-a-luque-juliana-luque/
Title: No look com a Luque – Juliana Luque

URL: https://notisul.com.br/colunistas/panorama-kessia-meurer/
Title: Panorama – Késsia Meurer

URL: https://notisul.com.br/colunistas/portugues-na-ponta-da-lingua-andrea-debiasi/
Title: Português na Ponta da Língua – Andréa Debiasi

URL: https://notisul.com.br/colunistas/rafael-andrade/
Title: Rafael Andrade

URL: https://notisul.com.br/colunistas/saude-e-bem-estar-daniel-mauricio-de-oliveira-rodrigues-naturologo-danielmor7/
Title: Saúde e Bem-estar – Daniel Maurício de Oliveira Rodrigues – Naturólogo – @danielmor7

URL: https://notisul.com.br/colunistas/saude-e-bem-estar-fernando-hellmann-naturologo/
Title: Saúde e bem-estar – Fernando Hellmann – Naturólogo

URL: https://notisul.com.br/colunistas/saude-e-bem-estar-renata-hermes-naturologa/
Title: Saúde e bem-estar – Renata Hermes – Naturóloga

URL: https://notisul.com.br/colunistas/spotlight-filmes-series-musica-e-arte-contemporanea-germaa-oliveira/
Title: Spotlight – Filmes, séries, música e arte contemporânea – Germaà Oliveira

URL: https://notisul.com.br/colunistas/tecnologia-e-educacao-fernando-darci-pitt/
Title: Tecnologia e Educação – Fernando Darci Pitt

URL: https://notisul.com.br/colunistas/zulair-fernandes/
Title: Zulair Fernandes

URL: https://notisul.com.br/anuncie/
Title: Anuncie

URL: https://notisul.com.br/contato/
Title: Contato

URL: https://controle.notisul.com.br/
Title: Notisul

URL: https://notisul.com.br/colunistas/luiz-henrique/um-pais-do-faz-de-conta/

URL: https://notisul.com.br/colunistas/luiz-henrique/geo-politica-x-ego-politica/

URL: https://notisul.com.br/colunistas/luiz-henrique/o-senhor-das-moscas/

URL: https://notisul.com.br/colunistas/luiz-henrique/terra-em-transe/

URL: https://notisul.com.br/geral/mes-de-setembro-comeca-com-tempo-firme-em-santa-catarina/
Title: Mês de setembro começa com tempo firme em Santa Catarina

URL: https://notisul.com.br/geral/motorista-de-onibus-se-forma-em-direito-aos-79-anos/
Title: Motorista de ônibus se forma em Direito aos 79 anos

URL: https://notisul.com.br/geral/tubaronense-cria-projeto-que-ajuda-pessoas-cegas-a-lerem-bula-de-remedios/
Title: Tubaronense cria projeto que ajuda pessoas cegas a lerem bula de remédios

URL: https://notisul.com.br/geral/vendida-pela-avo-quando-bebe-mulher-reencontra-mae-apos-48-anos/
Title: Vendida pela avó quando bebê, mulher reencontra mãe após 48 anos

URL: https://notisul.com.br/geral/povo-tera-a-oportunidade-mais-importante-no-dia-7-diz-bolsonaro-em-mg/
Title: Povo terá a “oportunidade mais importante” no dia 7, diz Bolsonaro em MG

URL: https://notisul.com.br/geral/aneel-cria-nova-bandeira-tarifaria-e-conta-de-luz-fica-mais-cara/
Title: Aneel cria nova bandeira tarifária, e conta de luz fica mais cara

URL: https://notisul.com.br/geral/capivari-de-baixo-audiencia-publica-sobre-ppp-sera-realizada-nesta-quinta-feira-2/
Title: Capivari de Baixo: audiência Pública sobre PPP será realizada nesta quinta-feira (2)

URL: https://notisul.com.br/geral/agosto-lilas-violencia-domestica-e-tema-de-palestra-no-ceaca/
Title: Agosto Lilás: Violência Doméstica é tema de palestra no Ceaca

URL: https://notisul.com.br/geral/casa-de-repouso-abrigo-bem-viver-entidade-afirma-que-todas-as-melhorias-requeridas-foram-tomadas/
Title: Casa de Repouso Abrigo Bem Viver: entidade afirma que todas as melhorias requeridas foram tomadas

URL: https://notisul.com.br/geral/policia-militar-prende-foragido-da-justica-em-capivari-de-baixo/
Title: Polícia Militar prende foragido da justiça, em Capivari de Baixo

URL: https://notisul.com.br/esportes/atletas-da-atn-participam-de-maratona-aquatica-em-florianopolis/
Title: Atletas da ATN participam de maratona aquática em Florianópolis

URL: https://notisul.com.br/esportes/laura-boppre-justino-vai-representar-tubarao-em-evento-de-fisiculturismo-em-camboriu/
Title: Laura Boppré Justino vai representar Tubarão em evento de fisiculturismo em Camboriú

URL: https://notisul.com.br/geral/
Title: Geral

URL: https://notisul.com.br/geral/o-que-e-ser-pai-no-seculo-xxi/

URL: https://notisul.com.br/geral/ameeloah-carreteiro-beneficente-arrecada-dinheiro-para-tratamento-de-menina-de-3-anos/
Title: AmeEloah: carreteiro beneficente arrecada dinheiro para tratamento de menina de 3 anos

URL: https://notisul.com.br/geral/erudito-e-sertanejo-se-encontram-orquestra-santa-teresinha-se-apresentara-nesta-terca-feira-em-tubarao/
Title: Erudito e sertanejo se encontram: Orquestra Santa Teresinha se apresentará nesta terça-feira em Tubarão

URL: https://notisul.com.br/geral/edital-para-construcao-da-ponte-capivari-de-baixo-tubarao-sera-lancado-nesta-terca-31/
Title: Edital para construção da Ponte Capivari de Baixo-Tubarão será lançado nesta terça (31)

URL: https://notisul.com.br/tag/coronavirus/
Title: Coronavírus

URL: https://notisul.com.br/seguranca/
Title: Segurança

URL: https://notisul.com.br/seguranca/pf-desarticula-quadrilha-especializada-em-defensivos-agricolas-ilegais/
Title: PF desarticula quadrilha especializada em defensivos agrícolas ilegais

URL: https://notisul.com.br/seguranca/golpe-do-financiamento-prisoes-sao-efetuadas-nesta-segunda-feira-30-vitimas-sao-de-sc-e-mais-seis-estados/
Title: Golpe do financiamento: prisões são efetuadas nesta segunda-feira (30). Vítimas são de SC e mais seis Estados

URL: https://notisul.com.br/seguranca/operacao-choque-cruzado-e-deflagrada-e-homicidio-e-elucidado/
Title: Operação “Choque Cruzado” é deflagrada e homicídio é elucidado

URL: https://notisul.com.br/seguranca/homem-e-morto-a-pauladas-na-frente-do-irmao/
Title: Homem é morto a pauladas na frente do irmão

URL: https://notisul.com.br/seguranca/madrasta-e-acusada-de-agressao-contra-menor-de-4-anos-em-capivari-de-baixo/
Title: Madrasta é acusada de agressão contra menor de 4 anos, em Capivari de Baixo

URL: https://accounts.serverdo.in/aff.php?aff=57&utm_source=afiliados&utm_medium=banner&utm_campaign=notisul
Title:

URL: https://notisul.com.br/opiniao/
Title: Opinião

URL: https://notisul.com.br/opiniao/inverno-influencias-dos-ciclos-cosmicos-em-nossas-vidas/
Title: Inverno: Influencias dos ciclos cósmicos em nossas vidas

URL: https://notisul.com.br/geral/morre-samuel-castro-de-30-anos-em-acidente-de-carro/
Title: Morre Samuel Castro, de 30 anos, em acidente de carro

URL: https://notisul.com.br/seguranca/familia-se-despede-de-arthur-correa-nunes-apos-acidente-em-laguna/
Title: Família se despede de Arthur Corrêa Nunes após acidente em Laguna

URL: https://notisul.com.br/geral/internado-por-complicacoes-de-diabetes-nicolas-donadel-tem-morte-cerebral-confirmada/
Title: Internado por complicações de diabetes, Nicolas Donadel tem morte cerebral confirmada

URL: https://notisul.com.br/seguranca/mae-deixa-bebe-sozinho-no-carro-para-ir-a-loterica-no-centro-de-tubarao/
Title: Mãe deixa bebê sozinho no carro para ir à lotérica, no Centro de Tubarão

URL: https://notisul.com.br/geral/morre-jovem-que-ficou-ferido-apos-acidente-em-laguna/
Title: Morre jovem que ficou ferido após acidente em Laguna

URL: https://notisul.com.br/seguranca/menino-de-10-anos-morre-soterrado-em-laguna/
Title: Menino de 10 anos morre soterrado em Laguna

URL: https://notisul.com.br/seguranca/mulher-rouba-carne-em-mercado-e-e-detida-na-saida-do-estabelecimento-em-tubarao/
Title: Mulher rouba carne em mercado e é detida na saída do estabelecimento, em Tubarão

URL: https://notisul.com.br/geral/criolo-se-manifesta-em-defesa-de-professor-exonerado-em-criciuma/
Title: Criolo se manifesta em defesa de professor exonerado em Criciúma

URL: https://notisul.com.br/geral/tubarao-corpo-de-samuel-castro-e-velado-na-capela-santa-rita/
Title: Tubarão: corpo de Samuel Castro é velado na Capela Santa Rita

URL: https://notisul.com.br/seguranca/228785/

URL: https://notisul.com.br/esporte/
Title: Esportes

URL: https://notisul.com.br/esportes/
Title: Esportes

URL: https://notisul.com.br/esportes/tubarao-recebe-o-lider-camboriu-na-vila/

URL: https://notisul.com.br/esportes/imbitubense-jorginho-frello-e-eleito-o-melhor-jogador-da-europa-em-2021/
Title: Imbitubense Jorginho Frello é eleito o melhor jogador da Europa em 2021

URL: https://notisul.com.br/esportes/menos-de-2-meses-para-a-rio-do-rastro-marathon-em-sc/
Title: Menos de 2 meses para a Rio do Rastro Marathon em SC

URL: https://notisul.com.br/geral/atn-ocupa-a-15a-posicao-no-ranking-nacional-de-clubes-da-cbda-em-2021/
Title: ATN ocupa a 15ª posição no Ranking Nacional de Clubes da CBDA em 2021

URL: https://www.facebook.com/notisul
Title: Curtir

URL: https://instagram.com/notisul
Title: Seguir

host-109.clevernetwork.pt

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 76

https://sender.clevernt.com/transporter/50495.php?ppuc=1&ppu=0&id=515912&ref=aHR0cHM6Ly93d3cuY29udHJvbGUubm90aXN1bC5jb20uYnIv&ruri=&r=803917774&tok=17405730109213750471&iv=-1&ctr=DE&sz=1200&wn=&res=1600x1200&landing=1&hei=360&ts=0.236 HTTP 302
https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328

Request Chain 148

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESEI7Qnl7zoAK5V74Q_TfjtdQ&google_cver=1&google_push=AYg5qPL843xHUm-unNsN89E7rQa1tBCHfxwKIJSm6X1_6_6CLEE80mFYNsVJkGRi-tZ7RsPLjTWh7IHg3RtulxL2HiZE5xMAxO7G HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI7Qnl7zoAK5V74Q_TfjtdQ&google_push=AYg5qPL843xHUm-unNsN89E7rQa1tBCHfxwKIJSm6X1_6_6CLEE80mFYNsVJkGRi-tZ7RsPLjTWh7IHg3RtulxL2HiZE5xMAxO7G

Request Chain 149

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEKo85jM0x1TQ1gLHHOhXeQI&google_cver=1&google_push=AYg5qPJcL6cwDDbd5QdYTl3VmF0Q9fnDCChsqDRHbrRRf5itdyjrtBFm1m3HLt1vQe405-7ih6af5R5Yt-vlPd2E4Ee7hOzgG-_5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJcL6cwDDbd5QdYTl3VmF0Q9fnDCChsqDRHbrRRf5itdyjrtBFm1m3HLt1vQe405-7ih6af5R5Yt-vlPd2E4Ee7hOzgG-_5

Request Chain 150

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENci07nPJ0Ud90JmXb_B36k&google_cver=1&google_push=AYg5qPJ9EI6qTO3H_KU0Vd6SFS3AIASC_Q_je1xT44vguYy9W8Fr2NDkH1XMe4FIvR061hgJ7NHvdk2BI-xn9CG-VMrYDJd2gksl HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ9EI6qTO3H_KU0Vd6SFS3AIASC_Q_je1xT44vguYy9W8Fr2NDkH1XMe4FIvR061hgJ7NHvdk2BI-xn9CG-VMrYDJd2gksl&google_hm=pGNF_9pTRka-c74csHcfTqs

Request Chain 151

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMs3kmSh1ZOpDzZ6a9VPMqg&google_cver=1&google_push=AYg5qPInUN-77u51cGrAdDIm_C9m4LxkbmpTgRHoRXCqodW-HOdNV0LHflqdrEzZJwCehnBpn5RVsksAgTGoER0y1UV1rcS0yHHd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMjkwMzYyMzA2NDYxNTA2Mg%3D%3D&google_push=AYg5qPInUN-77u51cGrAdDIm_C9m4LxkbmpTgRHoRXCqodW-HOdNV0LHflqdrEzZJwCehnBpn5RVsksAgTGoER0y1UV1rcS0yHHd

Request Chain 152

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEIv7BkbjxIZ74N9RyJHK_iw&google_cver=1&google_push=AYg5qPIyNRGzb6UpW8lZHQS-FtNBnEaBqR5halyCIIkNFwiXBONI2EASo0BTI_zMVMLUPuR1piWcAc07X_E12ANhTv66coAfPX18 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIyNRGzb6UpW8lZHQS-FtNBnEaBqR5halyCIIkNFwiXBONI2EASo0BTI_zMVMLUPuR1piWcAc07X_E12ANhTv66coAfPX18&google_hm=NTEwNDEzMTMyNDg1MTc1MzYwNQ%3D%3D

Request Chain 153

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4&google_cver=1&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl HTTP 302
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&s=184023&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQLwKObZYyhl&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4

Request Chain 156

https://fksnk.com/cs/google?google_gid=CAESEJXJBBoRWSOdccGGlphZsCw&google_cver=1&google_push=AYg5qPK-gd8tFYDeEmCTmcyhuixF_Yi8bJJ1-C4ft7yjt_C7egy9pKtzQjMplk5tYSQ1_lcdV-MDjCB26eRcjEFbOrKAeaY2VwwL HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzhCNjI5RTk2QjI2N0I4MA==

Request Chain 157

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEK2FhMnwqaqzgbFf-OHOLcg&google_cver=1&google_push=AYg5qPL0t3hCj7bGTvriQauZi8gh80wVfyG9w2IkMOBfnL7WL0p5EDM0xnAJQ0ljm5fuJsr_VMsxKiWYRp5ku3LhurkOygZKMSvY HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=a0kwwJWtRI9FR--51zTdsln5QKs&google_push=AYg5qPL0t3hCj7bGTvriQauZi8gh80wVfyG9w2IkMOBfnL7WL0p5EDM0xnAJQ0ljm5fuJsr_VMsxKiWYRp5ku3LhurkOygZKMSvY

Request Chain 158

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEExzl1fMVZ-2NLf9WC6ZYt0&google_cver=1&google_push=AYg5qPJP8aIsV0xkAncPeRWdIFESxBC_uKGWgU1PUYkVbTuAKC4uXIJ1AtMbjwVgeEL4Qskxe5XWW49GM7MHm_EfqmcX1kG1h1Ol HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1QxQlpBVjItMUotNDRNUQ==&google_push=AYg5qPJP8aIsV0xkAncPeRWdIFESxBC_uKGWgU1PUYkVbTuAKC4uXIJ1AtMbjwVgeEL4Qskxe5XWW49GM7MHm_EfqmcX1kG1h1Ol

Request Chain 162

https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA&av_tc=True HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA

Request Chain 165

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIGLkemtoqY41c7Wemm_NwY&google_cver=1&google_push=AYg5qPIfKsAVb0gcE1XEKIJ8mrMy_l4pp8si8CR_BkoFvmMweD8_scYGquNV5v4vNkd4vtilndHWib3rkoghqJtbWAd0i_g4mBbnmg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDIwOTA1NjM3NjI2NTEzNjcxOQ== HTTP 302
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEIGLkemtoqY41c7Wemm_NwY&google_cver=1

Request Chain 166

https://a.tribalfusion.com/i.match?p=b6&u=CAESEIE1qzCVQ8PxL0FrlvoSWoU&google_cver=1&google_push=AYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIE1qzCVQ8PxL0FrlvoSWoU&google_cver=1&google_push=AYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24

Request Chain 167

https://fksnk.com/cs/google?google_gid=CAESEJXJBBoRWSOdccGGlphZsCw&google_cver=1&google_push=AYg5qPKqzTNchd8RePe_b4mI_-0EQuNBJhKOeYxiB-7X-0RhBNHWqe7VCbUw4GHrrDX_Jg8xPyoFVPXleJiV2yw0EDHb_7a7gZ6xhw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Q0I2NjhBRjRCQjMzNkNFMw==

Request Chain 168

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEG0XMxbuL0qC8fhSmPnivhk&google_cver=1&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CVcIMvdRxb7ttBxVmYRTjmo6os0Q_q7WdLoDPB4UL_A HTTP 302
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEG0XMxbuL0qC8fhSmPnivhk&google_cver=1&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CVcIMvdRxb7ttBxVmYRTjmo6os0Q_q7WdLoDPB4UL_A&checkcookies=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ZD6KWalwTwPUu3sNw28dCw&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CVcIMvdRxb7ttBxVmYRTjmo6os0Q_q7WdLoDPB4UL_A

Request Chain 169

https://rtb.openx.net/sync/dds?google_gid=CAESEBsz9eo-flz2mfHDSZGKNjg&google_cver=1&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA HTTP 302
https://rtb.openx.net/sync/dds?google_gid=CAESEBsz9eo-flz2mfHDSZGKNjg&google_cver=1&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA&ox_sc=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA&google_hm=Doq-nCITzTE9qxNc7DQqYA==

Request Chain 170

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFHaUGE-Gyr_DQUIrio_L-s&google_cver=1&google_push=AYg5qPJAMq_nwy-GFjtQlLVsqR1YWUKz2UQDRU58xZtHRV3jQKMCrFPkuhg8zNe41RybLBvaIfzU-mOSf6hDP4FM4Co7_OLi0S_y HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJAMq_nwy-GFjtQlLVsqR1YWUKz2UQDRU58xZtHRV3jQKMCrFPkuhg8zNe41RybLBvaIfzU-mOSf6hDP4FM4Co7_OLi0S_y&google_hm=NzgzMzIyNDk2MzEzNTEwOTg4Nw%3D%3D

Request Chain 171

https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4&av_tc=True HTTP 302
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4

Request Chain 181

https://um.simpli.fi/gp_match?google_gid=CAESEFo5mPkSmPgXqEDszeH0818&google_cver=1&google_push=AYg5qPIWDgO9QWVPjiGiYIJgfggO13NihovTbihnFimseKBNg1YXBQN894l9v6UhuY_P3dfTEiqZ7Ygzht4-hqUT7TF-54_y0qrg HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=83C9518CCECE412CA781EC8FF141C820&google_push=AYg5qPIWDgO9QWVPjiGiYIJgfggO13NihovTbihnFimseKBNg1YXBQN894l9v6UhuY_P3dfTEiqZ7Ygzht4-hqUT7TF-54_y0qrg

Request Chain 182

https://fksnk.com/cs/google?google_gid=CAESEJXJBBoRWSOdccGGlphZsCw&google_cver=1&google_push=AYg5qPJmo1q6uZzlU_5eB1YY3RS7i2aq710pERG3o6FnZMOQ0PK_7y_6ijJtckJfKwDs9jd5Vaj6c_YzAYgc3vkY-s6JyUmHVOgt HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTY1RkY4NjIzREM3RTZDRQ==

Request Chain 183

https://ads.travelaudience.com/google_pixel?google_gid=CAESEMiib2DyXABLh4tlgfRBwV0&google_cver=1&google_push=AYg5qPKtosDCYMsYe9IHd_13b035eCIhAjAPope6NHJb8tRYlRZAbnJ4-oBpYxjlvYCGAxfQBUHlyKzprwKmUQhiMEXQDdXV9CY HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=nmTcV_HtTkSGIYXaeMHBIg2&google_push=AYg5qPKtosDCYMsYe9IHd_13b035eCIhAjAPope6NHJb8tRYlRZAbnJ4-oBpYxjlvYCGAxfQBUHlyKzprwKmUQhiMEXQDdXV9CY

Request Chain 184

https://a.c.appier.net/gcm?google_gid=CAESEBfxkK4Kdq29xpNHmfocqU0&google_cver=1&google_push=AYg5qPIOdPTQbzWNlpuhvuiuNaWiWZ_tneXqfwVT8zzdlVkLV9dEvdJRX3m1vp-f097_tTcz6zJAMsaPTt8ZTcPQoNGdO_XB02iZ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=SkhiZWpPQWNCZXV1T0FzUXYwOHZZUQ%3D%3D&google_push=AYg5qPIOdPTQbzWNlpuhvuiuNaWiWZ_tneXqfwVT8zzdlVkLV9dEvdJRX3m1vp-f097_tTcz6zJAMsaPTt8ZTcPQoNGdO_XB02iZ

Request Chain 185

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELkhINzjDBzkTGLcsu31bq4&google_cver=1&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVHraj4QX_ZkXnyisnesNCZ4x HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELkhINzjDBzkTGLcsu31bq4&google_cver=1&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVHraj4QX_ZkXnyisnesNCZ4x HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkwMjI3MDA1MTQ0OTE0Mzk0MQ&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVHraj4QX_ZkXnyisnesNCZ4x

Request Chain 186

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEIgA1jNo-irHK57P2APz0dU&google_cver=1&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefhcdQy7ThztWF8dM HTTP 302
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEIgA1jNo-irHK57P2APz0dU&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefhcdQy7ThztWF8dM&s=2 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefhcdQy7ThztWF8dM&google_hm=WDdSRlhMM2doVXVhdllaZXVhX3M=

Request Chain 187

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEKuko34uxIYy2xOGum5QCG8&google_cver=1&google_push=AYg5qPL1LJWXozTsv26hKvAoViBEISLNh8GqZcLJsruXjrAC9Vt2YhvmE2b5dGsum1220dVFpKPh93b9EH24q4lZ36H57Iiccfek HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-92da7c62-c7e3-4475-ac7d-9ec49cca35cd-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPL1LJWXozTsv26hKvAoViBEISLNh8GqZcLJsruXjrAC9Vt2YhvmE2b5dGsum1220dVFpKPh93b9EH24q4lZ36H57Iiccfek%26google_hm%3DA5LafGLH40R1rH2exJzKNc0 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPL1LJWXozTsv26hKvAoViBEISLNh8GqZcLJsruXjrAC9Vt2YhvmE2b5dGsum1220dVFpKPh93b9EH24q4lZ36H57Iiccfek&google_hm=A5LafGLH40R1rH2exJzKNc0

Request Chain 227

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidFy-qDwgxQcpnKjQCscghK0p3V_LnOSOUasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CIOs0dTC3fICFbXuuwgdVwIDiQ;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidFy-qDwgxQcpnKjQCscghK0p3V_LnOSOUasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidFy-qDwgxQcpnKjQCscghK0p3V_LnOSOUasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1630490559_bd7267a0-0b0b-11ec-a5ea-692d04ef6a29

Request Chain 237

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidgJ0UXytVh35DNP-fQfsI_-cX65dnw4ZPasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=COOv0dTC3fICFf3LEQgd4bsA2Q;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidgJ0UXytVh35DNP-fQfsI_-cX65dnw4ZPasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidgJ0UXytVh35DNP-fQfsI_-cX65dnw4ZPasuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1630490559_bd6d5e91-0b0b-11ec-bfe3-692d0dec5663

Request Chain 247

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CKS10dTC3fICFTJG5Qodh2YAIw;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1630490559_bd6484f0-0b0b-11ec-bfe3-692d0dec5663

Request Chain 257

https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidbge1j9-CYM67J-7eSrnHf7n7qBtwuU__asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://ad.doubleclick.net/ddm/trackimp/N38306.140903ZANOX.COMDE/B22845801.273544483;dc_pre=CL-z0dTC3fICFVqy3godw0MCow;dc_trk_aid=467891017;dc_trk_cid=64219029;ord=;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?https%3A%2F%2Fwww.awin1.com%2Fcawshow.php%3Fv=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidbge1j9-CYM67J-7eSrnHf7n7qBtwuU__asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://www.awin1.com/cawshow.php?v=11938&s=2542680&q=367022&r=412871&pv=1&pref3=oneid62Zcef3f6wmheHmHYtkt5kmt2T1T2qJoneid__asuidbge1j9-CYM67J-7eSrnHf7n7qBtwuU__asuid__dc_reach_suite02wkz&gdpr_consent=&gdpr=0&gdpr_pd=0 HTTP 302
https://banner.congstar.de/cookie/?sp=awin&spfr=412871&awc=11938_412871_1630490559_bd64ac00-0b0b-11ec-bfe3-692d0dec5663

259 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.controle.notisul.com.br/ 440 KB
42 KB 1339ms
700ms Document
text/html 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 3d6b43af673afcb6ce05ce9b3373b90de5b04cbdb8258f392241765cb5cb2091

Request headers

:method: GET
:authority: www.controle.notisul.com.br
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

server: nginx/1.20.1
date: Wed, 01 Sep 2021 10:02:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: serverdoID=cknf3vuhik976gaf28u3paku6e; path=/; domain=www.controle.notisul.com.br
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
access-control-allow-credentials: true
link: <https://controle.notisul.com.br/wp-json/>; rel="https://api.w.org/" <https://notisul.com.br/>; rel=shortlink
content-encoding: gzip

GET
H2 200 style.min.css
controle.notisul.com.br/wp-includes/css/dist/block-library/ 40 KB
6 KB 334ms
281ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-includes/css/dist/block-library/style.min.css?ver=5.3.2
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Fri, 27 Dec 2019 14:08:03 GMT
server: nginx/1.20.1
etag: W/"5e061043-a1fb"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 styles.css
controle.notisul.com.br/wp-content/plugins/contact-form-7/includes/css/ 2 KB
812 B 217ms
165ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.7
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 811e8960b8f79f14983e30df80a4ccc69d82430ccc0520d2a1a3d1405cfbb2a1

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Fri, 27 Mar 2020 14:47:00 GMT
server: nginx/1.20.1
etag: W/"5e7e11e4-6d2"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 style.css
controle.notisul.com.br/wp-content/plugins/td-composer/td-multi-purpose/ 68 KB
9 KB 331ms
279ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/td-composer/td-multi-purpose/style.css?ver=5a862b9d7c39671de80dd6dee389818b
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 59671205ce4d2ec4a037ba18847d2e02fddcce3eaed20a6a731161305b24aada

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Wed, 25 Mar 2020 18:29:57 GMT
server: nginx/1.20.1
etag: W/"5e7ba325-10ef8"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 css
fonts.googleapis.com/ 26 KB
2 KB 37ms
16ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&ver=9.8

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

dbadd77e024fb647c8d8e2401cb9e085ccc1eca374199553a173874ab3fcff37

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 08:36:59 GMT
server: ESF
date: Wed, 01 Sep 2021 10:02:36 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Sep 2021 10:02:36 GMT

GET
H2 200 front.min.css
controle.notisul.com.br/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 333ms
281ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/cookie-notice/css/front.min.css?ver=5.3.2
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 8c21cdf7be2219908a953d92fba153dcc7175f7ee238856bd9954da18b0e05dd

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 23:46:49 GMT
server: nginx/1.20.1
etag: W/"60b6c6e9-1568"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 style.css
controle.notisul.com.br/wp-content/themes/Newspaper/ 153 KB
25 KB 332ms
280ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/themes/Newspaper/style.css?ver=9.8
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: b66bd81ddd68c8a8d92e75565702cd63ca7d6af7a26fa44d6707859e64c7d8bf

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Wed, 23 Oct 2019 19:36:19 GMT
server: nginx/1.20.1
etag: W/"5db0abb3-26232"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 style.css
controle.notisul.com.br/wp-content/themes/Newspaper-child/ 463 B
377 B 332ms
280ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/themes/Newspaper-child/style.css?ver=9.8c
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 0bed32805b51f622cfceea9fccef37690edfe32a1e964e5b04fc62ac99e33fb7

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Fri, 27 Mar 2020 18:49:37 GMT
server: nginx/1.20.1
etag: W/"5e7e4ac1-1cf"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 td_legacy_main.css
controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/ 987 KB
94 KB 217ms
165ms Stylesheet
text/css 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=5a862b9d7c39671de80dd6dee389818b
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: ba33741f1b945cfb71d6fe3fb60628af0cb4cce7f464f84c43f5d6457b284272

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Wed, 25 Mar 2020 18:29:55 GMT
server: nginx/1.20.1
etag: W/"5e7ba323-f6c31"
vary: Accept-Encoding
content-type: text/css

GET
H2 200 jquery.js Show response
controle.notisul.com.br/wp-includes/js/jquery/ 95 KB
33 KB 333ms
282ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Wed, 23 Oct 2019 19:36:21 GMT
server: nginx/1.20.1
etag: W/"5db0abb5-17a69"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 jquery-migrate.min.js Show response
controle.notisul.com.br/wp-includes/js/jquery/ 10 KB
4 KB 441ms
390ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Wed, 23 Oct 2019 19:36:21 GMT
server: nginx/1.20.1
etag: W/"5db0abb5-2748"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 advanced.js Show response
controle.notisul.com.br/wp-content/plugins/advanced-ads/public/assets/js/ 8 KB
3 KB 440ms
389ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/advanced-ads/public/assets/js/advanced.js?ver=1.17.8
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 76141ad9154b037fa4d1cd707e805f19eb92a511bcdef1e88c73344dd54b8228

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: gzip
last-modified: Mon, 30 Mar 2020 17:32:34 GMT
server: nginx/1.20.1
etag: W/"5e822d32-1e7c"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 front.min.js Show response
controle.notisul.com.br/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 131ms
127ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.0.4
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 53c088f65c77c6b7af2804face3e267d4c1bf148177798a30fa3a15aa693c36f

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Tue, 01 Jun 2021 23:46:49 GMT
server: nginx/1.20.1
etag: W/"60b6c6e9-20b3"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 20ms
17ms Script
application/javascript 2a00:1450:4001:80e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-90417898-1

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3da526cf84cb9fa4d86558546572af442df9857367f7002f4af8a9e0e4a57fe1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:36 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 41223
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 01 Sep 2021 10:02:36 GMT

GET
H2 200 denakop.js Show response
v3.denakop.com/ 53 KB
17 KB 48ms
18ms Script
application/javascript 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://v3.denakop.com/denakop.js

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2372b89dea77bc9c1a006418bdeedfa47363b1a72de56a4a12fcc38a332cf18c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 1298
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Fri, 27 Aug 2021 19:54:02 GMT
server: cloudflare
etag: W/"612942da-d292"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript
vary: Accept-Encoding
cache-control: max-age=3600
cf-ray: 687da9fd4a521772-FRA
cf-bgj: minify

GET
H2 200 1674a5a2-6f3d-4f40-823c-22fcf4f6d6ac Show response
tags.premiumads.com.br/dfp/ 51 KB
17 KB 111ms
81ms Script
text/javascript 2606:4700:20::681a:e79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tags.premiumads.com.br/dfp/1674a5a2-6f3d-4f40-823c-22fcf4f6d6ac

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:e79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / ASP.NET

Resource Hash

db7ab89fc4a862af9c9f7d167dc83a95cede3ab9c1622c7e03ebba8ccb7d82d9

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 750907
x-powered-by: ASP.NET
last-modified: Mon, 23 Aug 2021 17:27:30 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=2592000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HUNCYjG4DMEv6g7pmjnRFuRwwGHmnXh5cnUUMhY1%2B6Q5OGlsjZny1URmYwG%2B5zcA0qtKkHec373BCYEWR5sunhr%2BpvBsNx4MN37D4LD%2B2y06%2BXtbRBrlFjEmvV%2BS4o0IosLAome1Wl10hDuLjWoavo0zKbY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: public, max-age=3600
cf-ray: 687da9fd4eab42c9-FRA
cf-bgj: minify

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ 138 KB
49 KB 53ms
50ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

494dc230d1af13c51e120665390d683d14fe664063cede8b467a9f7d7a096323

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49553
x-xss-protection: 0
server: cafe
etag: 15814572823861731209
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:02:37 GMT

GET
H2 200 wp-emoji-release.min.js Show response
controle.notisul.com.br/wp-includes/js/ 14 KB
5 KB 130ms
128ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-includes/js/wp-emoji-release.min.js?ver=5.3.2
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Fri, 27 Dec 2019 14:08:03 GMT
server: nginx/1.20.1
etag: W/"5e061043-362a"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 logo.png
www.controle.notisul.com.br/wp-content/themes/Newspaper-child/images/ 10 KB
10 KB 119ms
119ms Image
image/png 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.controle.notisul.com.br/wp-content/themes/Newspaper-child/images/logo.png
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 84440ae9f8a49cd8e9d5bd08e72f42df812ce95ddde49d5b358070e462da7860

Request headers

:path: /wp-content/themes/Newspaper-child/images/logo.png
pragma: no-cache
cookie: serverdoID=cknf3vuhik976gaf28u3paku6e
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.controle.notisul.com.br
referer: https://www.controle.notisul.com.br/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 30 Mar 2020 00:10:44 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "5e813904-28df"
content-length: 10463
content-type: image/png

GET
H2 200 brasil-passa-pelo-seu-aniversario-periodo-que-predispoe-a-mais-completa-revisao-de-nossos-propositos-conceitos-e-preconceitos-num-alinhamento-mais-condizente-com-o-futuro-do-resto-do-mundo-1-218x15...
notisul.com.br/wp-content/uploads/2021/08/ 10 KB
10 KB 671ms
231ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/08/brasil-passa-pelo-seu-aniversario-periodo-que-predispoe-a-mais-completa-revisao-de-nossos-propositos-conceitos-e-preconceitos-num-alinhamento-mais-condizente-com-o-futuro-do-resto-do-mundo-1-218x150.jpg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: b8d3717334ddf65e6f251d37cc0bc26103ec9f9ebd3a725c6765de92cf138d15

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 23 Aug 2021 23:04:02 GMT
server: nginx/1.18.0
etag: "61242962-2688"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 9864
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 luiz-henrique-astrologo-218x150.jpeg
notisul.com.br/wp-content/uploads/2021/03/ 2 KB
2 KB 666ms
234ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/03/luiz-henrique-astrologo-218x150.jpeg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: f7dbda62ac86ec02cb397c572b2f60c54356faa23302e984f549d5e30893d267

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 08 Mar 2021 17:34:01 GMT
server: nginx/1.18.0
etag: "60466009-768"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 1896
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 terra-9-218x150.jpeg
notisul.com.br/wp-content/uploads/2021/07/ 4 KB
5 KB 744ms
347ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/07/terra-9-218x150.jpeg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: defc04241ea2460c037903f3b0f95535c95c107f919b09b2bb44f829a35a3f9c

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Sat, 31 Jul 2021 17:38:01 GMT
server: nginx/1.18.0
etag: "61058a79-1154"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 4436
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 afiliado-banner-300x250.gif
www.controle.notisul.com.br/ 24 KB
24 KB 119ms
119ms Image
image/gif 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.controle.notisul.com.br/afiliado-banner-300x250.gif
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 0693d7fc7aad9bd58ce2ffe91a554690f7f96d4879e44d33be5cdc1adc7810b4

Request headers

:path: /afiliado-banner-300x250.gif
pragma: no-cache
cookie: serverdoID=cknf3vuhik976gaf28u3paku6e
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.controle.notisul.com.br
referer: https://www.controle.notisul.com.br/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Wed, 24 Feb 2021 21:25:09 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "6036c435-615f"
content-length: 24927
content-type: image/gif

GET
H2 200 8ae0917b30aa4cfec0e16cd6fd22ac5a Show response
www.tempo.com/wid_loader/ 915 B
733 B 67ms
32ms Script
application/javascript 2606:4700::6811:140e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tempo.com/wid_loader/8ae0917b30aa4cfec0e16cd6fd22ac5a

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:140e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1078de14de13c6056ea86f4bffb141bced7db929e8d3a6d646d1310ef2d9f584

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 163771
cf-ray: 687da9fe0e573248-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: User-Agent, Accept-Encoding
content-type: application/javascript
cache-control: max-age=31536000
x-robots-tag: none
meteored-site: br
expires: Tue, 30 Aug 2022 12:33:06 GMT

GET
H2 200 logo-rodape.png
notisul.com.br/wp-content/uploads/2020/03/ 5 KB
5 KB 591ms
233ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2020/03/logo-rodape.png
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: 13bc95bee4e1c7e98adba1f117c6e6d8275906b36fbe660d950dcc04e0e5f313

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 13 Apr 2020 21:17:42 GMT
server: nginx/1.18.0
etag: "5e94d6f6-125e"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 4702
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 scripts.js Show response
controle.notisul.com.br/wp-content/plugins/contact-form-7/includes/js/ 14 KB
4 KB 120ms
120ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.7
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Fri, 27 Mar 2020 14:47:00 GMT
server: nginx/1.20.1
etag: W/"5e7e11e4-3868"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 tagdiv_theme.min.js Show response
controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/js/ 223 KB
52 KB 126ms
122ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/js/tagdiv_theme.min.js?ver=9.8
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 4e8a9f91efa071fef1ae36b2178873b6c92e16a7d4a1087468e85609c2e68d85

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Wed, 25 Mar 2020 18:29:56 GMT
server: nginx/1.20.1
etag: W/"5e7ba324-37bf7"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 comment-reply.min.js Show response
controle.notisul.com.br/wp-includes/js/ 2 KB
1 KB 131ms
127ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-includes/js/comment-reply.min.js?ver=5.3.2
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 73eb139b1371aed55b1dce74b7258f2d90991c5294d69fce852c3eed1af40068

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Fri, 27 Dec 2019 14:08:03 GMT
server: nginx/1.20.1
etag: W/"5e061043-951"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 wp-embed.min.js Show response
controle.notisul.com.br/wp-includes/js/ 1 KB
885 B 131ms
127ms Script
application/javascript 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://controle.notisul.com.br/wp-includes/js/wp-embed.min.js?ver=5.3.2
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Fri, 27 Dec 2019 14:08:03 GMT
server: nginx/1.20.1
etag: W/"5e061043-577"
vary: Accept-Encoding
content-type: application/javascript

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 34ms
16ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js?ver=5.3.2
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b70aa192cf670ffbccd24885ff71e159e03c809b890abe15e74cce9f497dd8e5

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2690
etag: W/"3e792b2dc76a5a063e1c4f30d40ae527"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 687da9fe0c9d4dd6-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Sat, 04 Sep 2021 10:02:37 GMT

GET
DATA 200
OK truncated
/ 121 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a4b423bd3e84385d2bb624a55cddfaafe863235df9791628cb4fc0a9472d3f76

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET newspaper.woff
controle.notisul.com.br/wp-content/themes/Newspaper/images/icons/ 0
0

GET
H2 200 MuseoSans-300.ttf
www.controle.notisul.com.br/wp-content/themes/Newspaper-child/font/ 58 KB
58 KB 119ms
119ms Font
application/octet-stream 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.controle.notisul.com.br/wp-content/themes/Newspaper-child/font/MuseoSans-300.ttf
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 9625f2b4bfca25b70aaa98a9048a16e6fc6049fc19e7583fa7db3df65e80c170

Request headers

sec-fetch-mode: cors
origin: https://www.controle.notisul.com.br
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: serverdoID=cknf3vuhik976gaf28u3paku6e
:path: /wp-content/themes/Newspaper-child/font/MuseoSans-300.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.controle.notisul.com.br
referer: https://www.controle.notisul.com.br/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.controle.notisul.com.br
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Wed, 25 Mar 2020 18:26:30 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "5e7ba256-e7cc"
content-length: 59340
content-type: application/octet-stream

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A300italic%2C400%2C400italic%2C600%2C600italic%2C700%7CRoboto%3A300%2C400%2C400italic%2C500%2C500italic%2C700%2C900&ver=9.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 04:09:29 GMT
x-content-type-options: nosniff
age: 539587
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Aug 2022 04:09:29 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ 14 KB
14 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Thu, 26 Aug 2021 01:46:58 GMT
x-content-type-options: nosniff
age: 548139
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 26 Aug 2022 01:46:58 GMT

GET
H3-29 200 mem6YaGs126MiZpBA-UFUK0Zdc0.woff2
fonts.gstatic.com/s/opensans/v23/ 13 KB
13 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem6YaGs126MiZpBA-UFUK0Zdc0.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

aa4607112a6b3245394fee13973cf8cf8a22b727f919f60636436a945886005b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 09:49:45 GMT
x-content-type-options: nosniff
age: 346372
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13792
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:08 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 09:49:45 GMT

GET
H2 200 MuseoSans-500.ttf
www.controle.notisul.com.br/wp-content/themes/Newspaper-child/font/ 58 KB
58 KB 119ms
119ms Font
application/octet-stream 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://www.controle.notisul.com.br/wp-content/themes/Newspaper-child/font/MuseoSans-500.ttf
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 11d37d3b34be24fa29bd7c060b053845d0ec8a2b093252b243a6974b14ad1731

Request headers

sec-fetch-mode: cors
origin: https://www.controle.notisul.com.br
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: serverdoID=cknf3vuhik976gaf28u3paku6e
:path: /wp-content/themes/Newspaper-child/font/MuseoSans-500.ttf
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.controle.notisul.com.br
referer: https://www.controle.notisul.com.br/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://www.controle.notisul.com.br
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Wed, 25 Mar 2020 18:26:30 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "5e7ba256-e78c"
content-length: 59276
content-type: application/octet-stream

GET
H3-29 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v27/ 16 KB
16 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bb46ed079c3dd3c39af5051b4ada48f29f49151dad4fa218117bad2fdb5e616f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 12:23:16 GMT
x-content-type-options: nosniff
age: 77961
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15920
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:39 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 12:23:16 GMT

GET
H3-29 200 controle.notisul.com.br Show response
v3.denakop.com/ad-request/10432/desktop/ 1 KB
893 B 372ms
357ms Script
application/javascript 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://v3.denakop.com/ad-request/10432/desktop/controle.notisul.com.br

Requested by

Host: v3.denakop.com
URL: https://v3.denakop.com/denakop.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba4e10514b2e317b9994cd4872cf32de2c88f9fcd8fc7105ba0a2047b46ebd2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: https://www.controle.notisul.com.br
cache-control: private, max-age=1800
access-control-allow-credentials: true
cf-ray: 687da9fdfb0cd6cd-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 profiles.js Show response
d.tailtarget.com/ Frame 96D7 13 KB
6 KB 43ms
8ms Script
application/javascript 35.201.123.184
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.tailtarget.com/profiles.js
Requested by: Host: v3.denakop.com
URL: https://v3.denakop.com/denakop.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.123.184 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 184.123.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: b5de679f41d5e07318bf721f4877d6320d3e351d6cfd58a00471854e2503d48c

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 12:23:26 GMT
content-encoding: gzip
age: 77951
x-guploader-uploadid: ADPycdv30gICy5oKC3RlUzl2JmkixVHn5YylAdY4pXe9wGtQSF9xkFM-t9sCAQ7B4_5CW1VUDyc90oKcLRi1WXIjgTw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: clear
content-length: 5285
last-modified: Mon, 19 Apr 2021 15:43:34 GMT
server: UploadServer
etag: "603f25fd36318626ab410174bd3e1cd3"
x-goog-hash: crc32c=QOm0Sg==, md5=YD8l/TYxhiarQQF0vT4c0w==
content-language: en
x-goog-generation: 1618847014064238
cache-control: public, max-age=86400,no-transform
x-goog-stored-content-length: 5285
accept-ranges: bytes
content-type: application/javascript
expires: Wed, 01 Sep 2021 12:23:26 GMT

GET
H3-29 200 show_ads_impl_with_ama_fy2019.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108310101/ 250 KB
93 KB 30ms
29ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6829076079046894&plah=www.controle.notisul.com.br

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

789f22b18f4888fd4abfde82c10d9436d2ba5f7aa1107b0203ba386c688493cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95226
x-xss-protection: 0
server: cafe
etag: 17201458395757084847
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Wed, 01 Sep 2021 10:02:37 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20210830/r20190131/ Frame D704 10 KB
5 KB 6ms
5ms Document
text/html 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20210830/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf5230ffb8745d28c11ae8b743868364f9be8379300bd59d235f402a53ea96ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/html/r20210830/r20190131/zrt_lookup.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 31 Aug 2021 12:45:30 GMT
expires: Tue, 14 Sep 2021 12:45:30 GMT
content-type: text/html; charset=UTF-8
etag: 13836150016441684253
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4591
x-xss-protection: 0
cache-control: public, max-age=1209600
age: 76627
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-90417898-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd222137f245c06ddb4c4d44db41f12138dad6cf8ef5d4d4a5e500f38f0c8c62

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 11 Aug 2021 00:32:57 GMT
server: Golfe2
age: 4237
date: Wed, 01 Sep 2021 08:52:00 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19747
expires: Wed, 01 Sep 2021 10:52:00 GMT

GET
H2 200 placeholder-300x300.jpg
www.controle.notisul.com.br/wp-content/uploads/2019/12/ 5 KB
5 KB 119ms
119ms Image
image/jpeg 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.controle.notisul.com.br/wp-content/uploads/2019/12/placeholder-300x300.jpg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: 73c5ba44aecd2536f60c1b51cffa23e1a986c9117db0ad04540673b1857b0f79

Request headers

:path: /wp-content/uploads/2019/12/placeholder-300x300.jpg
pragma: no-cache
cookie: serverdoID=cknf3vuhik976gaf28u3paku6e
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.controle.notisul.com.br
referer: https://www.controle.notisul.com.br/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 30 Mar 2020 07:08:38 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "5e819af6-1459"
content-length: 5209
content-type: image/jpeg

GET
H2 200 profissional-de-saude-696x928.jpg
notisul.com.br/wp-content/uploads/2021/08/ 19 KB
19 KB 411ms
119ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/08/profissional-de-saude-696x928.jpg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: b1cb393899b7c5bd2424eb6a28d0ae63f2f45d04e6e839435a58a0587ccf24ee

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Tue, 31 Aug 2021 20:06:02 GMT
server: nginx/1.18.0
etag: "612e8baa-4b58"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 19288
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 profile Show response
d.t.tailtarget.com/ Frame 96D7 92 B
268 B 135ms
103ms Script
application/x-javascript 34.102.185.99
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://d.t.tailtarget.com/profile
Requested by: Host: d.tailtarget.com
URL: https://d.tailtarget.com/profiles.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.102.185.99 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 99.185.102.34.bc.googleusercontent.com
Software: nginx/1.17.8 /
Resource Hash: e593d32d2b3c25b54c4632fc55d4c55cce4154e0bfaeb75883da07b742e762dc

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
last-modified: Thu, 30 Jan 2020 20:26:00 GMT
server: nginx/1.17.8
etag: W/"5e333bd8-5c"
vary: Accept-Encoding, Accept-Encoding
content-type: application/x-javascript
via: 1.1 google
cache-control: max-age=3600
alt-svc: clear
expires: Wed, 01 Sep 2021 11:02:37 GMT

GET
H2 200 brasil-passa-pelo-seu-aniversario-periodo-que-predispoe-a-mais-completa-revisao-de-nossos-propositos-conceitos-e-preconceitos-num-alinhamento-mais-condizente-com-o-futuro-do-resto-do-mundo-1-696x38...
notisul.com.br/wp-content/uploads/2021/08/ 46 KB
47 KB 573ms
342ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/08/brasil-passa-pelo-seu-aniversario-periodo-que-predispoe-a-mais-completa-revisao-de-nossos-propositos-conceitos-e-preconceitos-num-alinhamento-mais-condizente-com-o-futuro-do-resto-do-mundo-1-696x386.jpg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: b6d0a1536cc827c587b6558e057c52b5048ce6919e354807d6b9f0a63350c8c9

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 23 Aug 2021 23:04:02 GMT
server: nginx/1.18.0
etag: "61242962-b8fe"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 47358
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 luiz-henrique-astrologo-696x928.jpeg
notisul.com.br/wp-content/uploads/2021/03/ 27 KB
27 KB 344ms
343ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/03/luiz-henrique-astrologo-696x928.jpeg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: d3f71c38147fe8a55c55175f288546853806026a80ca228fe3922726915c2990

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Mon, 08 Mar 2021 17:34:02 GMT
server: nginx/1.18.0
etag: "6046600a-6ad4"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 27348
expires: Wed, 08 Sep 2021 10:02:37 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:809::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j93&a=68556776&t=pageview&_s=1&dl=https%3A%2F%2Fwww.controle.notisul.com.br%2F&ul=en-us&de=UTF-8&dt=P%C3%A1gina%20inicial%20-%20Notisul&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=881182254&gjid=1565314523&cid=1354320327.1630490557&tid=UA-90417898-1&_gid=660392440.1630490557&_r=1&gtm=2ou8u0&z=675246167

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:37 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.controle.notisul.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 cookie.js Show response
partner.googleadservices.com/gampad/ 204 B
263 B 17ms
17ms Script
text/javascript 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://partner.googleadservices.com/gampad/cookie.js?domain=www.controle.notisul.com.br&callback=_gfp_s_&client=ca-pub-6829076079046894

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202108310101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-6829076079046894&plah=www.controle.notisul.com.br

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

cafe /

Resource Hash

81e2b437f996fb97183fd8095fc614c776bac43f57248a4c005b99b1e7ab1065

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: text/javascript; charset=UTF-8
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 194
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:811::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.controle.notisul.com.br

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 20ms
20ms Script
application/javascript 2a00:1450:4001:810::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.controle.notisul.com.br

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
googleads.g.doubleclick.net/pagead/ Frame CBA8 0
19 B 61ms
61ms Document
text/html 2a00:1450:4001:800::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6829076079046894&output=html&adk=1812271804&adf=3025194257&lmt=1630490557&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.controle.notisul.com.br%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630490557128&bpp=4&bdt=620&idt=145&shv=r20210830&mjsv=m202108310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2810586353350&frm=20&pv=2&ga_vid=1354320327.1630490557&ga_sid=1630490557&ga_hid=68556776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44748552%2C31062297%2C31062311&oid=3&pvsid=1872472458565947&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=164

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/ads?client=ca-pub-6829076079046894&output=html&adk=1812271804&adf=3025194257&lmt=1630490557&plat=8%3A134217728%2C9%3A134250504%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fwww.controle.notisul.com.br%2F&ea=0&flash=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..&dt=1630490557128&bpp=4&bdt=620&idt=145&shv=r20210830&mjsv=m202108310101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2810586353350&frm=20&pv=2&ga_vid=1354320327.1630490557&ga_sid=1630490557&ga_hid=68556776&ga_fc=0&u_tz=120&u_his=2&u_java=0&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug=0&u_nmime=0&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=44748552%2C31062297%2C31062311&oid=3&pvsid=1872472458565947&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=164
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 01 Sep 2021 10:02:37 GMT
server: cafe
content-length: 0
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Wed, 01-Sep-2021 10:17:37 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 01 Sep 2021 10:02:37 GMT
cache-control: private

GET
H2 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 72 KB
27 KB 20ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9973d4837254463d18af1f1fa3d201f5c46270b8516e1d1fa0886e14e1c39334

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630322975956640"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27566
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:37 GMT

GET
H3-29 200 8ae0917b30aa4cfec0e16cd6fd22ac5a Show response
www.tempo.com/getwid/ Frame 6428 7 KB
2 KB 78ms
66ms Document
text/html 2606:4700::6811:140e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a

Requested by

Host: www.tempo.com
URL: https://www.tempo.com/wid_loader/8ae0917b30aa4cfec0e16cd6fd22ac5a

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:140e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

48fd0e8c2733a6d89467e9d7014c1a6c2a289a3648b8ec27355679706030683f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.tempo.com
:scheme: https
:path: /getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-type: text/html;charset=UTF-8
cf-ray: 687da9ff2c2842db-FRA
age: 18
cache-control: max-age=300
expires: Wed, 01 Sep 2021 10:07:19 GMT
vary: Accept-Encoding, User-Agent
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
meteored-site: br
x-content-type-options: nosniff
x-robots-tag: none
x-xss-protection: 1; mode=block
server: cloudflare
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
93 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c09::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j93&tid=UA-90417898-1&cid=1354320327.1630490557&jid=881182254&gjid=1565314523&_gid=660392440.1630490557&_u=YEBAAUAAAAAAAC~&z=773836943

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c09::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 01 Sep 2021 10:02:37 GMT
content-type: text/plain
access-control-allow-origin: https://www.controle.notisul.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 sddefault-1.jpg
notisul.com.br/wp-content/uploads/2021/03/ 9 KB
10 KB 344ms
343ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/03/sddefault-1.jpg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: 6967737662d3ea5aa266291c56f8234c6735fe1e743671551bad3512cadec6bc

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Wed, 31 Mar 2021 17:30:01 GMT
server: nginx/1.18.0
etag: "6064b199-2544"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 9540
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 abel-ribeiro-696x464.jpg
notisul.com.br/wp-content/uploads/2021/08/ 31 KB
31 KB 344ms
343ms Image
image/webp 190.89.239.74
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://notisul.com.br/wp-content/uploads/2021/08/abel-ribeiro-696x464.jpg
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 190.89.239.74 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us185.serverdo.in
Software: nginx/1.18.0 /
Resource Hash: eb072bf039d11f10543b7ce3a6134d5d32703162805fbe136921c467b0f077ce

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Sat, 28 Aug 2021 15:02:02 GMT
server: nginx/1.18.0
etag: "612a4fea-7b04"
vary: Accept, Accept
content-type: image/webp
cache-control: max-age=604800
accept-ranges: bytes
content-length: 31492
expires: Wed, 08 Sep 2021 10:02:37 GMT

GET
H2 200 elements.png
controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/sprite/ 4 KB
4 KB 119ms
119ms Image
image/png 190.89.239.42
HVC-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/assets/images/sprite/elements.png
Requested by: Host: controle.notisul.com.br
URL: https://controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=5a862b9d7c39671de80dd6dee389818b
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 190.89.239.42 , Brazil, ASN29802 (HVC-AS, US),
Reverse DNS: us134.serverdo.in
Software: nginx/1.20.1 /
Resource Hash: f6287abfc98a913c318b4348a67f84a2d5432ee57f2ece29904a76fb4eff1167

Request headers

Referer: https://controle.notisul.com.br/wp-content/plugins/td-composer/legacy/Newspaper/assets/css/td_legacy_main.css?ver=5a862b9d7c39671de80dd6dee389818b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
last-modified: Wed, 25 Mar 2020 18:29:56 GMT
server: nginx/1.20.1
accept-ranges: bytes
etag: "5e7ba324-10e4"
content-length: 4324
content-type: image/png

GET
H3-29 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v23/ 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c73575543a5c99018f842960f9882edaa0918965ea856e91de9717a0d58d3f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.controle.notisul.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 14:28:00 GMT
x-content-type-options: nosniff
age: 70477
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15112
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:34 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 14:28:00 GMT

GET
H2 200 21fba95e8eb64be8bcdfc09d18a5f823.min.js Show response
clevernt.com/scripts/ 120 KB
51 KB 44ms
21ms Script
text/javascript 2606:4700:20::681a:a75
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://clevernt.com/scripts/21fba95e8eb64be8bcdfc09d18a5f823.min.js?20210519=1630490557353
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:a75 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1336bb82ea68d0d163cbd4cc1498ab3ae513bbdc879ae96ff7a9a9c922e2608d

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1497
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: GS9PM9MSYJS3XYBH
x-amz-id-2: wRbDm+Z7g9DwwNbsEI5yNXuCwa5h98IwLJoiH6qSHa4vv2P4bHLymC/22szv/hmIqG7pgWg/I20=
last-modified: Wed, 01 Sep 2021 05:16:24 GMT
server: cloudflare
etag: W/"f985823d6d01ccfd85df26bee45a0f27"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CgVyJOv%2FZkQszalJDR7nhh30AUz9vFXLOdnwYR0zF8RJF7dMLwVNkraYRVrtzxMoMWrEyLEyPvWx%2FvnTSGreTq8teZZlscxhJs31S8p4mY57okiq2jCCbJeoasgWciaWqdpCZ3LuiZOfgA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript
cache-control: max-age=1800
cf-ray: 687da9ff9c2dd6f1-FRA

GET newspaper.ttf
controle.notisul.com.br/wp-content/themes/Newspaper/images/icons/ 0
0

GET
H2 200 docallbackinfocb0bbb0a71f849619308b63666cd90a9.js Show response
ui.clevernt.com/ 695 B
1017 B 221ms
77ms Script
text/javascript 148.69.64.109
VODAFONE-PT Vodaf...

General

Check archive.org

Show headers Download Go to

Full URL

https://ui.clevernt.com/docallbackinfocb0bbb0a71f849619308b63666cd90a9.js

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

148.69.64.109 Gondomar, Portugal, ASN12353 (VODAFONE-PT Vodafone Portugal, PT),

Reverse DNS

Software

nginx /

Resource Hash

9e986c8392fc1d119a18a7eae9fa3c25a32037b4d27c0725d56d22902561d7ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: cache
date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: max-age=3600
strict-transport-security: max-age=15768000
expires: Wed, 01 Sep 2021 11:02:37 GMT

GET
H3-29 200 big-2.png
www.tempo.com/css/images/widget/g20/new/ Frame 6428 588 B
998 B 18ms
17ms Image
image/webp 2606:4700::6811:140e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tempo.com/css/images/widget/g20/new/big-2.png
Requested by: Host: www.tempo.com
URL: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:140e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7a769687b2db4875c6fcab89852f3c65c328f49418c77debcb2be42e382ed6ce

Request headers

Referer: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
cf-cache-status: HIT
age: 164659
cf-polished: origFmt=png, origSize=51569
content-disposition: inline; filename="big-2.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 588
last-modified: Fri, 27 Aug 2021 12:10:24 GMT
server: cloudflare
etag: "6128d630-c971"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Tue, 30 Aug 2022 12:18:18 GMT
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 687daa002ec042db-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 small-2.png
www.tempo.com/css/images/widget/g20/new/ Frame 6428 310 B
721 B 18ms
18ms Image
image/webp 2606:4700::6811:140e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tempo.com/css/images/widget/g20/new/small-2.png
Requested by: Host: www.tempo.com
URL: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:140e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9e5e010c6d9a1e946993001e7503bbe1cb6fd54b133b4dc8e4c108952fa2ba7c

Request headers

Referer: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
cf-cache-status: HIT
age: 164660
cf-polished: origFmt=png, origSize=48870
content-disposition: inline; filename="small-2.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 310
last-modified: Fri, 27 Aug 2021 12:10:24 GMT
server: cloudflare
etag: "6128d630-bee6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Tue, 30 Aug 2022 12:18:17 GMT
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 687daa002ec542db-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 small-6.png
www.tempo.com/css/images/widget/g20/new/ Frame 6428 378 B
790 B 18ms
18ms Image
image/webp 2606:4700::6811:140e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tempo.com/css/images/widget/g20/new/small-6.png
Requested by: Host: www.tempo.com
URL: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:140e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9a308ccd4393f4b81a37d1eb5cfdebcfb41bd8313d1c9da583a312f765bcb8e1

Request headers

Referer: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
cf-cache-status: HIT
age: 164837
cf-polished: origFmt=png, origSize=52064
content-disposition: inline; filename="small-6.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 378
last-modified: Fri, 27 Aug 2021 12:10:24 GMT
server: cloudflare
etag: "6128d630-cb60"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Tue, 30 Aug 2022 12:15:20 GMT
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 687daa002ec742db-FRA
cf-bgj: imgq:85,h2pri

GET
H3-29 200 small-3.png
www.tempo.com/css/images/widget/g20/new/ Frame 6428 330 B
742 B 19ms
19ms Image
image/webp 2606:4700::6811:140e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.tempo.com/css/images/widget/g20/new/small-3.png
Requested by: Host: www.tempo.com
URL: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6811:140e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2980625ad01cf166c6f33b6b3a19bb3b1eb97f92f0417faa6265893ade0557d1

Request headers

Referer: https://www.tempo.com/getwid/8ae0917b30aa4cfec0e16cd6fd22ac5a
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
cf-cache-status: HIT
age: 164660
cf-polished: origFmt=png, origSize=49793
content-disposition: inline; filename="small-3.webp"
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 330
last-modified: Fri, 27 Aug 2021 12:10:24 GMT
server: cloudflare
etag: "6128d630-c281"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept
content-type: image/webp
expires: Tue, 30 Aug 2022 12:18:17 GMT
cache-control: max-age=31536000
accept-ranges: bytes
cf-ray: 687daa002ec842db-FRA
cf-bgj: imgq:85,h2pri

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 71 KB
25 KB 42ms
19ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: v3.denakop.com
URL: https://v3.denakop.com/denakop.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

sffe /

Resource Hash

9b48c3e5ecb25b89a6de642ae7cd7fa5648d56ec70059e215a5aa87cfb09a107

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "974 / 214 of 1000 / last-modified: 1630486726"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24930
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:37 GMT

GET
H3-29 200 prebid.js Show response
v3.denakop.com/ 192 KB
59 KB 27ms
26ms Script
application/javascript 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://v3.denakop.com/prebid.js

Requested by

Host: v3.denakop.com
URL: https://v3.denakop.com/denakop.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0ee946834c430305a1de1bbd6694248cb0aae72fd3718b84413bd7d4c2228fd0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 206
cf-polished: origSize=196277
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 16 Aug 2021 15:23:59 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"611a830f-2feb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=3600
cf-ray: 687daa004f0bd6cd-FRA
cf-bgj: minify

POST
H2 204 bids Show response
prebid-us.creativecdn.com/bidder/prebid/ 0
189 B 313ms
104ms XHR
text/plain 185.184.10.30
RTB-HOUSE-ASH

General

Check archive.org

Show headers Download Go to

Full URL: https://prebid-us.creativecdn.com/bidder/prebid/bids
Requested by: Host: v3.denakop.com
URL: https://v3.denakop.com/prebid.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS: ip-185-184-10-30.rtbhouse.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.controle.notisul.com.br
date: Wed, 01 Sep 2021 10:02:37 GMT
access-control-allow-credentials: true
access-control-max-age: 3600
vary: Origin
access-control-allow-methods: POST

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
709 B 49ms
17ms XHR
application/json 185.33.221.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: v3.denakop.com
URL: https://v3.denakop.com/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Sep 2021 10:02:37 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 5a77a72f-623f-4685-8669-f06ed949b6a7
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.controle.notisul.com.br
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
487 B 249ms
215ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a96983d017575db4b3edb9bcb9e0017&cmd=bid&secure=1
Requested by: Host: v3.denakop.com
URL: https://v3.denakop.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 421a37d2ba1b271264e1eb6f96a0d9ef057ac34797eff23a6f9735f18405c45c

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Sep 2021 10:02:37 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.controle.notisul.com.br
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
487 B 129ms
95ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a96983d017575db4b3edb9cb50d0018&cmd=bid&secure=1
Requested by: Host: v3.denakop.com
URL: https://v3.denakop.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 29d757d2dd6f2f9b9eb7119661bddb92a175d788dfe906b4c59fcfc16ee0f61f

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Sep 2021 10:02:37 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.controle.notisul.com.br
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

GET
H/1.1 200
OK bidRequest Show response
c2shb.ssp.yahoo.com/ 62 B
487 B 124ms
90ms XHR
application/json 52.28.203.152
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a96983d017575db4b3edb9d8d750019&cmd=bid&secure=1
Requested by: Host: v3.denakop.com
URL: https://v3.denakop.com/prebid.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 52.28.203.152 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-28-203-152.eu-central-1.compute.amazonaws.com
Software: ATS/7.1.2.138 /
Resource Hash: 05dc2bbf5f5562ac6ba4057108bcdf0ac9ae2c8ea1d850078a1932980318b03c

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Date: Wed, 01 Sep 2021 10:02:37 GMT
Server: ATS/7.1.2.138
Age: 0
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
Access-Control-Allow-Methods: POST,GET,HEAD,OPTIONS
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://www.controle.notisul.com.br
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 62

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ 19 B
709 B 52ms
21ms XHR
application/json 185.33.221.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: v3.denakop.com
URL: https://v3.denakop.com/prebid.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

0c09c070833c786cb25be38bc30992b30bad578f817dbc9e34beacd8b8ea44c5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Wed, 01 Sep 2021 10:02:37 GMT
X-Proxy-Origin: 89.249.64.171; 89.249.64.171; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 8da440bb-9e56-4eb0-83f2-f45644a856aa
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.controle.notisul.com.br
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 19
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3-29 200 pubads_impl_2021083001.js Show response
securepubads.g.doubleclick.net/gpt/ 333 KB
117 KB 24ms
23ms Script
text/javascript 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

46ac864eaef04f0b4124dd8bda16a352d8287c4a9a8fa66bba86f5def26b3037

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 30 Aug 2021 08:40:06 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119248
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:37 GMT

GET
H3-29 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 150 B
134 B 25ms
24ms XHR
application/json 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.controle.notisul.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

1974bb481a63d6a45e70a321aa287a88501dbafbef2abbb18e8689d158ff40c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 109
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:37 GMT

GET
H2

200

/ Show response
lp.clevernetwork.pt/bet365/geo/de/grp1/ Frame 097B
Redirect Chain

https://sender.clevernt.com/transporter/50495.php?ppuc=1&ppu=0&id=515912&ref=aHR0cHM6Ly93d3cuY29udHJvbGUubm90aXN1bC5jb20uYnIv&ruri=&r=803917774&tok=17405730109213750471&iv=-1&ctr=DE&sz=1200&wn=&res...
https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328

4 KB
1 KB

111ms
83ms

Document
text/html

2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b6bd137ab809bcd0a5952112713cc407fa333f2b76268285183043a97b2e8874

Request headers

:method: GET
:authority: lp.clevernetwork.pt
:scheme: https
:path: /bet365/geo/de/grp1/?affiliate=365_01068328
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-type: text/html
x-amz-id-2: 8CGf18Lj2+lTzBgmVrGUV9rajhZb3EAuuIZdycNho3GEk7BcD+1i2aYo2ujcYas8eQVGtZJnJAk=
x-amz-request-id: ZA83MK2QJV88Y2NM
last-modified: Sun, 29 Aug 2021 21:55:21 GMT
cache-control: max-age=1800
cf-cache-status: REVALIDATED
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ESJqZazMCAin4lxYOeVjKVOmvD7PwaJYHhfk9pfhIkmTZR4G%2Bvt3%2Fq7rZ1IuWnVMtoGd1rJC75rnymKbW6usABS%2FSeb0i9xrvg8fYN%2FdjNRvrdMG99%2B5I9jM856IpoZSs6alYfnv3CXyP2xEO7EC8M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 687daa034e970609-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

Redirect headers

server: nginx
date: Wed, 01 Sep 2021 10:02:37 GMT
content-type: text/html; charset=UTF-8
location: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
set-cookie: hstpv4user=eyJJRCI6IjE2ODAwNTY5d2FuNjEyZjRmYmRkNThmZiIsIkNUUiI6IkRFIiwiUmVnaW9uIjpudWxsLCJCcm93c2VyIjoiQ2hyb21lIiwiUGxhdGZvcm0iOiJXaW5kb3dzIiwiTW9iaWxlIjowLCJCb3QiOjAsInJlbW90ZV9hZGRyIjoiMTUwOTUwNzI0MyIsIkxhc3RVcGRhdGUiOjE2MzA0OTA1NTd9; expires=1662026557; path=/; domain=.clevernt.com; SameSite=None; Secure
expires: Fri, 27 Jun 1986 23:00:00 GMT
last-modified: Wed, 01 Sep 2021 10:02:37 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0 post-check=0, pre-check=0
pragma: no-cache

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f0275273984e78ca6824c6944f8d8bebcb3d7e441fbab8ee380508c3991ef347

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/gif

GET
H3-29 200 api.gif
v3.denakop.com/ 0
346 B 352ms
352ms Image
image/gif 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://v3.denakop.com/api.gif?a=10432&d=desktop&b=Chrome&o=Windows&u=ONR%2FOtweSR6jZEHIkdX3Yw%2F0&v=5.0.0&sw=1600&sh=1200&ac=a&aa=first&p=https%3A%2F%2Fwww.controle.notisul.com.br%2F&t=1630490557891&cb=0.8351246260529197

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/gif
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
accept-ranges: bytes
cf-ray: 687daa02dad9d6cd-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 25ms
24ms Script
application/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.controle.notisul.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 24ms
22ms Script
application/javascript 2a00:1450:4001:80e::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.controle.notisul.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 01 Sep 2021 10:02:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 84 KB
18 KB 310ms
309ms XHR
text/plain 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=1872472458565947&correlator=868913739053448&output=ldjh&impl=fifs&eid=31062445%2C31062449%2C21068110%2C44748552%2C31062297%2C31062311&vrg=2021083001&ptt=17&sc=1&sfv=1-0-38&ecs=20210901&iu_parts=21715141650%2Cdesktop_first%2Cdesktop_scroll%2Cdesktop_side%2Cdesktop_under&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4&prev_iu_szs=970x90%7C728x90%7C970x250%7C728x180%2C970x90%7C728x90%7C970x250%7C728x180%2C160x600%7C120x600%7C120x450%2C970x90%7C728x90&prev_scp=dk_refresh%3Dtrue%26index%3D1%26hostname%3Dwww.controle.notisul.com.br%26pathname%3D%252F%26device%3Ddesktop%26auto_ad%3Dfirst%26account_id%3D10432%7Cdk_refresh%3Dtrue%26index%3D1%26hostname%3Dwww.controle.notisul.com.br%26pathname%3D%252F%26device%3Ddesktop%26auto_ad%3Dscroll%26account_id%3D10432%7Cdk_refresh%3Dtrue%26index%3D1%26hostname%3Dwww.controle.notisul.com.br%26pathname%3D%252F%26device%3Ddesktop%26auto_ad%3Dside%26account_id%3D10432%7Cdk_refresh%3Dtrue%26index%3D1%26hostname%3Dwww.controle.notisul.com.br%26pathname%3D%252F%26device%3Ddesktop%26auto_ad%3Dunder%26account_id%3D10432&cookie=ID%3D153602caf5197b53-2240ccdb62ca003c%3AT%3D1630490557%3ART%3D1630490557%3AS%3DALNI_MbRLyy9n77tJ9mjnlaBEY2oJ5WNWg&bc=31&abxe=1&lmt=1630490557&dt=1630490557904&dlt=1630490556508&idt=1109&frm=20&biw=1600&bih=1200&oid=3&adxs=315%2C315%2C0%2C0&adys=218%2C1598%2C1%2C1&adks=2239546122%2C3986289818%2C3796150973%2C3327837903&ucis=1%7C2%7C3%7C4&ifi=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=120&u_java=false&flash=0&url=https%3A%2F%2Fwww.controle.notisul.com.br%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1600x-1%7C1600x-1%7C160x-1%7C970x-1&msz=1600x-1%7C1600x-1%7C160x-1%7C970x-1&ga_vid=1354320327.1630490557&ga_sid=1630490557&ga_hid=68556776&ga_fc=false&fws=4%2C4%2C512%2C512&ohw=1600%2C1600%2C0%2C0&btvi=0%7C1%7C0%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.23.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

52003b2a2b8fe02d0be29530ae91afd460e8ee86e048fef4e632a6f7fd3d177d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17979
x-xss-protection: 0
google-lineitem-id: -1,-1,-1,-1
pragma: no-cache
server: cafe
google-creative-id: -1,-1,-1,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.controle.notisul.com.br
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2BD1 6 KB
3 KB 28ms
14ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 01 Sep 2021 10:02:37 GMT
expires: Thu, 01 Sep 2022 10:02:37 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 api.gif
v3.denakop.com/ 0
346 B 350ms
349ms Image
image/gif 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://v3.denakop.com/api.gif?a=10432&d=desktop&b=Chrome&o=Windows&u=ONR%2FOtweSR6jZEHIkdX3Yw%2F0&v=5.0.0&sw=1600&sh=1200&ac=a&aa=scroll&p=https%3A%2F%2Fwww.controle.notisul.com.br%2F&t=1630490557915&cb=0.47882372829293507

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/gif
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
accept-ranges: bytes
cf-ray: 687daa02fb0cd6cd-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H3-29 200 api.gif
v3.denakop.com/ 0
346 B 362ms
361ms Image
image/gif 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://v3.denakop.com/api.gif?a=10432&d=desktop&b=Chrome&o=Windows&u=ONR%2FOtweSR6jZEHIkdX3Yw%2F0&v=5.0.0&sw=1600&sh=1200&ac=a&aa=side&p=https%3A%2F%2Fwww.controle.notisul.com.br%2F&t=1630490557915&cb=0.2538071654687679

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/gif
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
accept-ranges: bytes
cf-ray: 687daa02fb0fd6cd-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H3-29 200 api.gif
v3.denakop.com/ 0
346 B 373ms
373ms Image
image/gif 2606:4700:10::6816:4a5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://v3.denakop.com/api.gif?a=10432&d=desktop&b=Chrome&o=Windows&u=ONR%2FOtweSR6jZEHIkdX3Yw%2F0&v=5.0.0&sw=1600&sh=1200&ac=a&aa=under&p=https%3A%2F%2Fwww.controle.notisul.com.br%2F&t=1630490557916&cb=0.9703718135276922

Requested by

Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:10::6816:4a5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.controle.notisul.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
x-content-type-options: nosniff
cf-cache-status: BYPASS
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
content-type: image/gif
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
accept-ranges: bytes
cf-ray: 687daa02fb12d6cd-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 0
expires: Sun, 01 Jan 2014 00:00:00 GMT

GET
H3-29 200 style.css
lp.clevernetwork.pt/bet365/geo/de/grp1/ Frame 097B 11 KB
2 KB 40ms
31ms Stylesheet
text/css 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/style.css?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 122c68ef5b96850581f49f5a40038c8b540df6f61fb1050a579396326ed19898

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1067
cf-polished: origSize=11951
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: J6XSCXSA41CHJ192
x-amz-id-2: ftKXB/X8vTlqQBdZSFxb7YZNyZpc5qXzjzIZHxp4bA6I76at2Ak/LSmWu67Aom7ZsmN+xtZhny8=
last-modified: Fri, 23 Jul 2021 10:09:46 GMT
server: cloudflare
etag: W/"833f25b02f9e17296087a44433aecf14"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LuUL9ew9pzl2lYYRP2Yqg2LLFcnToGuJ6L2IxeMqxF7ve5rxsnTJx1aQQa8TtcJBulMRoqP%2FuJ4rtP6%2FG0KI93D%2BaErRHf2bJKuvIwHVxjs17rMKA0wXKDUzQ6qB6redlpmLRm5HWhLRsPmdpAHBpgQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: max-age=1800
cf-ray: 687daa03df464e50-FRA
cf-bgj: minify

GET
H3-29 200 ad.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 2 KB
2 KB 39ms
31ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ad.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e751e48f4e7ea27901a50cce0a3e5b695ede7cab50058c4cc51c4a7435d02b7d

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1151
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG3E5R7Z7FX9XQTA
x-amz-id-2: AiImPAY5yFis3TQhCKe04Lji0cr1hMXU52+uZRuoQNAQEwyvcs2mYDa3EBVqDegKjBCxePZnw5A=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"479e7dbe9215ddc11cd4defff4f3eb85"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WE3Xl4ixesvQhwgUi07E0GvrClSDk2OLqBO8GqqZUVkVRKhJFDklrh%2BptQiWlf%2FmzTQ%2BPEVZJHXAUc6DZMLWY6FV1yjXzIsoZ93hx8FM0c77MJZNs9NoIj3ium8LMLjOJKkO7Gs76X7WnZy9zlGT4OA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df3d4e50-FRA

GET
H3-29 200 logo.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 2 KB
2 KB 28ms
20ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/logo.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df3876c55c0fe527bea47b37cfe3479040325194f3df7d2b077794ef6d584470

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2246
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: Y7QDSAR3ATFZ9BKG
x-amz-id-2: XUuEXH3lTSa37PCY2QbXenAXIwtu1JKJZgNM7fKOjTWY88mNyfvhyGwv2IomvC6bHs9cPlHqGys=
last-modified: Tue, 03 Aug 2021 17:34:36 GMT
server: cloudflare
etag: W/"89cc1efb4630095200908a2c0e01275c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=m8RwP0qBmhK7nGRHfp3W5z1MRPD7R%2Ff1K%2BFwZ0pW39CCUDX5komLeNp0SgP5O2Ng5ekIZ848K2It0f15sGY%2F7ioyTPQrXHc8YYZQfzptFEcWSEmYB9cU2kZtkTdcQ9fgJ59eVc5DGU7h4PzTbTaAySo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df4d4e50-FRA

GET
H3-29 200 copy_pushmobile.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 12 KB
4 KB 26ms
18ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy_pushmobile.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 73235f52f3740b402fd371afc05023af6d21b1a007ca6fc106cd4881300186e6

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1744
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG3C8PH2051ZRT11
x-amz-id-2: BtUAf3cyrVbQv8mvokbiVwoHdm6jvUGMAaST4sltl7MzaC6cv9aAd1h5YtJHYiWe1kthw64sxmA=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"63526b3f801d85df4eb75ce61b9b9f18"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GUD5acMOiJpnvL0aCEQEWkUKZRSmw9z0Mj1uylk96FrMC18cFZ%2FhyJNLLgdc%2B5Zmx18zpLeJxK23y3nyBHpJ6PpcH8cY7ZbImDV%2B4CuFFuMHwoCuRUJWc6aIObqo5ZnuBetBFDF8%2Fp0QGXJC2KaYxUA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df424e50-FRA

GET
H3-29 200 copy_pushdown.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 12 KB
4 KB 27ms
20ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy_pushdown.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae8724f1496aef298a39e349f8f03e49af6329ba320d4f060042c90614336f58

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1463
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: ZP6WKYRCRFBWTZ3N
x-amz-id-2: lhNIO67CAcLzAGO9PjN87H33ll2SN0pWQ4JPn8pCLQgSaC5upgTi7vWOGbHJQ4Sl1QX1ehktEho=
last-modified: Mon, 23 Aug 2021 14:31:54 GMT
server: cloudflare
etag: W/"a813a93c3d665742305d4c79279bc726"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fI42l3hDX1jqT4GqW8giRESSE9CZzBvtCiJ3IQgmrpN3k3xPh6GpOaY4CM6Q9eDvlXQp2MovLTnvH4HXz7vWagG7cErjZ9OJ4a4RhDjV9s1Srj6GOyAjKlPZsX9hDRnTRUXf8CA6iS8%2Fb%2FGzAnJnIvo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df444e50-FRA

GET
H3-29 200 copy.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 12 KB
4 KB 25ms
17ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 86c42b6c3967f4035c94975d6ef2b3b6075d27712ffc4e7447e7122f1175b3c8

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 347
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG3CHWTC6TSBJ74D
x-amz-id-2: L1LUXBUWaxhOp8S6KjytPJBILBZU50tpujxvceotVKXYIqMPHA91SsYAQz//KzLKDXKwCJ1T9Ck=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"cd2e91d63ed08e19567e69c674ebb5cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v4kGp4q7ZhnaFG81FtJtAjoNbcHlNDknocE9OXr1WilkYWt1iGozGiyCZGivKdPEfAlOLYBLWxbCQRKJ6lse0267CUesz2ZJ3W1TybDqiKOtDERlCr%2F7ZKzZJXAFvwSAFfkJ2c8uw8auJXX3qK6BxNY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df4c4e50-FRA

GET
H3-29 200 copy2_pushmobile.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 5 KB
3 KB 38ms
31ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy2_pushmobile.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3361e91435c8d8a10b7ba8e447fdb9e8cf94681182d2ce70a59dd3fb56dfca5d

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1104
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG37ARM1FWSE6VGK
x-amz-id-2: zPTA+PLXSnD5qaisS44UCX7lMdYZq5MAjZ2X2fpyfDeFkpJOONJWfqfKugmQ55efTVhD2DtOjU8=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"beb4ce05eda61995a0eba82cbef0fb8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pBI5HP2NH2%2FLRUY3mzDi0N8L58pRtRj8qSK1GdMsum6sowyuLYPZU5pTygvfuHRkILK2SdnO5pSl7tPULVm%2B6aBrvNsr8xodMOa17oRox7Ns7wfQ5OTImQvbwAQ9tepsfXEMemBouSGCa68vG%2FQaV9U%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df484e50-FRA

GET
H3-29 200 copy2_pushdown.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 5 KB
2 KB 40ms
32ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy2_pushdown.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cda9e405d476907b07df5ba2daf29f6d9f802bc7df20e3c9a1295c601e210406

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2341
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: BMQZQY13PY1ZDM29
x-amz-id-2: i7motaNkG5iL9Dfa7Lgzc+UiAmzAa0k4DbmyoN4R5WejnVUcg3Voi1lz/vmkVtpRAntDpkZgWWo=
last-modified: Wed, 11 Aug 2021 15:15:25 GMT
server: cloudflare
etag: W/"5dafc545e73be5464256dd78dc118a9c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s08r5A8K6avSTEwXMB8ecSb6jF4bnN3eBeQL%2Fzty8ScHb6EUFTsZQOVYTSFXhcGFGYgj5tCqMrZp6URdlnfy7o%2FuDI3U7d72W7Vofn5l7cwL5EueFb0NipgUGP9nEDYy%2BJrVUEYpCdd7GE9YzplmE2E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df584e50-FRA

GET
H3-29 200 copy2.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 8 KB
3 KB 39ms
31ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy2.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 72090b49f53f821f6c0786332d2ed9cf5f80da91d028f11ad6d63d9a8200e69b

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1104
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: 9M8BYSWQY60VWNM2
x-amz-id-2: 3yjpWvv79iKRtWKruBIlG2r8wczyw8gWaDKz9o0Uxt8SRhGiAWxCsazCuVhw86TX/LHpgIhAwVE=
last-modified: Tue, 17 Aug 2021 23:28:28 GMT
server: cloudflare
etag: W/"a8705f778d939385ab4be7991f8610ce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7Hp2mCaQWWkK%2Bh2qzmxIX4BVTtae0LZI2f2MpShpPLahn%2FiytfgvC2J4NCJx%2FO6EtKuiRBdloEnTCJjs6iFt46cuokPgUt6fDA4vGMrufRUjanvWMsCVX1%2BoJr6DK6pJibnlEoAEV2ld9DESIgJFvt0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df524e50-FRA

GET
H3-29 200 copy3.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 6 KB
3 KB 39ms
31ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/copy3.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 150431c4e70ae805fba43a94f1b154417be47c26d7f3ca60a7e1a0ab7b50ba80

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2902
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG3EED1319N7WXKF
x-amz-id-2: H06r50jMWu6JKR607v3t5vqmkmT4fW8hPqGptrPEYmlqLADPTcbRjivVlRAZnK0eg4AOr1q7laI=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"9048820dc635dbe10d09725e919ba54f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Om8CB%2FTnsV99FWucyt1SkgBzUSSOXH%2FhEqqSI%2BVg6j4RjGUm8HrPJ9bCxVWvJ8eueVWdnmX2KnaPBaieig4EL68dP5jGFqpnGP51isawAkpEhp5ZT6jYD92F39g34UU7nO3gD%2FeouUcoHI%2BIcLtk3rE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df514e50-FRA

GET
H3-29 200 cta.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 3 KB
2 KB 38ms
31ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/cta.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56828800a4a575d3b1940a854640ad25c3c93a7d3933ab96150ef48788d637d0

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1279
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG37YK1SZRWR316R
x-amz-id-2: LkcBsIotk1LWDXE3hZ6OLOqwMjjGbdQkeiU0y8B+6Y6Q9i7WU/f/Y+384TisBgNun8TSN0L56/w=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"b26d0f732978180e7c2480406f97e7f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wq2sEaLgTkchr%2FCCrgn4ezRNNsv%2F3yZ1tmXcRqrgVRhPUEanVjStFT0rB%2BDIp5uADK80tZG1Duw8zvOUAU6sgJoMYbym%2BeAJj1GdtGXKkwFaBdSFmw2mcsdy2TmM25tAQvr7nCEMIEc15bp9Rz9C%2BQM%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df4f4e50-FRA

GET
H3-29 200 legal2_pushmobile.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 12 KB
4 KB 45ms
38ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/legal2_pushmobile.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 757a9daa63650138fd902f15b33dfa3ae7ea0a4c2c8aadd405c7c09f5c6af7df

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1104
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG3FYPV7NYXW4VRH
x-amz-id-2: 6byEBTwbwHXH3NZtbuoyYmmgAYiNz9dxU4DHxlgxdXNDcSKtQnQFgavrQsDpdhZKwAfZ/fI+yqc=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"22316355cfe04cd150c2b810a54167a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bqDlyn7Mv%2B%2BhX%2FyBVwmUYH2ivOMbApEapExI3EKDQdA5MEMl72wcSw8eBxdtLOpq486SmaMWT%2B%2BT9QwxQtQ5OGDEknJG5adF43KujbC9CKVTNGjT%2B2WOuVDXWXNPXP8e2VTa%2BylTMlyk%2B9qFC9rSVkk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df5e4e50-FRA

GET
H3-29 200 legal2_pushdown.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 33 KB
6 KB 44ms
37ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/legal2_pushdown.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 869c671beb0b128c008179a0e3fcddbfa62cfe83351672d1142b1d734858bc33

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1105
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG33EJ21477QH1DZ
x-amz-id-2: mAkdxFgicK4xhJJfQC6kJKz4umo0AaZjBrV4X8n5QBTRnx6g/x7OzDef1D5ZdlVFcqopbFuSMj0=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"19cfc2171558b226e44590caa30ac756"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y0L1PZGx7s6MMzK8zvuDwtbNpwLmGB3UF6gz6TbFNN6A5a1uTjLt57xVxoGBYbMKTp4jUKG5GVxJMfktuAUahb6p6n%2FCObTtN7DNwkx0S5D4e7F%2FGFv43jaL9Go1HHr%2BIbFipDBplf7kR8Ec6558CxE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df5d4e50-FRA

GET
H3-29 200 legal2.svg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 33 KB
7 KB 39ms
32ms Image
image/svg+xml 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/legal2.svg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3dac0f22f981a1e8828e9516833b3ac6fe985cf1852033b0f153c9cb8694d3a5

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2075
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: HG3FKQBARHA4A3KA
x-amz-id-2: hDAgr+7+AHIMpu+Jj24pQm4NimkwyqsYw4/sG8E63ILc6pvSIPBD03tIkfy2daFMY8eFlzw89xc=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: W/"a33282a0f66d9e18e14ed6c9fa761dd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kHxO1d3Zs7xVit2lxpv4dU9SHr%2B%2FEOFvUDk1uYfiMlzALv4BVm78%2B3UGmDnDaj8w9SdMg1u6CGyIOatA3Hn7niVnBGaXeBdg13e3KWGgukQ5ZuqstUaIMoWGyCZtzwk0sr48KLPqoPwD%2B5Ai4ssTX3c%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml
cache-control: max-age=1800
cf-ray: 687daa03df5a4e50-FRA

GET
H3-29 200 rocket-loader.min.js Show response
lp.clevernetwork.pt/cdn-cgi/scripts/7d0fa10a/cloudflare-static/ Frame 097B 12 KB
4 KB 20ms
13ms Script
application/javascript 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://lp.clevernetwork.pt/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

Requested by

Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 19 Aug 2021 12:03:41 GMT
server: cloudflare
etag: W/"611e489d-302c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options: DENY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WcSG1zFibS0znapSOxOO6ShZXg%2FTnnvK%2BdwgrVEosb%2B%2BVTbAUPg10KVS9s1VxA%2F4PULm4uVDHW14f06P%2BFjl552%2B4%2B2SMqTIFd25A7F0YN9py%2FY%2B%2BEJx5xSmCOwtZXEH9uYB1KCigR%2B%2FkuNGmpAwZNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800, public
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 687daa03df5f4e50-FRA
vary: Accept-Encoding
expires: Fri, 03 Sep 2021 10:02:38 GMT

GET
H3-29 200 clever.de.min.js Show response
lp.clevernetwork.pt/bet365/js/ Frame 097B 9 KB
4 KB 20ms
20ms Script
application/javascript 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://lp.clevernetwork.pt/bet365/js/clever.de.min.js
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 54ac31540d0cc04994470e45f7f167649c2de8874d42ae215ec5bfc9a9fa64f3

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/?affiliate=365_01068328
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1228
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-amz-request-id: J1QQFT34KRTN61JG
x-amz-id-2: FbKmRKKarhHEd1wYJkdGuNyRbg+MVIrnQGBrTCwxY0nY5l6jpkKj7LzZA0QF9I/nNNobzXGZZvc=
last-modified: Wed, 30 Jun 2021 10:04:54 GMT
server: cloudflare
etag: W/"f608a5d30dd77ed8de7ceb968e854f04"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=T1MhDmwqt%2FU5JUjCi3EqF8dhM%2BwumSKcvaThLnDzM%2FMO1fjEFQZnwhVYWA32sDkPtyTwOijfJS9aeTAgbFNWTxkQOUUSCnuew4hKyVCZcEBYUsQJppyA0LDfcAi4JpQaZV5gq1avr%2FGNK8fSlC290BA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=1800
cf-ray: 687daa03ff954e50-FRA

GET
H3-29 200 css
fonts.googleapis.com/ Frame 097B 7 KB
691 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:400,600,800&display=swap

Requested by

Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/style.css?v=3

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

bb7f0b15bd32449595eafeb324497fb7e40da98d9834825f0298895892c569ac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://lp.clevernetwork.pt/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 01 Sep 2021 08:55:19 GMT
server: ESF
date: Wed, 01 Sep 2021 10:02:38 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 01 Sep 2021 10:02:38 GMT

GET
H3-29 200 320x320_15.gif
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 84 KB
85 KB 19ms
18ms Image
image/gif 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/320x320_15.gif?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/style.css?v=3
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ce7a0638d4756ff9d96081d9b7c0a048168fa9274fc1ab9e6ce7bd148549fee4

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/style.css?v=3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1280
cf-ray: 687daa0458304e50-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 85875
x-amz-id-2: cnSAjSWZcSUsGMnUoJpe8oHgi4KL/jkydichtyq5o8rO00NsPblxgApJSXe6qNqiQz/RfPrBYlc=
last-modified: Mon, 23 Aug 2021 14:31:54 GMT
server: cloudflare
etag: "b97a40ec85baebd06758c20639f491ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1WEqQKBXpoMo35d12SCgGJ6FfoL%2FaeKQ2hqYJGWhwmgQX%2BiiOMmEnu8OVAZ0TsBjicQtcPgzm8NP%2FyFkIywDq89h1LfZvRxVvG%2B7MFhgflj6zc17TuKVsMmqsMKbKok%2F5l1NtCO46lnWPtUIAKMoq9A%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: C3D3D5319GGQDTD9
cache-control: max-age=1800
accept-ranges: bytes
content-type: image/gif

GET
H3-29 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v23/ Frame 097B 14 KB
14 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v23/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:400,600,800&display=swap

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a42f2ec73409f2753ef17d737714c86303fa45fc3a3d484a9b0c8ed28ef0fd6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://lp.clevernetwork.pt
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Sat, 28 Aug 2021 08:52:43 GMT
x-content-type-options: nosniff
age: 349795
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14440
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:23:25 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 28 Aug 2022 08:52:43 GMT

GET
H/1.1 200
OK Cookie set DefaultAff.aspx Show response
members.bet365.de/Members/Helpers/ Frame 6396 84 B
716 B 164ms
119ms Document
text/html 81.94.208.229
HLM2-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://members.bet365.de/Members/Helpers/DefaultAff.aspx?affiliate=365_01068328
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/js/clever.de.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 81.94.208.229 Shrewsbury, United Kingdom, ASN34587 (HLM2-AS, GB),
Reverse DNS
Software: /
Resource Hash: 662c2c97092391ae013657013ee4e9e1ae67db8d008735ea5e03ae20fecd07ba

Request headers

Host: members.bet365.de
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://lp.clevernetwork.pt/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://lp.clevernetwork.pt/

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
ME-Redirect: PQB
Set-Cookie: Affiliates=Code=365_01068328%2f107172844804&prd=Sports; domain=.bet365.de; expires=Sat, 16-Oct-2021 10:02:38 GMT; path=/; secure ; SameSite=None session=processform=0; path=/; secure ; SameSite=None pstk=A17AF924763FCAC6A7181B165F92F977000003; domain=.bet365.de; path=/; secure ; SameSite=None
Date: Wed, 01 Sep 2021 10:02:37 GMT
Content-Length: 177

GET
H3-29 200 bg-pushdown_2.jpg
lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/ Frame 097B 27 KB
28 KB 14ms
12ms Image
image/jpeg 2606:4700:20::681a:af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/imgs/bg-pushdown_2.jpg?v=3
Requested by: Host: lp.clevernetwork.pt
URL: https://lp.clevernetwork.pt/bet365/geo/de/grp1/style.css?v=3
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:20::681a:af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c46d0e3cb160524457f4cab19d9597643cfbfd330fcd7c288b45bf3ba0a0efe

Request headers

Referer: https://lp.clevernetwork.pt/bet365/geo/de/grp1/style.css?v=3
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2209
cf-ray: 687daa0458464e50-FRA
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 27972
x-amz-id-2: 2XlBRnsANmChJGewdQc/Z0Ncrnc2QjI4y4o9twvGKsRMgyIbKknCVtrBbcA3azLVlr+8TZ8DgFQ=
last-modified: Fri, 23 Jul 2021 09:53:52 GMT
server: cloudflare
etag: "badb98ee3ef98cf931012151d07083fe"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=95j5NcxZpT14dxqKQOYyvKVHE3hHoVFFtyHHgRNu%2FcBZnEX7BS9KvXq4GTxhJvMx7wB4T2d0Q7knlgHUVcygotsilFk0PmLKZFfpJ92El0aIyVr7XLHvydDVIpCxsu2aOev3x9%2BkC61iFBc34M8Dvsw%3D"}],"group":"cf-nel","max_age":604800}
x-amz-request-id: XZZ0JP312SECJGMK
cache-control: max-age=1800
accept-ranges: bytes
content-type: image/jpeg
cf-bgj: h2pri

GET
H3-29 200 container.html Show response
26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9A11 6 KB
3 KB 23ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 01 Sep 2021 10:02:37 GMT
expires: Thu, 01 Sep 2022 10:02:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 0553 6 KB
3 KB 18ms
8ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 01 Sep 2021 10:02:37 GMT
expires: Thu, 01 Sep 2022 10:02:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A74B 6 KB
3 KB 11ms
7ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 01 Sep 2021 10:02:37 GMT
expires: Thu, 01 Sep 2022 10:02:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 262 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0f266202b591aab2563e8ef52fcc7cf8d2358f48600ad7f52bc62462787dca01

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 container.html Show response
26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9934 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:810::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021083001.js?31062449

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.controle.notisul.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://www.controle.notisul.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 01 Sep 2021 10:02:37 GMT
expires: Thu, 01 Sep 2022 10:02:37 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9A11 0
0 25ms
24ms Fetch
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C18hBvU8vYe_TO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1QFP0FVWblD_QNA6kMKvEh0ph5Ie4qZodi24w4x2L52HlpF2M0nkZoG15lz6Z6Cee_tlHUX-BXFvaGSmRuA8H9F3ign46IjYcO0THT1l3pBaKjxgVjOxHt4ChxN6Msb0zaVpFurmwbdZ2L9EC9nXj8VZLBmawbvK6eKybgENQ4_TAIPhl-f8_9aLAtZf0yQviqRvJ7Y6xRU16DHWjjdpGU524KMjcesznLUUW6FKIFOtAGEDXoRN3KojJMB9K57w5mdROc8Doy1dOarXvkven_FyVMmaxz_gBAGABr_Lica30_nRW6AGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTgxNzA5NjY1MzgxNTI1NDMYkfNs&sigh=8TJ4nKsMZ4Y
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: mil04s23-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 9A11 0
0 48ms
14ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1g1tvf15zqsmww4kjx8fp65d9412xk06nggg0f89cv60f3g7dfyeb1yyt9kd1br5a40mq8pq7mk6jacsh6mmd9e1bxq765bsc8x4n3zpa3z8dk7nr057ayd68624d15v024cj3wtqmwg1fgsm0etjxv97x12b803r8k7e22w4gr76vpbkpfbyxkhpqe92mf3bmwd7zhmxkpjb8ev8k1j07rwb11yyj3c2q5bqfc29bn6008qpd6xsste49hzrsggfcv45rfj661m9dnfa9m3r73mpc9zd17kxy69yvc7zarkp4stmvszj4121bb286tqn0dar5abj07hfymbawb8j308g2s9k03gykacbchhqeq2z82xqdz251cpn2qjxg78c1hymg10tc&b=YS9PvQAO6e8K4BFZAASuy6eb79cUsLs1yFIyag
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 45CE 2 KB
2 KB 53ms
20ms Document
text/html 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gsefzhqm4sxhdzwcbk5d33hb4bbymr0yze02cjtyf2td87kg2xnd2wmc2fh0ms7bj60anbszfzbwnpbevt3jkxv7e2h496ftqf0tbtzhf5jjd3sbqt11p5p69j9rz14edf957bewy6g1wpd2qs2455pzed9jpbqr391eb8bt2cx80xz9t0217nt8w5f98s0c613m8qqzbfvgf4dby1fjexa6x80sbkjt9yh2jb7ya7nw5rwbxgpay0qc07qshvwacsnmkjpsfpyfp87q4hwktbsm6prazcj5yjnt33qqjkeka57fbtyxxam507mngbx37mx7j3gf5735n8p56thsjdppzfje74s3z0qthktwdzmw9tfjg1kzbmvvn0r0e4hmnrytc0byvfkrf1th1e4g40&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBjMFvU8vYe_TO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE2AFP0FVWblD_QNA6kMKvEh0ph5Ie4qZodi24w4x2L52HlpF2M0nkZoG15lz6Z6Cee_tlHUX-BXFvaGSmRuA8H9F3ign46IjYcO0THT1l3pBaKjxgVjOxHt4ChxN6Msb0zaVpFurmwbdZ2L9EC9nXj8VZLBmawbvK6eKybgENQ4_TAIPhl-f8_9aLAtZf0yQviqRvJ7Y6xRU16DHWjjdpGU524KMjcesznLUUW6FKIFOtAGEDXoRN3KojJMB9K57w5mdROc9BoSDP7n9Q_oNZ12eoHVto_itniqTgBAGABr_Lica30_nRW6AGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_08G2ptvO9lBe0fansJ32Oj9F1PPA%26client%3Dca-pub-8170966538152543%26adurl%3D

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d32aa633b69b516c514a79d7269cbda0fd3533703c7afc338c182d7efe1f666a

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/dr?ed=1gsefzhqm4sxhdzwcbk5d33hb4bbymr0yze02cjtyf2td87kg2xnd2wmc2fh0ms7bj60anbszfzbwnpbevt3jkxv7e2h496ftqf0tbtzhf5jjd3sbqt11p5p69j9rz14edf957bewy6g1wpd2qs2455pzed9jpbqr391eb8bt2cx80xz9t0217nt8w5f98s0c613m8qqzbfvgf4dby1fjexa6x80sbkjt9yh2jb7ya7nw5rwbxgpay0qc07qshvwacsnmkjpsfpyfp87q4hwktbsm6prazcj5yjnt33qqjkeka57fbtyxxam507mngbx37mx7j3gf5735n8p56thsjdppzfje74s3z0qthktwdzmw9tfjg1kzbmvvn0r0e4hmnrytc0byvfkrf1th1e4g40&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBjMFvU8vYe_TO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE2AFP0FVWblD_QNA6kMKvEh0ph5Ie4qZodi24w4x2L52HlpF2M0nkZoG15lz6Z6Cee_tlHUX-BXFvaGSmRuA8H9F3ign46IjYcO0THT1l3pBaKjxgVjOxHt4ChxN6Msb0zaVpFurmwbdZ2L9EC9nXj8VZLBmawbvK6eKybgENQ4_TAIPhl-f8_9aLAtZf0yQviqRvJ7Y6xRU16DHWjjdpGU524KMjcesznLUUW6FKIFOtAGEDXoRN3KojJMB9K57w5mdROc9BoSDP7n9Q_oNZ12eoHVto_itniqTgBAGABr_Lica30_nRW6AGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_08G2ptvO9lBe0fansJ32Oj9F1PPA%26client%3Dca-pub-8170966538152543%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 687daa05b8e44e5c-FRA
content-encoding: br

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 9A11 2 KB
2 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/window_focus_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:00:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 10:00:48 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 29FB 1 KB
749 B 10ms
10ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 31 Aug 2021 13:41:14 GMT
expires: Wed, 01 Sep 2021 13:41:14 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 73284
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9A11 122 KB
37 KB 63ms
41ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc737a01a72ef54ff0decd38e4ada36dad376930b764cabfad012682cdc262ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630322985459792"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:38 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 9A11 14 KB
6 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 09:50:42 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 9A11 0
0 22ms
20ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSCDBKwNJ53jQoASsTmeaXjZDQ00E1sIw0f8xng1z2wlNDTSZ4L2XquZWnO2V82fNRhIYVag7KphfnU3lDj1vPIQ5wyMQ
Requested by: Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9A11 22 KB
7 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:03:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:03:12 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame A74B 0
0 24ms
23ms Fetch
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CiTmTvU8vYfHTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1AFP0KAcld5NdxGezM-LGMmrs6jPngxlCSW2uzJOehYh3hopOvkHL0qEv7NU1Pou1t-a41dULZ1uXbB6HYu62mFmmXNneW4X0f9vOw-l-IKX5nXpNZsYpjI7nR35EksmDkhhoQ1iNmWN2ngHgc1-G_IAlei6bBAjGxd2IO-hNgkcLUvMf86hqAHNs16jp9mjvOTh0R0fBMXYTWaUPovGYsOd6ZlBkKXi4JUNZd_MDs217Cgo3gwKyehK9COfu7-ebLtmGfqHhXxjzjbORgA06BYAM2u1r-AEAYAGkcuy08Lx3qHOAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5gAoD-gsCCAGADAHQFQGAFwGyFxwKGhIUcHViLTgxNzA5NjY1MzgxNTI1NDMYkfNs&sigh=XdyrptVQKq0
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: mil04s23-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame A74B 0
0 42ms
14ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1gyzh7mtt8n5cqabbesjb706rr951a3f9grg57zr4686t1a1fptbsswcp8p8r43mt9nnwnkph697wewzz17sg32efkb5ewmt2m11b9pb1h0pyfxf2g6q3dnacnr90y2q06d1ccddm7a5dsema6knj7skpapfdajr8pp49brk4ejkdpqs0vx3bhmd3bs9wnax8jvngpyz71f6hg3a4cj3mbfc1jvremefarp8d4kfxdv62c8mtdsbrgzr8hz8agw92b8yy971m5mgwn3vk1mbwhqdkgbyat8v5y6hst9v6zd5vjhmyrhqrrw6sa8yawbyxp9h9gw7fncn228zqfpqkzrfdhqnyd3y6htgsxxzsra887p6yx8j4dgfagxhqgs91n0y03cejg&b=YS9PvQAO6fEK4BFZAASuy7dFjm0yCzAu8VPogw
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 26C9 2 KB
1 KB 51ms
24ms Document
text/html 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1jfpa4h30h4z9bgkvbwk2p89ng2cj5fe9pvs0ttwt2mc9bxrvhgezy799nsy46fzk2zztwvj42fcef2p0h7s4g9dej625f0v8j4qjc3hc8gn7krp2rzk5myyxh26sbwnsvg8bhkgqg6dp4gwn7j8s2k7qzs6342knpqt6pesz3nh5praecrhggf8y6r1s6jmp9yhvxvhe9nv5rqmdg78z81p25b1pyqazmv630wfeh3ygy7b60w56n16etq4pfsbv0n16n3tab096m0j8hm620dfmjah2e1mrcgtxsqhw0c2rmrwedaxymxppecgxxd0af6dtq8x82b0d4c5az7amd51xsgkdpf3d5m9cn90k41xarcb4n9y1dyevaf3cwwr96qb80bkh37tb49c0gf7wf4c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC69P7vU8vYfHTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0KAcld5NdxGezM-LGMmrs6jPngxlCSW2uzJOehYh3hopOvkHL0qEv7NU1Pou1t-a41dULZ1uXbB6HYu62mFmmXNneW4X0f9vOw-l-IKX5nXpNZsYpjI7nR35EksmDkhhoQ1iNmWN2ngHgc1-G_IAlei6bBAjGxd2IO-hNgkcLUvMf86hqAHNs16jp9mjvOTh0R0fBMXYTWaUPovGYsOd6ZlBkKXi4JUNZd_MDs217Cgo3gwKyehK9COfu7-ebLtmGbiFiO60G7GOjod8fsxJoZmMu8YtyuAEAYAGkcuy08Lx3qHOAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29sYNbTFZLGCB-UyuF2BO5SljTng%26client%3Dca-pub-8170966538152543%26adurl%3D

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

09641aa1c83ef716062e3d4d500393ed9fc77dd66400f7e00556129380a601b2

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/dr?ed=1jfpa4h30h4z9bgkvbwk2p89ng2cj5fe9pvs0ttwt2mc9bxrvhgezy799nsy46fzk2zztwvj42fcef2p0h7s4g9dej625f0v8j4qjc3hc8gn7krp2rzk5myyxh26sbwnsvg8bhkgqg6dp4gwn7j8s2k7qzs6342knpqt6pesz3nh5praecrhggf8y6r1s6jmp9yhvxvhe9nv5rqmdg78z81p25b1pyqazmv630wfeh3ygy7b60w56n16etq4pfsbv0n16n3tab096m0j8hm620dfmjah2e1mrcgtxsqhw0c2rmrwedaxymxppecgxxd0af6dtq8x82b0d4c5az7amd51xsgkdpf3d5m9cn90k41xarcb4n9y1dyevaf3cwwr96qb80bkh37tb49c0gf7wf4c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC69P7vU8vYfHTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0KAcld5NdxGezM-LGMmrs6jPngxlCSW2uzJOehYh3hopOvkHL0qEv7NU1Pou1t-a41dULZ1uXbB6HYu62mFmmXNneW4X0f9vOw-l-IKX5nXpNZsYpjI7nR35EksmDkhhoQ1iNmWN2ngHgc1-G_IAlei6bBAjGxd2IO-hNgkcLUvMf86hqAHNs16jp9mjvOTh0R0fBMXYTWaUPovGYsOd6ZlBkKXi4JUNZd_MDs217Cgo3gwKyehK9COfu7-ebLtmGbiFiO60G7GOjod8fsxJoZmMu8YtyuAEAYAGkcuy08Lx3qHOAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29sYNbTFZLGCB-UyuF2BO5SljTng%26client%3Dca-pub-8170966538152543%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 687daa05b8e54e5c-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame A74B 2 KB
1 KB 30ms
23ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/window_focus_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:00:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 10:00:48 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 6EC0 1 KB
749 B 16ms
9ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 31 Aug 2021 13:41:14 GMT
expires: Wed, 01 Sep 2021 13:41:14 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 73284
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame A74B 122 KB
37 KB 31ms
19ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc737a01a72ef54ff0decd38e4ada36dad376930b764cabfad012682cdc262ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630322985459792"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame A74B 14 KB
6 KB 18ms
9ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 09:50:42 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame A74B 0
0 41ms
14ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQDJ5GoIBILmb4ezjbL4ZyIZm8ItH7pmOWK1-i2TH-EAgt48sh2ASYGWss1HaiyIZlW7tbjYDWovWCQIn3Gep8dHCIJBQ
Requested by: Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame A74B 22 KB
7 KB 22ms
13ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:03:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:03:12 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 0553 0
0 35ms
18ms Fetch
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cy8ZOvU8vYfDTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE3AFP0CeQdFGH8h8eZmsPFGSqaQbw6Swy0hC_LPqgvNtqoRg3UZhwpQYrIDAWUnM7bq4bO3ToOoajJT55_MPu_NgmvZoyRC3_dF88GUxS70LIFJyC0M3yoG4ziLuKR48yWBNFfdueFUwIJ8i_hyC8t9a62rkdVW-jOigBGD2aX6DhPoE6GfobrMEp5Ey3w7K7ZoL5fowMzPKyDIaseG30smFOymbkNGqHu0JjmKiFtdRQ7F62HSsfRqvRgCXAE02IXZnuPq_w7q_CsNUhdWdAoCBXaFfxzBSwmZfXJcMh4AQBgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNjA0NzQ0MTg2NzI3NTU3OYAKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi04MTcwOTY2NTM4MTUyNTQzGJHzbA&sigh=UVH57vfiQSE
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: mil04s23-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 0553 0
0 33ms
14ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1ksefjbrdzqdphjkjjppak0nehjz4dqj26dm6yet2tk7aw29dzm1ch4z77s6e72sy71gag2rexsdtasjjvg6ycksa2234z50j29f2b4eng24jt5txdyn5p5zxdtb136kra47wmptcakgtc3waw8epw90ngzbftt9pwr6dw3sebjcfssx1jbvwx80tsydwq1yr7zchdfgmp0h3rwk37wyhbg68g5z0n5pv5pwq7212qbv616hx0z1423yagcgkxq028q6cpb0j1pek90n181pwnfwedgnhfaxp2g3g6dkyqxkd5n8ps8adcs3fqh57aff5hz2n2cz1ssh62m874t0kejdj04gh0qxwwjfsmap2q36scfjhvn5rv9xnd00bd7ewqhfqjfmm8&b=YS9PvQAO6fAK4BFZAASuy2fLsxXcMehDsqt7dQ
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame 8678 2 KB
1 KB 40ms
19ms Document
text/html 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1gw5ndjeb3r3anyd1zmf2sazey3164rs1veb5kw6rm661a5s50k4jb6f9fm440525kmvsh2n7q37p228n6v6phjjhv3vara4hpzvth6rag3sha6xh6bjgec1gcaqjbs8tqwc9tpe8wqqsvg6dxkzydhmhh7m5w4cb10cx1906jhq0z1hsnwfq44gj5tzjv43jgs4ng6gj33sgprefzbsyvxdqp5y47c7t79zyt35003h8rqwkj6eh5askwybaw6v4sxn5jgwrvzfj8deq0m1pe3v9b3d53h9snv43ep4mtnfahrc71p2hvsc4rq7z32g35tr2d4vk2nmwp7d1cn76re6xebr8gv5wk6v4b3pzhcemh1rjvd4jtrx90xe5gbs8rm4fyy717pmhq4vztzbmq0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC38wzvU8vYfDTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE3wFP0CeQdFGH8h8eZmsPFGSqaQbw6Swy0hC_LPqgvNtqoRg3UZhwpQYrIDAWUnM7bq4bO3ToOoajJT55_MPu_NgmvZoyRC3_dF88GUxS70LIFJyC0M3yoG4ziLuKR48yWBNFfdueFUwIJ8i_hyC8t9a62rkdVW-jOigBGD2aX6DhPoE6GfobrMEp5Ey3w7K7ZoL5fowMzPKyDIaseG30smFOymbkNGqHu0JjmKiFtdRQ7F62HSsfRqvRgCXAE02IXZnuPq_w7q_CsNUhN2VNMveC7xc5S1wmQ95F1_o1mby94AQBgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNjA0NzQ0MTg2NzI3NTU3OfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_367ixEibj-m-kdC3CB7YCOK8n5UQ%26client%3Dca-pub-8170966538152543%26adurl%3D

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

da45669552edd004b0469eed065e2d16d2a8b9382033275d8e326526e07f8059

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/dr?ed=1gw5ndjeb3r3anyd1zmf2sazey3164rs1veb5kw6rm661a5s50k4jb6f9fm440525kmvsh2n7q37p228n6v6phjjhv3vara4hpzvth6rag3sha6xh6bjgec1gcaqjbs8tqwc9tpe8wqqsvg6dxkzydhmhh7m5w4cb10cx1906jhq0z1hsnwfq44gj5tzjv43jgs4ng6gj33sgprefzbsyvxdqp5y47c7t79zyt35003h8rqwkj6eh5askwybaw6v4sxn5jgwrvzfj8deq0m1pe3v9b3d53h9snv43ep4mtnfahrc71p2hvsc4rq7z32g35tr2d4vk2nmwp7d1cn76re6xebr8gv5wk6v4b3pzhcemh1rjvd4jtrx90xe5gbs8rm4fyy717pmhq4vztzbmq0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC38wzvU8vYfDTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE3wFP0CeQdFGH8h8eZmsPFGSqaQbw6Swy0hC_LPqgvNtqoRg3UZhwpQYrIDAWUnM7bq4bO3ToOoajJT55_MPu_NgmvZoyRC3_dF88GUxS70LIFJyC0M3yoG4ziLuKR48yWBNFfdueFUwIJ8i_hyC8t9a62rkdVW-jOigBGD2aX6DhPoE6GfobrMEp5Ey3w7K7ZoL5fowMzPKyDIaseG30smFOymbkNGqHu0JjmKiFtdRQ7F62HSsfRqvRgCXAE02IXZnuPq_w7q_CsNUhN2VNMveC7xc5S1wmQ95F1_o1mby94AQBgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNjA0NzQ0MTg2NzI3NTU3OfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_367ixEibj-m-kdC3CB7YCOK8n5UQ%26client%3Dca-pub-8170966538152543%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 687daa05b8e64e5c-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 0553 2 KB
1 KB 23ms
11ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/window_focus_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:00:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 10:00:48 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C6F1 1 KB
749 B 15ms
6ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 31 Aug 2021 13:41:14 GMT
expires: Wed, 01 Sep 2021 13:41:14 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 73284
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 0553 122 KB
37 KB 44ms
32ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc737a01a72ef54ff0decd38e4ada36dad376930b764cabfad012682cdc262ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630322985459792"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 0553 14 KB
6 KB 16ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 09:50:42 GMT

GET
H3-29 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 0553 22 KB
7 KB 20ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:03:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:03:12 GMT

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9934 0
0 34ms
21ms Fetch
text/html 172.217.23.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CV6ySvU8vYfLTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1AFP0NfnpeadkYjfqcnBybJ07R5u-PPAR09a2rddrIrRq8yOX30tyw95soyw-mS4T5lAJYUlUY386tU2BsWDpbugCuRgv9rGYjrVfD4LRiyEI9N1nt6hdrrVo5mPnzIfPniK4oCXhzFTNCTVCulQ7SflATFReE8mKLD8llzwhpicN0lkRA3uL1REv8vT_kVeNvzt-2cz2DHojFKsr1evRzdcnMQ5dDqmyVVHOjqbLSCIkoA5KoPfYndJm3EzrwyZ6pW98dAlKEzWF9mqwZ2jWXyiiyxwMeAEAYAGv8uJxrfT-dFboAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTYwNDc0NDE4NjcyNzU1NzmACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItODE3MDk2NjUzODE1MjU0MxiR82w&sigh=chRwbU2bxw4
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: mil04s23-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H2 204 winResponse
prod-rtb.ad4mat.net/ Frame 9934 0
0 26ms
15ms Fetch
image/gif 2600:1901:0:76b9::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://prod-rtb.ad4mat.net/winResponse?a=1kb2mrw206bdepwr91kxwhqgg8y62hh06pj0rawqg6pprgpwzkezmkg98mm64v22cz73dpakpk3a8e5dzbcscy21df30gcyzbjh38exxq1rjd04bhh4g367j9yzpn1gfefcqzc3eef2ewcr4gqqphj9k7qfmgkkz06gkws4csmb9xqsay2pnbaj1k8hgsep8ye18nwdz2ww73sh037qq6q4qfzmw0zc423ep8cw5c8x39s3ghw88efsbexpnat2a26z62465h3g7pz5y4q762janeq1046geyxgztf6bxy4k9gc2nhtdnv61t3192nga2b0gwmcfvjwhn7gwy6m1bz5grt6hfmvhm3e8snnjg48c57vvp6dv6qke1j5g0nqw8r6cpk3jt8&b=YS9PvQAO6fIK4BFZAASuywAioKZMtLOxm3910Q
Requested by: Host: www.controle.notisul.com.br
URL: https://www.controle.notisul.com.br/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:0:76b9:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
alt-svc: clear
content-type: image/gif

GET
H2 200 dr Show response
as.ad4m.at/ad/ Frame ECDB 2 KB
1 KB 60ms
50ms Document
text/html 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/dr?ed=1hwy10gf265e225fh1rxnzemmb2dbg8hjt13pwtvx3zppc9r9h9jm9f7xtakpahk19nz68yyvexkje1e1zebdy2mz1rn7tbe9b8y2azwwv9p4f1gcw1hmtjfstfsw23ty1zyr1g1h85w9msrx2swh4rcdjy0nyz75b73yk0aevx7j1vn5kzfve0y6zqqvv3rksammsk61ts009pgqwk2n04yn4b1gvtpexzd97st7x0sxhdcgxksenmkafgc078743xw1ted7fexxmpx59zvkvx27ce4cf376c93spss2xzxdghyx79ah197tcjdp98gk9h6wp28k4gkwgtyqsgns5ant5r5m7c1dgnc76afgt8f2ewhj0d6v0wtetbfhxg9jk2h6y2bh33530wmk01gmg0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCIQZ7vU8vYfLTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0NfnpeadkYjfqcnBybJ07R5u-PPAR09a2rddrIrRq8yOX30tyw95soyw-mS4T5lAJYUlUY386tU2BsWDpbugCuRgv9rGYjrVfD4LRiyEI9N1nt6hdrrVo5mPnzIfPniK4oCXhzFTNCTVCulQ7SflATFReE8mKLD8llzwhpicN0lkRA3uL1REv8vT_kVeNvzt-2cz2DHojFKsr1evRzdcnMQ5dDqmyVVHOjqbLSCIkoA5KoPfYndJm3EzrwyZ6pW98ZInJd4Bwl7qCRrrz6brGd5JJbe_nuAEAYAGv8uJxrfT-dFboAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTYwNDc0NDE4NjcyNzU1Nzn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3R6rDxx97OfbWFmS9zhDg2oNA1ew%26client%3Dca-pub-8170966538152543%26adurl%3D

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f04a9892631285c6c4292d264a80f010d5def65e3c0e15010d1c5380a39117de

Security Headers

Name	Value
Content-Security-Policy	block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri ;child-src ;connect-src ;default-src 'self';font-src ;form-action 'none';frame-ancestors * data:;frame-src ;img-src data:;manifest-src 'none';media-src 'none';navigate-to ;object-src 'none';prefetch-src 'none';script-src 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: as.ad4m.at
:scheme: https
:path: /ad/dr?ed=1hwy10gf265e225fh1rxnzemmb2dbg8hjt13pwtvx3zppc9r9h9jm9f7xtakpahk19nz68yyvexkje1e1zebdy2mz1rn7tbe9b8y2azwwv9p4f1gcw1hmtjfstfsw23ty1zyr1g1h85w9msrx2swh4rcdjy0nyz75b73yk0aevx7j1vn5kzfve0y6zqqvv3rksammsk61ts009pgqwk2n04yn4b1gvtpexzd97st7x0sxhdcgxksenmkafgc078743xw1ted7fexxmpx59zvkvx27ce4cf376c93spss2xzxdghyx79ah197tcjdp98gk9h6wp28k4gkwgtyqsgns5ant5r5m7c1dgnc76afgt8f2ewhj0d6v0wtetbfhxg9jk2h6y2bh33530wmk01gmg0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCIQZ7vU8vYfLTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0NfnpeadkYjfqcnBybJ07R5u-PPAR09a2rddrIrRq8yOX30tyw95soyw-mS4T5lAJYUlUY386tU2BsWDpbugCuRgv9rGYjrVfD4LRiyEI9N1nt6hdrrVo5mPnzIfPniK4oCXhzFTNCTVCulQ7SflATFReE8mKLD8llzwhpicN0lkRA3uL1REv8vT_kVeNvzt-2cz2DHojFKsr1evRzdcnMQ5dDqmyVVHOjqbLSCIkoA5KoPfYndJm3EzrwyZ6pW98ZInJd4Bwl7qCRrrz6brGd5JJbe_nuAEAYAGv8uJxrfT-dFboAYhqAemvhuoB_DZG6gH8tkbqAfs1RuoB5bYG6gHqpuxAqgH35-xAtgHANIIBwiA4YAQEAHyCBthZHgtc3Vic3luLTYwNDc0NDE4NjcyNzU1Nzn6CwIIAYAMAdAVAYAXAQ%26num%3D1%26sig%3DAOD64_3R6rDxx97OfbWFmS9zhDg2oNA1ew%26client%3Dca-pub-8170966538152543%26adurl%3D
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-type: text/html; charset=utf-8
strict-transport-security: max-age=86400; includeSubDomains; preload
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
x-download-options: noopen
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
x-xss-protection: 1; mode=block
content-security-policy: block-all-mixed-content; report-to report-endpoint;report-uri /ad/rcv; upgrade-insecure-requests;sandbox allow-scripts allow-same-origin allow-popups allow-popups-to-escape-sandbox;base-uri *;child-src *;connect-src *;default-src 'self';font-src *;form-action 'none';frame-ancestors * data:;frame-src *;img-src * data:;manifest-src 'none';media-src 'none';navigate-to *;object-src 'none';prefetch-src 'none';script-src * 'unsafe-inline' 'unsafe-eval';style-src * 'unsafe-inline';worker-src 'none'
referrer-policy: same-origin
feature-policy: geolocation 'none';midi 'none';sync-xhr 'none';microphone 'none';camera 'none';magnetometer 'none';gyroscope 'none';fullscreen 'none';payment 'none';accelerometer 'none';usb 'none';autoplay 'self'
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
expires: 0
surrogate-control: no-store
pragma: no-cache
via: 1.1 google
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 687daa05b8e74e5c-FRA
content-encoding: br

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 9934 2 KB
1 KB 18ms
6ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/window_focus_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:00:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 110
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 10:00:48 GMT

GET
H3-29 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame C3BA 1 KB
749 B 13ms
7ms Document
text/html 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: pagead2.googlesyndication.com
:scheme: https
:path: /pagead/s/cookie_push_onload.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Tue, 31 Aug 2021 13:41:14 GMT
expires: Wed, 01 Sep 2021 13:41:14 GMT
content-type: text/html; charset=UTF-8
etag: 48472445140208031
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 724
x-xss-protection: 0
age: 73284
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9934 122 KB
37 KB 41ms
35ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

bc737a01a72ef54ff0decd38e4ada36dad376930b764cabfad012682cdc262ae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1630322985459792"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37796
x-xss-protection: 0
expires: Wed, 01 Sep 2021 10:02:38 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/ Frame 9934 14 KB
6 KB 13ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210826/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

114dabe187311ee2e303549831223ef80d06385cb854e2aa1647ec1e0ca148f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 09:50:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 716
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6183
x-xss-protection: 0
server: cafe
etag: 901432759052127119
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 15 Sep 2021 09:50:42 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 9934 0
0 31ms
14ms Image
text/html 2a00:1450:4001:82b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSHfsz1klMPTETusbc7p1XJ-a0sDgaOEVCmyoQx0Sx4DihgerN-ed7mUO-AQEbpFBVd0T5FsDxs1mneRyIQ4obF8hmsnQ
Requested by: Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

GET
H3-29 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-38/js/ Frame 9934 22 KB
7 KB 16ms
7ms Script
text/javascript 2a00:1450:4001:829::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-38/js/ext.js

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bcac89d72d5f0b2bef20f815406384ff05489e4294acee57409060c2eccffc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Tue, 31 Aug 2021 13:03:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 75566
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7022
x-xss-protection: 0
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 31 Aug 2022 13:03:12 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 29FB
Redirect Chain

https://sync-tm.everesttech.net/upi/pid/5w3jqr4k?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dg8f47s39e399f3fe%26google_hm%3D%24%7BTM_USER_ID_BASE64ENC_URLENC%7D&google_gid=CAESE...
https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI7Qnl7zoAK5V74Q_TfjtdQ&google_push=AYg5qPL843xHUm-unNsN89E7rQa1tBCHfxwKIJSm6X1_6_6CLEE80mFYNs...

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI7Qnl7zoAK5V74Q_TfjtdQ&google_push=AYg5qPL843xHUm-unNsN89E7rQa1tBCHfxwKIJSm6X1_6_6CLEE80mFYNsVJkGRi-tZ7RsPLjTWh7IHg3RtulxL2HiZE5xMAxO7G

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 varnish
server: Jetty(9.4.35.v20201120)
x-timer: S1630490559.503243,VS0,VE93
x-served-by: cache-fra19179-FRA
x-cache: MISS
p3p: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
location: https://cm.g.doubleclick.net/pixel?google_nid=g8f47s39e399f3fe&google_hm=&google_cver=1&google_gid=CAESEI7Qnl7zoAK5V74Q_TfjtdQ&google_push=AYg5qPL843xHUm-unNsN89E7rQa1tBCHfxwKIJSm6X1_6_6CLEE80mFYNsVJkGRi-tZ7RsPLjTWh7IHg3RtulxL2HiZE5xMAxO7G
cache-control: no-cache
accept-ranges: bytes
access-control-allow-origin: *
content-length: 0
x-cache-hits: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 29FB
Redirect Chain

https://px.ads.linkedin.com/setuid?partner=googleadxdb&google_gid=CAESEKo85jM0x1TQ1gLHHOhXeQI&google_cver=1&google_push=AYg5qPJcL6cwDDbd5QdYTl3VmF0Q9fnDCChsqDRHbrRRf5itdyjrtBFm1m3HLt1vQe405-7ih6af5...
https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJcL6cwDDbd5QdYTl3VmF0Q9fnDCChsqDRHbrRRf5itdyjrtBFm1m3HLt1vQe405-7ih6af5R5Yt-vlPd2E4Ee7hOzgG-_5

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJcL6cwDDbd5QdYTl3VmF0Q9fnDCChsqDRHbrRRf5itdyjrtBFm1m3HLt1vQe405-7ih6af5R5Yt-vlPd2E4Ee7hOzgG-_5

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 01 Sep 2021 10:02:38 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
location: https://cm.g.doubleclick.net/pixel?google_nid=linkedin&google_push=AYg5qPJcL6cwDDbd5QdYTl3VmF0Q9fnDCChsqDRHbrRRf5itdyjrtBFm1m3HLt1vQe405-7ih6af5R5Yt-vlPd2E4Ee7hOzgG-_5
x-li-proto: http/2
x-li-pop: prod-esv5
content-length: 0
x-li-uuid: TotwOYaqoBbAMHM2fysAAA==

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 29FB
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESENci07nPJ0Ud90JmXb_B36k&google_cver=1&google_push=AYg5qPJ9EI6qTO3H_KU0Vd6SFS3AIASC_Q_je1xT44vguYy9W8Fr2NDkH1XMe4FIvR061hgJ7NHvdk2BI-x...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ9EI6qTO3H_KU0Vd6SFS3AIASC_Q_je1xT44vguYy9W8Fr2NDkH1XMe4FIvR061hgJ7NHvdk2BI-xn9CG-VMrYDJd2gksl&google_hm=pGNF_9pTRka-c74csHcfTqs

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ9EI6qTO3H_KU0Vd6SFS3AIASC_Q_je1xT44vguYy9W8Fr2NDkH1XMe4FIvR061hgJ7NHvdk2BI-xn9CG-VMrYDJd2gksl&google_hm=pGNF_9pTRka-c74csHcfTqs

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:37 GMT
via: 1.1 google
server: Apache-Coyote/1.1
status: 302
p3p: CP="NOI DSP COR NID CUR OUR NOR"
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AYg5qPJ9EI6qTO3H_KU0Vd6SFS3AIASC_Q_je1xT44vguYy9W8Fr2NDkH1XMe4FIvR061hgJ7NHvdk2BI-xn9CG-VMrYDJd2gksl&google_hm=pGNF_9pTRka-c74csHcfTqs
cache-control: no-cache, must-revalidate
content-type: text/html;charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 29FB
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESEMs3kmSh1ZOpDzZ6a9VPMqg&google_cver=1&google_push=AYg5qPInUN-77u51cGrAdDIm_C9m4LxkbmpTgRHoRXCqodW-HOdNV0LHflqdrEzZJwCehnBpn5RVsksAgTGoER...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMjkwMzYyMzA2NDYxNTA2Mg%3D%3D&google_push=AYg5qPInUN-77u51cGrAdDIm_C9m4LxkbmpTgRHoRXCqodW-HOdNV0LHflqdrEzZJwCehnBpn5RVsksAgTGoER0y1U...

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMjkwMzYyMzA2NDYxNTA2Mg%3D%3D&google_push=AYg5qPInUN-77u51cGrAdDIm_C9m4LxkbmpTgRHoRXCqodW-HOdNV0LHflqdrEzZJwCehnBpn5RVsksAgTGoER0y1UV1rcS0yHHd

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzAwMjkwMzYyMzA2NDYxNTA2Mg%3D%3D&google_push=AYg5qPInUN-77u51cGrAdDIm_C9m4LxkbmpTgRHoRXCqodW-HOdNV0LHflqdrEzZJwCehnBpn5RVsksAgTGoER0y1UV1rcS0yHHd
Date: Wed, 01 Sep 2021 10:02:38 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 29FB
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEIv7BkbjxIZ74N9RyJHK_iw&google_cver=1&google_push=AYg5qPIyNRGzb6UpW8lZHQS-FtNBnEaBqR5halyCIIkNFwiXBONI2EASo0BTI_zMVMLUPuR1piWcAc07X_E12ANhTv66coA...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIyNRGzb6UpW8lZHQS-FtNBnEaBqR5halyCIIkNFwiXBONI2EASo0BTI_zMVMLUPuR1piWcAc07X_E12ANhTv66coAfPX18&google_hm=NTEwNDEzMTMyNDg1MTc1Mz...

170 B
188 B

20ms
20ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIyNRGzb6UpW8lZHQS-FtNBnEaBqR5halyCIIkNFwiXBONI2EASo0BTI_zMVMLUPuR1piWcAc07X_E12ANhTv66coAfPX18&google_hm=NTEwNDEzMTMyNDg1MTc1MzYwNQ%3D%3D

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 01 Sep 2021 10:02:38 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPIyNRGzb6UpW8lZHQS-FtNBnEaBqR5halyCIIkNFwiXBONI2EASo0BTI_zMVMLUPuR1piWcAc07X_E12ANhTv66coAfPX18&google_hm=NTEwNDEzMTMyNDg1MTc1MzYwNQ%3D%3D
x-xss-protection: 1; mode=block
content-length: 0
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 29FB
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4&google_cver=1&googl...
https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_cver=1&google_gid=CAESEJUrcDHmsZ0CAHX9DghS5o4&google_push=AY...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=YS9PvgrZKRUeEZdj9cgrOQAABKYAAAAB&google_push=AYg5qPIAqyt6_KoPNLm03a6ZPrndn-w_FmygIeAt2TJzSkDlVyra4SJrZ2IH3BmRCNz32YEg1ywDNGgNQUJE_VWDAQ...

0
0

GET
H/1.1 200
OK sync
rtb2-useast.e-volution.ai/ Frame 29FB 42 B
233 B 293ms
87ms Image
image/gif 174.137.133.49
WEBAIR-INTERNET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb2-useast.e-volution.ai/sync?exchange=193&google_gid=CAESEP3zWlCRg2YCv-dTmcGhFj0&google_cver=1&google_push=AYg5qPLiRC7Ami1z1X99F8mmtVqH5giunGAwqsVlpr3xIXWyHXn3BwXfA4Z2MDI59Uiua62qieZ53xRYD3NTCg-1c3pME8raKkkN
Requested by: Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 174.137.133.49 , United States, ASN27257 (WEBAIR-INTERNET, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Sep 2021 10:02:38 GMT
Server: nginx
Age: 0
Content-Type: image/gif
Cache-Control: no-store
Connection: keep-alive
Content-Length: 42

GET
H2 204 attr
cm.g.doubleclick.net/pixel/ Frame 29FB 0
244 B 40ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KOLkp2V0x0xduCiI16nglwV1K5hr3Ocd_62WTss3Q2url2ETXlkCTIR_oJ-jmjLrEYP2--7A

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6EC0
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEJXJBBoRWSOdccGGlphZsCw&google_cver=1&google_push=AYg5qPK-gd8tFYDeEmCTmcyhuixF_Yi8bJJ1-C4ft7yjt_C7egy9pKtzQjMplk5tYSQ1_lcdV-MDjCB26eRcjEFbOrKAeaY2VwwL
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzhCNjI5RTk2QjI2N0I4MA==

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzhCNjI5RTk2QjI2N0I4MA==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=NzhCNjI5RTk2QjI2N0I4MA==
date: Wed, 01 Sep 2021 10:02:38 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6EC0
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=154&google_gid=CAESEK2FhMnwqaqzgbFf-OHOLcg&google_cver=1&google_push=AYg5qPL0t3hCj7bGTvriQauZi8gh80wVfyG9w2IkMOBfnL7WL0p5EDM0xnAJQ0ljm5fuJsr_VMsxKiWYRp5ku3L...
https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=a0kwwJWtRI9FR--51zTdsln5QKs&google_push=AYg5qPL0t3hCj7bGTvriQauZi8gh80wVfyG9w2IkMOBfnL7WL0p5EDM0xnAJQ0ljm5fuJsr_VMsxKiWYRp5ku3...

170 B
188 B

30ms
29ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=a0kwwJWtRI9FR--51zTdsln5QKs&google_push=AYg5qPL0t3hCj7bGTvriQauZi8gh80wVfyG9w2IkMOBfnL7WL0p5EDM0xnAJQ0ljm5fuJsr_VMsxKiWYRp5ku3LhurkOygZKMSvY

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=stackadapt_usd&google_hm=a0kwwJWtRI9FR--51zTdsln5QKs&google_push=AYg5qPL0t3hCj7bGTvriQauZi8gh80wVfyG9w2IkMOBfnL7WL0p5EDM0xnAJQ0ljm5fuJsr_VMsxKiWYRp5ku3LhurkOygZKMSvY
Date: Wed, 01 Sep 2021 10:02:38 GMT
Connection: keep-alive
Content-Length: 242
Content-Type: text/html; charset=utf-8

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 6EC0
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEExzl1fMVZ-2NLf9WC6ZYt0&google_cver=1&google_push=AYg5qPJP8aIsV0xkAncPeRWdIFESxBC_uKGWgU1PUYkVbTuAKC4uXIJ1AtMbjwVgeEL4Qskxe5X...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1QxQlpBVjItMUotNDRNUQ==&google_push=AYg5qPJP8aIsV0xkAncPeRWdIFESxBC_uKGWgU1PUYkVbTuAKC4uXIJ1AtMbjwVgeEL4Qskxe5XWW49GM7MHm_EfqmcX1kG1h1Ol

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1QxQlpBVjItMUotNDRNUQ==&google_push=AYg5qPJP8aIsV0xkAncPeRWdIFESxBC_uKGWgU1PUYkVbTuAKC4uXIJ1AtMbjwVgeEL4Qskxe5XWW49GM7MHm_EfqmcX1kG1h1Ol

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1QxQlpBVjItMUotNDRNUQ==&google_push=AYg5qPJP8aIsV0xkAncPeRWdIFESxBC_uKGWgU1PUYkVbTuAKC4uXIJ1AtMbjwVgeEL4Qskxe5XWW49GM7MHm_EfqmcX1kG1h1Ol
Cache-Control: no-cache,no-store,must-revalidate
Content-Type: text/html
content-length: 0
X-RPHost: 37b22a0c36bd84993dd2cda4a5e04b1d
Expires: 0

GET
H/1.1 200
OK us
sync.go.sonobi.com/ Frame 6EC0 0
474 B 62ms
15ms Image
text/plain 178.162.133.149
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPI26zM9Ga5keNLo2MsFotPFAFhiueKlomktN9gPUPM0Sdh11uqI4aVi5-V74AEH515DBhqi4DNymCXYCmPnxy67Cs0JNiM%26google_hm%3D%5BUID%5D&google_gid=CAESEKEjNMQLqUn--RcfpZ_AaY8&google_cver=1

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.162.133.149 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),

Reverse DNS

ams-1-sync.go.sonobi.com

Software

sonobi-go /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 01 Sep 2021 10:02:38 GMT
Server: sonobi-go
Vary: negotiate,Accept-Encoding
X-Go-Server: xcp-ams-1-7-9
P3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, no-store, private
Tcn: Choice
Content-Type: text/plain; charset=utf8
Content-Length: 0
X-Xss-Protection: 0
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H2 204 /
cc.adingo.jp/adx/push/ Frame 6EC0 0
44 B 737ms
248ms Image
text/plain 54.250.62.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cc.adingo.jp/adx/push/?google_gid=CAESEDQ5LqBEc6SMgFuW62AL2E4&google_cver=1&google_push=AYg5qPKedSr9eq2eGCgY02x82bJ6Sz7K5n8U2IDJiM5AsJqLawzZ2LAbQhmHdZ07paz5YS-pgG0AiQ81WKJaKnopGG_vlrTz8443
Requested by: Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.250.62.115 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-250-62-115.ap-northeast-1.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:39 GMT
server: awselb/2.0

GET
H2 200 dot.gif
s0.2mdn.net/ Frame 6EC0 43 B
413 B 38ms
14ms Image
image/gif 2a00:1450:4001:811::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif?google_gid=CAESEMv3dfk_j0DwhJhIZjewNoU&google_cver=1&google_push=AYg5qPLqw2SyXtfON5cYvuH3Jsj6ro3EveL5BfhKBlaqgwD618l84lkVrhZa31UNRv81fcKEwNu77UCekNC3XHrCixHOWdmLL8un

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
x-content-type-options: nosniff
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
expires: Thu, 02 Sep 2021 10:02:38 GMT

GET

pixel
cm.g.doubleclick.net/ Frame 6EC0
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4ab...
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUfm2aFBItxhn8rWKLZZIIE0NW91HY4abA
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPKyPQhBIHVK-i8i3RHKFDs48H4CcXPGHOu5g0659133clir08JczyG4avFURb5rtUf...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame 6EC0 0
12 B 33ms
16ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LT6V5NxXtthVLrV6o7G90klRkd3ZthL1a2mjOExUPdwD0K3QG9eEl_jWsTOP3sXlc19XmcQK0

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame A74B 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f5dd570b24cd0a7e3ea7a0ff8b02051d10b44b3e55f22cfbaf50f2b504a1997d

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H2

200

/
r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/ Frame C6F1
Redirect Chain

https://ad.turn.com/r/cs?pid=3&google_gid=CAESEIGLkemtoqY41c7Wemm_NwY&google_cver=1&google_push=AYg5qPIfKsAVb0gcE1XEKIJ8mrMy_l4pp8si8CR_BkoFvmMweD8_scYGquNV5v4vNkd4vtilndHWib3rkoghqJtbWAd0i_g4mBbnmg
https://cm.g.doubleclick.net/pixel?google_nid=turn1&google_cm&google_sc&google_hm=NDIwOTA1NjM3NjI2NTEzNjcxOQ==
https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEIGLkemtoqY41c7Wemm_NwY&google_cver=1

43 B
407 B

23ms
15ms

Image
image/gif

2001:678:cb4:bbbb::11
TURN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEIGLkemtoqY41c7Wemm_NwY&google_cver=1
Requested by: Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2001:678:cb4:bbbb::11 , United Kingdom, ASN56396 (TURN, GB),
Reverse DNS
Software: /
Resource Hash: 48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-type: image/gif
content-length: 43
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Redirect headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://r.turn.com/r/cms/id/0/ddc/1/pid/18/uid/?google_gid=CAESEIGLkemtoqY41c7Wemm_NwY&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

i.match
s.tribalfusion.com/z/ Frame C6F1
Redirect Chain

https://a.tribalfusion.com/i.match?p=b6&u=CAESEIE1qzCVQ8PxL0FrlvoSWoU&google_cver=1&google_push=AYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU&...
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIE1qzCVQ8PxL0FrlvoSWoU&google_cver=1&google_push=AYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0h...

43 B
411 B

182ms
181ms

Image
image/gif

2606:4700::6812:d05
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIE1qzCVQ8PxL0FrlvoSWoU&google_cver=1&google_push=AYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:d05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
cf-cache-status: DYNAMIC
x-function: 302
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 687daa08a82bbf0f-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
cache-control: no-cache, private
content-type: image/gif; charset=utf-8
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 43
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
cf-cache-status: DYNAMIC
x-function: 206
server: cloudflare
x-reuse-index: 863
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 687daa076fc8bf0f-FRA
p3p: CP="NOI DEVo TAIa OUR BUS"
location: https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEIE1qzCVQ8PxL0FrlvoSWoU&google_cver=1&google_push=AYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPKu1Te4Mbpu8baTVAoQFMi5IUW6KKKDICZTdBo5m83FtTYU68ScoqXVysL0nBQ0MxsjMobUSfoWsuWM9rZxxFKX4mcma0hU%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control: no-cache, private
content-type: text/html
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C6F1
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEJXJBBoRWSOdccGGlphZsCw&google_cver=1&google_push=AYg5qPKqzTNchd8RePe_b4mI_-0EQuNBJhKOeYxiB-7X-0RhBNHWqe7VCbUw4GHrrDX_Jg8xPyoFVPXleJiV2yw0EDHb_7a7gZ6xhw
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Q0I2NjhBRjRCQjMzNkNFMw==

170 B
188 B

19ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Q0I2NjhBRjRCQjMzNkNFMw==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=Q0I2NjhBRjRCQjMzNkNFMw==
date: Wed, 01 Sep 2021 10:02:38 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C6F1
Redirect Chain

https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEG0XMxbuL0qC8fhSmPnivhk&google_cver=1&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CV...
https://tracking.m6r.eu/sync/adxRedirect?gdprFallback=true&google_gid=&google_gid=CAESEG0XMxbuL0qC8fhSmPnivhk&google_cver=1&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CV...
https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ZD6KWalwTwPUu3sNw28dCw&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CVcIMvdRxb7ttBxVmYRTjm...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ZD6KWalwTwPUu3sNw28dCw&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CVcIMvdRxb7ttBxVmYRTjmo6os0Q_q7WdLoDPB4UL_A

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 01 Sep 2021 10:02:38 GMT
Server: nginx
Vary: Accept
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: https://cm.g.doubleclick.net/pixel?google_nid=m6r&google_ula=158217889&google_hm=ZD6KWalwTwPUu3sNw28dCw&google_push=AYg5qPLDOPCEM0xWC0UWZHNiRRZiVtL3B0tJiR7oL4O5VDYdNHpqDw6NnV8CVcIMvdRxb7ttBxVmYRTjmo6os0Q_q7WdLoDPB4UL_A
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 240

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C6F1
Redirect Chain

https://rtb.openx.net/sync/dds?google_gid=CAESEBsz9eo-flz2mfHDSZGKNjg&google_cver=1&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA
https://rtb.openx.net/sync/dds?google_gid=CAESEBsz9eo-flz2mfHDSZGKNjg&google_cver=1&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsK...
https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA&google_hm=Doq-nCITzTE9qxNc7DQqYA==

170 B
188 B

19ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA&google_hm=Doq-nCITzTE9qxNc7DQqYA==

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:37 GMT
via: 1.1 google
server: Cowboy
access-control-allow-origin: null
vary: Origin
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=open&google_push=AYg5qPItoysVHbUSZHAFkB5e-cBIwxEJ2mUPN3zxlZwd2lMxNlM9BH36m8kX7V51vJ5CcGdIB-L7264TiXBEMRQXz4iu7IH-a-WsKA&google_hm=Doq-nCITzTE9qxNc7DQqYA==
access-control-expose-headers
cache-control: private, max-age=0, no-cache, must-revalidate
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-request-id: h08mnt4m690kfh6ujts89128hq34a30q

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C6F1
Redirect Chain

https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEFHaUGE-Gyr_DQUIrio_L-s&google_cver=1&google_push=AYg5qPJAMq_nwy-GFjtQlLVsqR1YWUKz2UQDRU58xZtHRV3jQKMCrFPkuhg8zNe41RybLBvaIfzU-m...
https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJAMq_nwy-GFjtQlLVsqR1YWUKz2UQDRU58xZtHRV3jQKMCrFPkuhg8zNe41RybLBvaIfzU-mOSf6hDP4FM4Co7_OLi0S_y&google_hm=NzgzMzIyND...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJAMq_nwy-GFjtQlLVsqR1YWUKz2UQDRU58xZtHRV3jQKMCrFPkuhg8zNe41RybLBvaIfzU-mOSf6hDP4FM4Co7_OLi0S_y&google_hm=NzgzMzIyNDk2MzEzNTEwOTg4Nw%3D%3D

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=smart_adserver_eb&google_push=AYg5qPJAMq_nwy-GFjtQlLVsqR1YWUKz2UQDRU58xZtHRV3jQKMCrFPkuhg8zNe41RybLBvaIfzU-mOSf6hDP4FM4Co7_OLi0S_y&google_hm=NzgzMzIyNDk2MzEzNTEwOTg4Nw%3D%3D
date: Wed, 01 Sep 2021 10:02:37 GMT
content-length: 0

GET

pixel
cm.g.doubleclick.net/ Frame C6F1
Redirect Chain

https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4Gvy...
https://ads.avads.net/sync/ggl?google_gid=CAESEAmJhc0Evpl3xbuvAmZscqU&google_cver=1&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34M3JNVYNht6DuLFzlF2KdAMp4an4GvyO4
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...
https://cm.g.doubleclick.net/pixel?google_nid=antvoice&google_hm=OGE5ZGNkY2EtYWY3Mi00MzlkLWFmZTMtNGVmNmU3Y2Y3ZTM2&google_push=AYg5qPLnmdy-AVE8liq1HS8FaTqoybnP_NeUhYwCUZO32Gqod6fAQ-Y0ZzV0UOhft_J0Z34...

0
0

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame C6F1 0
12 B 15ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13Jba0dG-QCw6A9ypu4cJ9JIyYWQOKg723j6r_nsXuwKi6HMP04a5AzQJJ0niIAO6vIYSGplUQ

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.8/one-ad/ Frame 45CE 64 KB
8 KB 28ms
16ms Stylesheet
text/css 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gsefzhqm4sxhdzwcbk5d33hb4bbymr0yze02cjtyf2td87kg2xnd2wmc2fh0ms7bj60anbszfzbwnpbevt3jkxv7e2h496ftqf0tbtzhf5jjd3sbqt11p5p69j9rz14edf957bewy6g1wpd2qs2455pzed9jpbqr391eb8bt2cx80xz9t0217nt8w5f98s0c613m8qqzbfvgf4dby1fjexa6x80sbkjt9yh2jb7ya7nw5rwbxgpay0qc07qshvwacsnmkjpsfpyfp87q4hwktbsm6prazcj5yjnt33qqjkeka57fbtyxxam507mngbx37mx7j3gf5735n8p56thsjdppzfje74s3z0qthktwdzmw9tfjg1kzbmvvn0r0e4hmnrytc0byvfkrf1th1e4g40&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBjMFvU8vYe_TO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE2AFP0FVWblD_QNA6kMKvEh0ph5Ie4qZodi24w4x2L52HlpF2M0nkZoG15lz6Z6Cee_tlHUX-BXFvaGSmRuA8H9F3ign46IjYcO0THT1l3pBaKjxgVjOxHt4ChxN6Msb0zaVpFurmwbdZ2L9EC9nXj8VZLBmawbvK6eKybgENQ4_TAIPhl-f8_9aLAtZf0yQviqRvJ7Y6xRU16DHWjjdpGU524KMjcesznLUUW6FKIFOtAGEDXoRN3KojJMB9K57w5mdROc9BoSDP7n9Q_oNZ12eoHVto_itniqTgBAGABr_Lica30_nRW6AGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_08G2ptvO9lBe0fansJ32Oj9F1PPA%26client%3Dca-pub-8170966538152543%26adurl%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gsefzhqm4sxhdzwcbk5d33hb4bbymr0yze02cjtyf2td87kg2xnd2wmc2fh0ms7bj60anbszfzbwnpbevt3jkxv7e2h496ftqf0tbtzhf5jjd3sbqt11p5p69j9rz14edf957bewy6g1wpd2qs2455pzed9jpbqr391eb8bt2cx80xz9t0217nt8w5f98s0c613m8qqzbfvgf4dby1fjexa6x80sbkjt9yh2jb7ya7nw5rwbxgpay0qc07qshvwacsnmkjpsfpyfp87q4hwktbsm6prazcj5yjnt33qqjkeka57fbtyxxam507mngbx37mx7j3gf5735n8p56thsjdppzfje74s3z0qthktwdzmw9tfjg1kzbmvvn0r0e4hmnrytc0byvfkrf1th1e4g40&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBjMFvU8vYe_TO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE2AFP0FVWblD_QNA6kMKvEh0ph5Ie4qZodi24w4x2L52HlpF2M0nkZoG15lz6Z6Cee_tlHUX-BXFvaGSmRuA8H9F3ign46IjYcO0THT1l3pBaKjxgVjOxHt4ChxN6Msb0zaVpFurmwbdZ2L9EC9nXj8VZLBmawbvK6eKybgENQ4_TAIPhl-f8_9aLAtZf0yQviqRvJ7Y6xRU16DHWjjdpGU524KMjcesznLUUW6FKIFOtAGEDXoRN3KojJMB9K57w5mdROc9BoSDP7n9Q_oNZ12eoHVto_itniqTgBAGABr_Lica30_nRW6AGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_08G2ptvO9lBe0fansJ32Oj9F1PPA%26client%3Dca-pub-8170966538152543%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1188720
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 18 Aug 2021 15:50:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 687daa076df10746-FRA
cf-bgj: minify

GET
H2 200 fxpcopuw.js Show response
ad4m.at/ Frame 45CE 36 KB
12 KB 18ms
15ms Script
application/javascript 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gsefzhqm4sxhdzwcbk5d33hb4bbymr0yze02cjtyf2td87kg2xnd2wmc2fh0ms7bj60anbszfzbwnpbevt3jkxv7e2h496ftqf0tbtzhf5jjd3sbqt11p5p69j9rz14edf957bewy6g1wpd2qs2455pzed9jpbqr391eb8bt2cx80xz9t0217nt8w5f98s0c613m8qqzbfvgf4dby1fjexa6x80sbkjt9yh2jb7ya7nw5rwbxgpay0qc07qshvwacsnmkjpsfpyfp87q4hwktbsm6prazcj5yjnt33qqjkeka57fbtyxxam507mngbx37mx7j3gf5735n8p56thsjdppzfje74s3z0qthktwdzmw9tfjg1kzbmvvn0r0e4hmnrytc0byvfkrf1th1e4g40&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCBjMFvU8vYe_TO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE2AFP0FVWblD_QNA6kMKvEh0ph5Ie4qZodi24w4x2L52HlpF2M0nkZoG15lz6Z6Cee_tlHUX-BXFvaGSmRuA8H9F3ign46IjYcO0THT1l3pBaKjxgVjOxHt4ChxN6Msb0zaVpFurmwbdZ2L9EC9nXj8VZLBmawbvK6eKybgENQ4_TAIPhl-f8_9aLAtZf0yQviqRvJ7Y6xRU16DHWjjdpGU524KMjcesznLUUW6FKIFOtAGEDXoRN3KojJMB9K57w5mdROc9BoSDP7n9Q_oNZ12eoHVto_itniqTgBAGABr_Lica30_nRW6AGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_08G2ptvO9lBe0fansJ32Oj9F1PPA%26client%3Dca-pub-8170966538152543%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17045
x-guploader-uploadid: ADPycdvgEleYUeFGscVb0lrMQlg3MQt_JmYcEfEogyITI9SAsmXtjV5RyS6taC55N3cKf-H2_q4oBdNNeeBEKTQrCdY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 31 Aug 2021 05:18:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8i4238DO0MqIPvaxr7JK4c3akwrI8n6YlKTgZmWn%2BVbHGrL%2FXZ9C3phgSCACyPpUwY2UzvekB6Gf5jEz4isPkRd87uHeVooLo7nT3yR3JmhUJR9OOVOgtJGgX7ji1WW5Qmis9pI%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Wed, 01 Sep 2021 05:18:33 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 687daa075cb84e5c-FRA
cf-bgj: minify

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.8/one-ad/ Frame 8678 64 KB
8 KB 27ms
16ms Stylesheet
text/css 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gw5ndjeb3r3anyd1zmf2sazey3164rs1veb5kw6rm661a5s50k4jb6f9fm440525kmvsh2n7q37p228n6v6phjjhv3vara4hpzvth6rag3sha6xh6bjgec1gcaqjbs8tqwc9tpe8wqqsvg6dxkzydhmhh7m5w4cb10cx1906jhq0z1hsnwfq44gj5tzjv43jgs4ng6gj33sgprefzbsyvxdqp5y47c7t79zyt35003h8rqwkj6eh5askwybaw6v4sxn5jgwrvzfj8deq0m1pe3v9b3d53h9snv43ep4mtnfahrc71p2hvsc4rq7z32g35tr2d4vk2nmwp7d1cn76re6xebr8gv5wk6v4b3pzhcemh1rjvd4jtrx90xe5gbs8rm4fyy717pmhq4vztzbmq0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC38wzvU8vYfDTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE3wFP0CeQdFGH8h8eZmsPFGSqaQbw6Swy0hC_LPqgvNtqoRg3UZhwpQYrIDAWUnM7bq4bO3ToOoajJT55_MPu_NgmvZoyRC3_dF88GUxS70LIFJyC0M3yoG4ziLuKR48yWBNFfdueFUwIJ8i_hyC8t9a62rkdVW-jOigBGD2aX6DhPoE6GfobrMEp5Ey3w7K7ZoL5fowMzPKyDIaseG30smFOymbkNGqHu0JjmKiFtdRQ7F62HSsfRqvRgCXAE02IXZnuPq_w7q_CsNUhN2VNMveC7xc5S1wmQ95F1_o1mby94AQBgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNjA0NzQ0MTg2NzI3NTU3OfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_367ixEibj-m-kdC3CB7YCOK8n5UQ%26client%3Dca-pub-8170966538152543%26adurl%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1gw5ndjeb3r3anyd1zmf2sazey3164rs1veb5kw6rm661a5s50k4jb6f9fm440525kmvsh2n7q37p228n6v6phjjhv3vara4hpzvth6rag3sha6xh6bjgec1gcaqjbs8tqwc9tpe8wqqsvg6dxkzydhmhh7m5w4cb10cx1906jhq0z1hsnwfq44gj5tzjv43jgs4ng6gj33sgprefzbsyvxdqp5y47c7t79zyt35003h8rqwkj6eh5askwybaw6v4sxn5jgwrvzfj8deq0m1pe3v9b3d53h9snv43ep4mtnfahrc71p2hvsc4rq7z32g35tr2d4vk2nmwp7d1cn76re6xebr8gv5wk6v4b3pzhcemh1rjvd4jtrx90xe5gbs8rm4fyy717pmhq4vztzbmq0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC38wzvU8vYfDTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE3wFP0CeQdFGH8h8eZmsPFGSqaQbw6Swy0hC_LPqgvNtqoRg3UZhwpQYrIDAWUnM7bq4bO3ToOoajJT55_MPu_NgmvZoyRC3_dF88GUxS70LIFJyC0M3yoG4ziLuKR48yWBNFfdueFUwIJ8i_hyC8t9a62rkdVW-jOigBGD2aX6DhPoE6GfobrMEp5Ey3w7K7ZoL5fowMzPKyDIaseG30smFOymbkNGqHu0JjmKiFtdRQ7F62HSsfRqvRgCXAE02IXZnuPq_w7q_CsNUhN2VNMveC7xc5S1wmQ95F1_o1mby94AQBgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNjA0NzQ0MTg2NzI3NTU3OfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_367ixEibj-m-kdC3CB7YCOK8n5UQ%26client%3Dca-pub-8170966538152543%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1188720
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 18 Aug 2021 15:50:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 687daa076dee0746-FRA
cf-bgj: minify

GET
H2 200 fxpcopuw.js Show response
ad4m.at/ Frame 8678 36 KB
13 KB 15ms
14ms Script
application/javascript 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1gw5ndjeb3r3anyd1zmf2sazey3164rs1veb5kw6rm661a5s50k4jb6f9fm440525kmvsh2n7q37p228n6v6phjjhv3vara4hpzvth6rag3sha6xh6bjgec1gcaqjbs8tqwc9tpe8wqqsvg6dxkzydhmhh7m5w4cb10cx1906jhq0z1hsnwfq44gj5tzjv43jgs4ng6gj33sgprefzbsyvxdqp5y47c7t79zyt35003h8rqwkj6eh5askwybaw6v4sxn5jgwrvzfj8deq0m1pe3v9b3d53h9snv43ep4mtnfahrc71p2hvsc4rq7z32g35tr2d4vk2nmwp7d1cn76re6xebr8gv5wk6v4b3pzhcemh1rjvd4jtrx90xe5gbs8rm4fyy717pmhq4vztzbmq0&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC38wzvU8vYfDTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE3wFP0CeQdFGH8h8eZmsPFGSqaQbw6Swy0hC_LPqgvNtqoRg3UZhwpQYrIDAWUnM7bq4bO3ToOoajJT55_MPu_NgmvZoyRC3_dF88GUxS70LIFJyC0M3yoG4ziLuKR48yWBNFfdueFUwIJ8i_hyC8t9a62rkdVW-jOigBGD2aX6DhPoE6GfobrMEp5Ey3w7K7ZoL5fowMzPKyDIaseG30smFOymbkNGqHu0JjmKiFtdRQ7F62HSsfRqvRgCXAE02IXZnuPq_w7q_CsNUhN2VNMveC7xc5S1wmQ95F1_o1mby94AQBgAa_y4nGt9P50VugBiGoB6a-G6gH8NkbqAfy2RuoB-zVG6gHltgbqAeqm7ECqAffn7EC2AcA0ggHCIDhgBAQAfIIG2FkeC1zdWJzeW4tNjA0NzQ0MTg2NzI3NTU3OfoLAggBgAwB0BUBgBcB%26num%3D1%26sig%3DAOD64_367ixEibj-m-kdC3CB7YCOK8n5UQ%26client%3Dca-pub-8170966538152543%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17045
x-guploader-uploadid: ADPycdvgEleYUeFGscVb0lrMQlg3MQt_JmYcEfEogyITI9SAsmXtjV5RyS6taC55N3cKf-H2_q4oBdNNeeBEKTQrCdY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 31 Aug 2021 05:18:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R9MsguIV8nOH9ZXmQBqdob56zXzIngM%2FMpHRpxeLmM%2FmMt3pA1lbgkDaGARd2vL3F7YkoZOMgqPvmASDiE5gA3lx1uT9Cb7aIaIOeORT6mrV937CTowGqlUT1GU1e5wPPVlHkUY%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Wed, 01 Sep 2021 05:18:33 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 687daa075cbb4e5c-FRA
cf-bgj: minify

GET
H3-29 200 default.css
as.ad4m.at/ad/style/0.1.8/one-ad/ Frame 26C9 64 KB
8 KB 25ms
21ms Stylesheet
text/css 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://as.ad4m.at/ad/style/0.1.8/one-ad/default.css

Requested by

Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jfpa4h30h4z9bgkvbwk2p89ng2cj5fe9pvs0ttwt2mc9bxrvhgezy799nsy46fzk2zztwvj42fcef2p0h7s4g9dej625f0v8j4qjc3hc8gn7krp2rzk5myyxh26sbwnsvg8bhkgqg6dp4gwn7j8s2k7qzs6342knpqt6pesz3nh5praecrhggf8y6r1s6jmp9yhvxvhe9nv5rqmdg78z81p25b1pyqazmv630wfeh3ygy7b60w56n16etq4pfsbv0n16n3tab096m0j8hm620dfmjah2e1mrcgtxsqhw0c2rmrwedaxymxppecgxxd0af6dtq8x82b0d4c5az7amd51xsgkdpf3d5m9cn90k41xarcb4n9y1dyevaf3cwwr96qb80bkh37tb49c0gf7wf4c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC69P7vU8vYfHTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0KAcld5NdxGezM-LGMmrs6jPngxlCSW2uzJOehYh3hopOvkHL0qEv7NU1Pou1t-a41dULZ1uXbB6HYu62mFmmXNneW4X0f9vOw-l-IKX5nXpNZsYpjI7nR35EksmDkhhoQ1iNmWN2ngHgc1-G_IAlei6bBAjGxd2IO-hNgkcLUvMf86hqAHNs16jp9mjvOTh0R0fBMXYTWaUPovGYsOd6ZlBkKXi4JUNZd_MDs217Cgo3gwKyehK9COfu7-ebLtmGbiFiO60G7GOjod8fsxJoZmMu8YtyuAEAYAGkcuy08Lx3qHOAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29sYNbTFZLGCB-UyuF2BO5SljTng%26client%3Dca-pub-8170966538152543%26adurl%3D

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

611d8874cd6a661e6779751ba6a62bfbb7fa496d36b847c4e7fcf69279c70f44

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://as.ad4m.at/ad/dr?ed=1jfpa4h30h4z9bgkvbwk2p89ng2cj5fe9pvs0ttwt2mc9bxrvhgezy799nsy46fzk2zztwvj42fcef2p0h7s4g9dej625f0v8j4qjc3hc8gn7krp2rzk5myyxh26sbwnsvg8bhkgqg6dp4gwn7j8s2k7qzs6342knpqt6pesz3nh5praecrhggf8y6r1s6jmp9yhvxvhe9nv5rqmdg78z81p25b1pyqazmv630wfeh3ygy7b60w56n16etq4pfsbv0n16n3tab096m0j8hm620dfmjah2e1mrcgtxsqhw0c2rmrwedaxymxppecgxxd0af6dtq8x82b0d4c5az7amd51xsgkdpf3d5m9cn90k41xarcb4n9y1dyevaf3cwwr96qb80bkh37tb49c0gf7wf4c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC69P7vU8vYfHTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0KAcld5NdxGezM-LGMmrs6jPngxlCSW2uzJOehYh3hopOvkHL0qEv7NU1Pou1t-a41dULZ1uXbB6HYu62mFmmXNneW4X0f9vOw-l-IKX5nXpNZsYpjI7nR35EksmDkhhoQ1iNmWN2ngHgc1-G_IAlei6bBAjGxd2IO-hNgkcLUvMf86hqAHNs16jp9mjvOTh0R0fBMXYTWaUPovGYsOd6ZlBkKXi4JUNZd_MDs217Cgo3gwKyehK9COfu7-ebLtmGbiFiO60G7GOjod8fsxJoZmMu8YtyuAEAYAGkcuy08Lx3qHOAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29sYNbTFZLGCB-UyuF2BO5SljTng%26client%3Dca-pub-8170966538152543%26adurl%3D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
age: 1188720
cf-polished: origSize=65497
surrogate-control: no-store
strict-transport-security: max-age=86400; includeSubDomains; preload
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
x-xss-protection: 1; mode=block
pragma: no-cache
referrer-policy: same-origin
expires: 0
last-modified: Wed, 18 Aug 2021 15:50:38 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-download-options: noopen
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cache-control: max-age=3600, must-revalidate, proxy-revalidate
cf-ray: 687daa076dea0746-FRA
cf-bgj: minify

GET
H2 200 fxpcopuw.js Show response
ad4m.at/ Frame 26C9 36 KB
12 KB 16ms
15ms Script
application/javascript 2606:4700:3039::6815:c01b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ad4m.at/fxpcopuw.js
Requested by: Host: as.ad4m.at
URL: https://as.ad4m.at/ad/dr?ed=1jfpa4h30h4z9bgkvbwk2p89ng2cj5fe9pvs0ttwt2mc9bxrvhgezy799nsy46fzk2zztwvj42fcef2p0h7s4g9dej625f0v8j4qjc3hc8gn7krp2rzk5myyxh26sbwnsvg8bhkgqg6dp4gwn7j8s2k7qzs6342knpqt6pesz3nh5praecrhggf8y6r1s6jmp9yhvxvhe9nv5rqmdg78z81p25b1pyqazmv630wfeh3ygy7b60w56n16etq4pfsbv0n16n3tab096m0j8hm620dfmjah2e1mrcgtxsqhw0c2rmrwedaxymxppecgxxd0af6dtq8x82b0d4c5az7amd51xsgkdpf3d5m9cn90k41xarcb4n9y1dyevaf3cwwr96qb80bkh37tb49c0gf7wf4c&x=https://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DC69P7vU8vYfHTO9migAfL3ZLoDpDhgYRctqjCivACwI23ARABIABglfrwgYwHggEXY2EtcHViLTgxNzA5NjY1MzgxNTI1NDOgAcKu6N0DyAEJqQI5Us9lG8yzPuACAKgDAaoE1wFP0KAcld5NdxGezM-LGMmrs6jPngxlCSW2uzJOehYh3hopOvkHL0qEv7NU1Pou1t-a41dULZ1uXbB6HYu62mFmmXNneW4X0f9vOw-l-IKX5nXpNZsYpjI7nR35EksmDkhhoQ1iNmWN2ngHgc1-G_IAlei6bBAjGxd2IO-hNgkcLUvMf86hqAHNs16jp9mjvOTh0R0fBMXYTWaUPovGYsOd6ZlBkKXi4JUNZd_MDs217Cgo3gwKyehK9COfu7-ebLtmGbiFiO60G7GOjod8fsxJoZmMu8YtyuAEAYAGkcuy08Lx3qHOAaAGIagHpr4bqAfw2RuoB_LZG6gH7NUbqAeW2BuoB6qbsQKoB9-fsQLYBwDSCAcIgOGAEBAB8ggbYWR4LXN1YnN5bi02MDQ3NDQxODY3Mjc1NTc5-gsCCAGADAHQFQGAFwE%26num%3D1%26sig%3DAOD64_29sYNbTFZLGCB-UyuF2BO5SljTng%26client%3Dca-pub-8170966538152543%26adurl%3D
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3039::6815:c01b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4f300e7fc0bc0e049e8620e1b8d85d1857b3a7af9492090f20f4b0366ef42353

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

x-goog-hash: crc32c=fzoyzw==, md5=7HLiqqlHKRUcSK8SewDc4g==
date: Wed, 01 Sep 2021 10:02:38 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 17045
x-guploader-uploadid: ADPycdvgEleYUeFGscVb0lrMQlg3MQt_JmYcEfEogyITI9SAsmXtjV5RyS6taC55N3cKf-H2_q4oBdNNeeBEKTQrCdY
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 31 Aug 2021 05:18:16 GMT
server: cloudflare
etag: W/"ec72e2aaa94729151c48af127b00dce2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fgyoJN9tA%2BMi8l0zql4f6zQO2NEO8fIKXt8qQ4wWVU1w7wXkZh5iLBfUCIT22lFQb7ESPyXcmBsZD8%2BlD2KwVP2N%2BWEY7k9rPu8fsH9MveVzMFz7BwFKg24vvMdNFu0SPyHo6Zw%3D"}],"group":"cf-nel","max_age":604800}
x-goog-generation: 1628590096242097
content-type: application/javascript; charset=utf-8
expires: Wed, 01 Sep 2021 05:18:33 GMT
cache-control: public, max-age=3600, must-revalidate, stale-while-revalidate=300
x-goog-stored-content-length: 11933
cf-ray: 687daa076cd24e5c-FRA
cf-bgj: minify

GET
DATA 200
OK truncated
/ Frame 0553 213 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: acc424f96152867a4d42d4d765e9f0b7e265de2fa4bc66810e97b68471524d30

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 9A11 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: c0befdc941f13e378e9a5740e3367ab25c3d56bfbc00e720b5fc2eaddd98c0d4

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://um.simpli.fi/gp_match?google_gid=CAESEFo5mPkSmPgXqEDszeH0818&google_cver=1&google_push=AYg5qPIWDgO9QWVPjiGiYIJgfggO13NihovTbihnFimseKBNg1YXBQN894l9v6UhuY_P3dfTEiqZ7Ygzht4-hqUT7TF-54_y0qrg
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=83C9518CCECE412CA781EC8FF141C820&google_push=AYg5qPIWDgO9QWVPjiGiYIJgfggO13NihovTbihnFimseKBNg1YXBQN894l9v6UhuY_P3dfTEiqZ7Ygzht4-hqU...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=83C9518CCECE412CA781EC8FF141C820&google_push=AYg5qPIWDgO9QWVPjiGiYIJgfggO13NihovTbihnFimseKBNg1YXBQN894l9v6UhuY_P3dfTEiqZ7Ygzht4-hqUT7TF-54_y0qrg

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 01 Sep 2021 10:02:38 GMT
x-content-type-options: nosniff
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=83C9518CCECE412CA781EC8FF141C820&google_push=AYg5qPIWDgO9QWVPjiGiYIJgfggO13NihovTbihnFimseKBNg1YXBQN894l9v6UhuY_P3dfTEiqZ7Ygzht4-hqUT7TF-54_y0qrg
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 154
expires: Tue, 31 Aug 2021 10:02:38 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://fksnk.com/cs/google?google_gid=CAESEJXJBBoRWSOdccGGlphZsCw&google_cver=1&google_push=AYg5qPJmo1q6uZzlU_5eB1YY3RS7i2aq710pERG3o6FnZMOQ0PK_7y_6ijJtckJfKwDs9jd5Vaj6c_YzAYgc3vkY-s6JyUmHVOgt
https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTY1RkY4NjIzREM3RTZDRQ==

170 B
188 B

19ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTY1RkY4NjIzREM3RTZDRQ==

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=fiksu&google_hm=QTY1RkY4NjIzREM3RTZDRQ==
date: Wed, 01 Sep 2021 10:02:38 GMT
content-language: en-US
content-type: text/html;charset=ISO-8859-1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEMiib2DyXABLh4tlgfRBwV0&google_cver=1&google_push=AYg5qPKtosDCYMsYe9IHd_13b035eCIhAjAPope6NHJb8tRYlRZAbnJ4-oBpYxjlvYCGAxfQBUHlyKzprwKmUQhi...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=nmTcV_HtTkSGIYXaeMHBIg2&google_push=AYg5qPKtosDCYMsYe9IHd_13b035eCIhAjAPope6NHJb8tRYlRZAbnJ4-oBpYxjlvYCGAxfQBUHlyKzprwKmUQhiMEXQDdXV9CY

170 B
188 B

18ms
18ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=nmTcV_HtTkSGIYXaeMHBIg2&google_push=AYg5qPKtosDCYMsYe9IHd_13b035eCIhAjAPope6NHJb8tRYlRZAbnJ4-oBpYxjlvYCGAxfQBUHlyKzprwKmUQhiMEXQDdXV9CY

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 01 Sep 2021 10:02:38 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.15.12
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=nmTcV_HtTkSGIYXaeMHBIg2&google_push=AYg5qPKtosDCYMsYe9IHd_13b035eCIhAjAPope6NHJb8tRYlRZAbnJ4-oBpYxjlvYCGAxfQBUHlyKzprwKmUQhiMEXQDdXV9CY
x-host: tde-deliveryengine-production-57bdbcf799-vf6c4
alt-svc: clear
content-length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://a.c.appier.net/gcm?google_gid=CAESEBfxkK4Kdq29xpNHmfocqU0&google_cver=1&google_push=AYg5qPIOdPTQbzWNlpuhvuiuNaWiWZ_tneXqfwVT8zzdlVkLV9dEvdJRX3m1vp-f097_tTcz6zJAMsaPTt8ZTcPQoNGdO_XB02iZ
https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=SkhiZWpPQWNCZXV1T0FzUXYwOHZZUQ%3D%3D&google_push=AYg5qPIOdPTQbzWNlpuhvuiuNaWiWZ_tneXqfwVT8zzdlVkLV9dEvdJRX3m1vp-f097_tTcz6zJAMsaPTt8ZT...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=SkhiZWpPQWNCZXV1T0FzUXYwOHZZUQ%3D%3D&google_push=AYg5qPIOdPTQbzWNlpuhvuiuNaWiWZ_tneXqfwVT8zzdlVkLV9dEvdJRX3m1vp-f097_tTcz6zJAMsaPTt8ZTcPQoNGdO_XB02iZ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=appier&google_hm=SkhiZWpPQWNCZXV1T0FzUXYwOHZZUQ%3D%3D&google_push=AYg5qPIOdPTQbzWNlpuhvuiuNaWiWZ_tneXqfwVT8zzdlVkLV9dEvdJRX3m1vp-f097_tTcz6zJAMsaPTt8ZTcPQoNGdO_XB02iZ
date: Wed, 01 Sep 2021 10:02:39 GMT
cache-control: no-store
server: nginx
content-type: text/html; charset=utf-8
content-length: 243
p3p: CP="CUR ADM DEV TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELkhINzjDBzkTGLcsu31bq4&google_cver=1&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVHra...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESELkhINzjDBzkTGLcsu31bq4&google_cver=1&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8D...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkwMjI3MDA1MTQ0OTE0Mzk0MQ&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVH...

170 B
188 B

17ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkwMjI3MDA1MTQ0OTE0Mzk0MQ&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVHraj4QX_ZkXnyisnesNCZ4x

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: nginx
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjkwMjI3MDA1MTQ0OTE0Mzk0MQ&google_push=AYg5qPKV7WL7cGYxmfGyjhg_LczBC2g8QJNdm-hZj6wARc7Us2MdoKHfHcjCWIkeWdNXiaLsR8DYVHraj4QX_ZkXnyisnesNCZ4x
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://b1sync.zemanta.com/usersync/googleadx/?google_gid=CAESEIgA1jNo-irHK57P2APz0dU&google_cver=1&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefh...
https://b1sync.zemanta.com/usersync/googleadx/?google_cver=1&google_gid=CAESEIgA1jNo-irHK57P2APz0dU&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefh...
https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefhcdQy7ThztWF8dM&google_hm=WDdSRlhMM2doVXVhdllaZ...

170 B
188 B

18ms
17ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefhcdQy7ThztWF8dM&google_hm=WDdSRlhMM2doVXVhdllaZXVhX3M=

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:39 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 01 Sep 2021 10:02:39 GMT
P3p: CP="We do not support P3P header."
Location: https://cm.g.doubleclick.net/pixel?google_nid=zemanta&google_push=AYg5qPJJCJrXdntUBYeOxrgXWlZhtL5FQ1Zfw4BQqgLDREMa542cCkrUorKuxfZhRA0Gk7fqiglFpwDF3yefhcdQy7ThztWF8dM&google_hm=WDdSRlhMM2doVXVhdllaZXVhX3M=
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=utf-8
Content-Length: 235
Expires: Thu, 01 Dec 1994 16:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame C3BA
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEK...
https://sync.targeting.unrulymedia.com/csync/RX-92da7c62-c7e3-4475-ac7d-9ec49cca35cd-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAYg5qPL1LJWXozTsv26hKvAoV...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPL1LJWXozTsv26hKvAoViBEISLNh8GqZcLJsruXjrAC9Vt2YhvmE2b5dGsum1220dVFpKPh93b9EH24q4lZ36H57Iiccfek&google_hm=A5LafGLH40R1rH2exJzKNc0

170 B
188 B

19ms
19ms

Image
image/png

172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPL1LJWXozTsv26hKvAoViBEISLNh8GqZcLJsruXjrAC9Vt2YhvmE2b5dGsum1220dVFpKPh93b9EH24q4lZ36H57Iiccfek&google_hm=A5LafGLH40R1rH2exJzKNc0

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 01 Sep 2021 10:02:38 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AYg5qPL1LJWXozTsv26hKvAoViBEISLNh8GqZcLJsruXjrAC9Vt2YhvmE2b5dGsum1220dVFpKPh93b9EH24q4lZ36H57Iiccfek&google_hm=A5LafGLH40R1rH2exJzKNc0
date: Wed, 01 Sep 2021 10:02:38 GMT
server: Tengine
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RX92da7c62c7e34475ac7d9ec49cca35cd003
content-type: text/html

GET
H3-29 204 attr
cm.g.doubleclick.net/pixel/ Frame C3BA 0
12 B 20ms
15ms Image
text/html 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IjK6qzOwhbs6gzQBBiSIIdsQ_OQL55bOjK0Ts83-rTNjt6ojXJ9dZrlEKT7GsbHMSosISD

Requested by

Host: 26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com
URL: https://26bee094945f5e5fabac9f2db96f874a.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS