www.opovo.com.br Open in urlscan Pro
2606:4700:3037::6815:3403 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.opovo.com.br.admin-us2.cas.ms/
Effective URL:
https://www.opovo.com.br/
Submission Tags: krdprod
Submission: On August 11 via api (August 11th 2021, 9:14:19 pm UTC) from JP

Summary HTTP 375 Redirects Links 42 Behaviour Indicators

Summary

This website contacted 76 IPs in 10 countries across 45 domains to perform 375 HTTP transactions. The main IP is 2606:4700:3037::6815:3403, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.opovo.com.br.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 12th 2021. Valid for: a year.

This is the only time www.opovo.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	52.155.166.50 52.155.166.50	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2a02:26f0:170... 2a02:26f0:1700:d::1737:6e8f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:303... 2606:4700:3037::6815:3403	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
26	2606:4700:303... 2606:4700:3033::ac43:c0c1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2001:4de0:ac1... 2001:4de0:ac18::1:a:3b	20446 (HIGHWINDS3) (HIGHWINDS3)
3	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
7	2a00:1450:400... 2a00:1450:4001:813::2002	15169 (GOOGLE) (GOOGLE)
1	13.224.89.106 13.224.89.106	16509 (AMAZON-02) (AMAZON-02)
9	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
14 30	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2008	15169 (GOOGLE) (GOOGLE)
1	54.192.219.92 54.192.219.92	16509 (AMAZON-02) (AMAZON-02)
10	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
9	2a00:1450:400... 2a00:1450:4001:82b::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
1	54.192.219.81 54.192.219.81	16509 (AMAZON-02) (AMAZON-02)
3	51.79.78.239 51.79.78.239	16276 (OVH) (OVH)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f01... 2a03:2880:f01c:216:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 14	2a00:1450:400... 2a00:1450:4001:82a::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	34.68.90.188 34.68.90.188	15169 (GOOGLE) (GOOGLE)
21	143.204.98.26 143.204.98.26	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:80f::200e	15169 (GOOGLE) (GOOGLE)
7	200.194.101.94 200.194.101.94	11921 (SECRELNET...) (SECRELNET INFORMATICA LTDA)
10	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 13	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	52.84.45.59 52.84.45.59	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:812::2003	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:808::2006	15169 (GOOGLE) (GOOGLE)
1 42	2a00:1450:400... 2a00:1450:4001:80e::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:809::2016	15169 (GOOGLE) (GOOGLE)
5	2606:4700::68... 2606:4700::6810:135e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 3	52.213.249.25 52.213.249.25	16509 (AMAZON-02) (AMAZON-02)
3	2600:9000:217... 2600:9000:2175:a200:8:48e:53c0:93a1	16509 (AMAZON-02) (AMAZON-02)
30	2a00:1450:400... 2a00:1450:4001:801::2002	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:828::2006	15169 (GOOGLE) (GOOGLE)
25	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
2 4	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	185.33.220.243 185.33.220.243	29990 (ASN-APPNEX) (ASN-APPNEX)
2 3	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
2	104.111.242.245 104.111.242.245	16625 (AKAMAI-AS) (AKAMAI-AS)
4 6	185.94.180.126 185.94.180.126	35220 (SPOTX-AMS) (SPOTX-AMS)
2	2a00:1288:80:... 2a00:1288:80:800::7000	203220 (YAHOO-DEB) (YAHOO-DEB)
3 3	18.184.201.8 18.184.201.8	16509 (AMAZON-02) (AMAZON-02)
3 4	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
6	142.250.186.162 142.250.186.162	15169 (GOOGLE) (GOOGLE)
3 6	54.171.163.246 54.171.163.246	16509 (AMAZON-02) (AMAZON-02)
3	85.14.248.72 85.14.248.72	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
8	178.63.52.121 178.63.52.121	24940 (HETZNER-AS) (HETZNER-AS)
1 4	88.99.219.174 88.99.219.174	24940 (HETZNER-AS) (HETZNER-AS)
1 4	136.243.149.243 136.243.149.243	24940 (HETZNER-AS) (HETZNER-AS)
4 4	145.239.193.130 145.239.193.130	16276 (OVH) (OVH)
2	88.198.250.30 88.198.250.30	24940 (HETZNER-AS) (HETZNER-AS)
2	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
6	46.236.13.147 46.236.13.147	24931 (DEDIPOWER) (DEDIPOWER)
2 4	216.58.212.166 216.58.212.166	15169 (GOOGLE) (GOOGLE)
2	54.76.176.197 54.76.176.197	16509 (AMAZON-02) (AMAZON-02)
2	104.111.239.217 104.111.239.217	16625 (AKAMAI-AS) (AKAMAI-AS)
1 1	94.23.99.218 94.23.99.218	16276 (OVH) (OVH)
2	54.192.219.70 54.192.219.70	16509 (AMAZON-02) (AMAZON-02)
2	81.29.72.47 81.29.72.47	24931 (DEDIPOWER) (DEDIPOWER)
4	52.215.101.139 52.215.101.139	16509 (AMAZON-02) (AMAZON-02)
3	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
375	76

1 52.155.166.50 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.opovo.com.br.admin-us2.cas.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:1700:d::1737:6e8f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

mcasproxy.azureedge.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3037::6815:3403 (United States)

ASN13335 (CLOUDFLARENET, US)

www.opovo.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 2606:4700:3033::ac43:c0c1 (United States)

ASN13335 (CLOUDFLARENET, US)

www.opovo.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4de0:ac18::1:a:3b (Netherlands)

ASN20446 (HIGHWINDS3, US)

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:813::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.89.106 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-89-106.zrh50.r.cloudfront.net

d335luupugsy2.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 142.250.186.130 (United States) 14 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.219.92 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-219-92.mrs52.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:82b::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.192.219.81 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-219-81.mrs52.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.79.78.239 (Québec, Canada)

ASN16276 (OVH, FR)
PTR: ns568638.ip-51-79-78.net

player.transmissaodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
encrypted-tbn3.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:216:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a00:1450:4001:82a::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.68.90.188 (Council Bluffs, United States)

ASN15169 (GOOGLE, US)
PTR: 188.90.68.34.bc.googleusercontent.com

forms.rdstation.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 143.204.98.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-26.fra50.r.cloudfront.net

embed.radiopublic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 200.194.101.94 (Fortaleza, Brazil)

ASN11921 (SECRELNET INFORMATICA LTDA, BR)

mais.opovo.com.br	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany) 2 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.84.45.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-84-45-59.mrs52.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

static.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

42 2a00:1450:4001:80e::2001 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

yt3.ggpht.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2016 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

i.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6810:135e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.213.249.25 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-249-25.eu-west-1.compute.amazonaws.com

pixel.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:9000:2175:a200:8:48e:53c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

static.adsafeprotected.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

30 2a00:1450:4001:801::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:828::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.234.21 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.33.220.243 (Amsterdam, Netherlands) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.98.64.218 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.242.245 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-242-245.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.94.180.126 (Amsterdam, Netherlands) 4 redirects

ASN35220 (SPOTX-AMS, US)

sync.search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1288:80:800::7000 (Frankfurt am Main, Germany)

ASN203220 (YAHOO-DEB, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.184.201.8 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-184-201-8.eu-central-1.compute.amazonaws.com

pixel.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.126.56.137 (Frankfurt am Main, Germany) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 54.171.163.246 (Dublin, Ireland) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

skydeutschland.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.14.248.72 (Bottrop, Germany)

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

m.exactag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn0.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

encrypted-tbn1.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 178.63.52.121 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.121.52.63.178.clients.your-server.de

hal9000.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 88.99.219.174 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.174.219.99.88.clients.your-server.de

hal900029.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 136.243.149.243 (Germany) 1 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.243.149.243.136.clients.your-server.de

hal900030.redintelligence.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 145.239.193.130 (France) 4 redirects

ASN16276 (OVH, FR)

pv.medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 88.198.250.30 (Bad Schwalbach, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.88-198-250-30.clients.your-server.de

pb.media01.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, CH)

adv.office-partner.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.236.13.147 (United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 46-236-13-147.servers.dedipower.net

track.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 216.58.212.166 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f166.1e100.net

5994599.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.76.176.197 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com

ad-server.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.239.217 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-239-217.deploy.static.akamaitechnologies.com

www.awin1.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 94.23.99.218 (France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip218.ip-94-23-99.eu

medialead.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.192.219.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-219-70.mrs52.r.cloudfront.net

analytics.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 81.29.72.47 (Epsom, United Kingdom)

ASN24931 (DEDIPOWER, GB)
PTR: 81-29-72-47.servers.dedipower.net

diapi.webgains.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.215.101.139 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-215-101-139.eu-west-1.compute.amazonaws.com

api.webgains.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
91	googlesyndication.com 1 redirects 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com tpc.googlesyndication.com pagead2.googlesyndication.com ade.googlesyndication.com	637 KB
58	doubleclick.net 17 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net static.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net 5994599.fls.doubleclick.net	311 KB
34	opovo.com.br www.opovo.com.br mais.opovo.com.br	8 MB
27	2mdn.net s0.2mdn.net	957 KB
21	radiopublic.com embed.radiopublic.com	220 KB
19	google.com 2 redirects adservice.google.com www.google.com	14 KB
16	redintelligence.net 2 redirects hal9000.redintelligence.net hal900029.redintelligence.net hal900030.redintelligence.net	119 KB
15	gstatic.com fonts.gstatic.com www.gstatic.com encrypted-tbn0.gstatic.com encrypted-tbn3.gstatic.com encrypted-tbn1.gstatic.com	279 KB
12	youtube.com www.youtube.com	731 KB
11	googletagservices.com www.googletagservices.com	388 KB
9	googleapis.com fonts.googleapis.com	127 KB
8	webgains.com track.webgains.com diapi.webgains.com	27 KB
6	webgains.io analytics.webgains.io api.webgains.io	121 KB
6	demdex.net 3 redirects skydeutschland.demdex.net	5 KB
6	yahoo.com 3 redirects ads.yahoo.com ups.analytics.yahoo.com	4 KB
6	spotxchange.com 4 redirects sync.search.spotxchange.com	4 KB
6	adsafeprotected.com 3 redirects pixel.adsafeprotected.com static.adsafeprotected.com	2 KB
6	google.de adservice.google.de www.google.de	629 B
5	medialead.de 5 redirects pv.medialead.de medialead.de	4 KB
5	cloudflare.com cdnjs.cloudflare.com	84 KB
4	casalemedia.com 2 redirects dsum-sec.casalemedia.com	4 KB
4	google-analytics.com www.google-analytics.com	39 KB
4	googletagmanager.com www.googletagmanager.com	154 KB
3	exactag.com m.exactag.com	3 KB
3	advertising.com 3 redirects pixel.advertising.com	1 KB
3	openx.net 2 redirects us-u.openx.net	832 B
3	adnxs.com 2 redirects ib.adnxs.com	3 KB
3	transmissaodigital.com player.transmissaodigital.com
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	63 KB
3	azureedge.net mcasproxy.azureedge.net	42 KB
2	awin1.com www.awin1.com	1 KB
2	ad-server.eu ad-server.eu	624 B
2	office-partner.de adv.office-partner.de	2 KB
2	media01.eu pb.media01.eu	784 B
2	teads.tv sync.teads.tv	344 B
2	facebook.com www.facebook.com	388 B
2	facebook.net connect.facebook.net	98 KB
2	googleadservices.com www.googleadservices.com	15 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	28 KB
1	ytimg.com i.ytimg.com	21 KB
1	ggpht.com yt3.ggpht.com	3 KB
1	rdstation.com.br forms.rdstation.com.br	36 KB
1	cloudfront.net d335luupugsy2.cloudfront.net	48 KB
1	jquery.com code.jquery.com	30 KB
1	cas.ms www.opovo.com.br.admin-us2.cas.ms	834 B
375	45

	Domain	Requested by
46	tpc.googlesyndication.com	1 redirects securepubads.g.doubleclick.net 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com www.opovo.com.br.admin-us2.cas.ms s0.2mdn.net
34	pagead2.googlesyndication.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com s0.2mdn.net securepubads.g.doubleclick.net www.googletagservices.com
27	s0.2mdn.net	www.opovo.com.br.admin-us2.cas.ms s0.2mdn.net 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
27	www.opovo.com.br	www.opovo.com.br
21	embed.radiopublic.com	www.opovo.com.br embed.radiopublic.com
20	cm.g.doubleclick.net	14 redirects googleads.g.doubleclick.net
15	www.google.com	2 redirects www.opovo.com.br securepubads.g.doubleclick.net www.youtube.com 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com tpc.googlesyndication.com
15	googleads.g.doubleclick.net	1 redirects www.googleadservices.com www.youtube.com 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com www.opovo.com.br.admin-us2.cas.ms
12	www.youtube.com	www.opovo.com.br www.googletagmanager.com www.youtube.com
11	www.googletagservices.com	www.opovo.com.br securepubads.g.doubleclick.net 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
10	fonts.gstatic.com	fonts.googleapis.com www.youtube.com
10	securepubads.g.doubleclick.net	www.googletagservices.com securepubads.g.doubleclick.net www.opovo.com.br.admin-us2.cas.ms
9	fonts.googleapis.com	www.opovo.com.br embed.radiopublic.com d335luupugsy2.cloudfront.net 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com tpc.googlesyndication.com hal900029.redintelligence.net hal900030.redintelligence.net
8	hal9000.redintelligence.net	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com hal900029.redintelligence.net hal900030.redintelligence.net
8	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
7	mais.opovo.com.br	www.opovo.com.br
6	track.webgains.com	www.opovo.com.br.admin-us2.cas.ms 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com analytics.webgains.io
6	skydeutschland.demdex.net	3 redirects 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
6	googleads4.g.doubleclick.net	www.opovo.com.br.admin-us2.cas.ms
6	sync.search.spotxchange.com	4 redirects googleads.g.doubleclick.net
5	cdnjs.cloudflare.com	www.opovo.com.br d335luupugsy2.cloudfront.net s0.2mdn.net
4	api.webgains.io	analytics.webgains.io
4	5994599.fls.doubleclick.net	2 redirects www.opovo.com.br.admin-us2.cas.ms
4	pv.medialead.de	4 redirects
4	hal900030.redintelligence.net	1 redirects 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com hal900030.redintelligence.net
4	hal900029.redintelligence.net	1 redirects 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com hal900029.redintelligence.net
4	ups.analytics.yahoo.com	3 redirects googleads.g.doubleclick.net
4	dsum-sec.casalemedia.com	2 redirects googleads.g.doubleclick.net
4	www.google.de	www.opovo.com.br
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com embed.radiopublic.com
4	adservice.google.com	securepubads.g.doubleclick.net 5994599.fls.doubleclick.net
4	www.googletagmanager.com	www.opovo.com.br adv.office-partner.de
3	ade.googlesyndication.com
3	m.exactag.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
3	pixel.advertising.com	3 redirects
3	us-u.openx.net	2 redirects googleads.g.doubleclick.net
3	ib.adnxs.com	2 redirects googleads.g.doubleclick.net
3	static.adsafeprotected.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
3	pixel.adsafeprotected.com	3 redirects
3	player.transmissaodigital.com	www.opovo.com.br
3	mcasproxy.azureedge.net	www.opovo.com.br.admin-us2.cas.ms mcasproxy.azureedge.net
2	diapi.webgains.com	track.webgains.com
2	analytics.webgains.io	track.webgains.com
2	www.awin1.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
2	ad-server.eu	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
2	adv.office-partner.de	hal900029.redintelligence.net hal900030.redintelligence.net
2	pb.media01.eu	hal900029.redintelligence.net hal900030.redintelligence.net
2	ads.yahoo.com	googleads.g.doubleclick.net
2	sync.teads.tv	googleads.g.doubleclick.net
2	www.gstatic.com	www.youtube.com 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
2	www.facebook.com	www.opovo.com.br
2	stats.g.doubleclick.net	www.google-analytics.com
2	connect.facebook.net	www.opovo.com.br.admin-us2.cas.ms connect.facebook.net
2	www.googleadservices.com	www.googletagmanager.com www.googleadservices.com
2	adservice.google.de	securepubads.g.doubleclick.net
2	maxcdn.bootstrapcdn.com	www.opovo.com.br embed.radiopublic.com
1	medialead.de	1 redirects
1	encrypted-tbn1.gstatic.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
1	encrypted-tbn3.gstatic.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
1	encrypted-tbn0.gstatic.com	20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
1	i.ytimg.com	www.youtube.com
1	yt3.ggpht.com	www.youtube.com
1	static.doubleclick.net	www.youtube.com
1	vars.hotjar.com	static.hotjar.com
1	forms.rdstation.com.br	d335luupugsy2.cloudfront.net
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.opovo.com.br
1	d335luupugsy2.cloudfront.net	www.opovo.com.br
1	code.jquery.com	www.opovo.com.br
1	www.opovo.com.br.admin-us2.cas.ms
375	70

This site contains links to these domains. Also see Links.

Domain
adorofutebol.com.br
assine.opovo.com.br
especiais.opovo.com.br
mais.opovo.com.br
radios.opovo.com.br
fortaleza.novabrasilfm.com.br
fdr.org.br
populares.com.br
www.anuariodoceara.com.br
thetrustproject.org
www.youtube.com

Subject Issuer	Validity	Valid
*.mcas.ms Microsoft Azure TLS Issuing CA 05	`2021-08-11` - `2022-08-06`	a year	crt.sh
*.azureedge.net DigiCert SHA2 Secure Server CA	`2020-11-21` - `2021-11-30`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-05-12` - `2022-05-11`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.cloudfront.net Amazon	`2021-03-19` - `2022-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
*.hotjar.com Amazon	`2020-12-25` - `2022-01-23`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-07-26` - `2021-10-18`	3 months	crt.sh
player.transmissaodigital.com R3	`2021-08-10` - `2021-11-08`	3 months	crt.sh
www.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-07-20` - `2021-10-18`	3 months	crt.sh
forms.rdstation.com.br R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
radiopublic.com Amazon	`2021-05-27` - `2022-06-25`	a year	crt.sh
*.opovo.com.br AlphaSSL CA - SHA256 - G2	`2021-05-03` - `2022-06-04`	a year	crt.sh
*.googleadservices.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
*.googleusercontent.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
edgestatic.com GTS CA 1C3	`2021-07-12` - `2021-10-04`	3 months	crt.sh
static.adsafeprotected.com Amazon	`2020-10-03` - `2021-11-03`	a year	crt.sh
san.casalemedia.com GeoTrust RSA CA 2018	`2021-02-05` - `2022-02-09`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2021-07-08` - `2022-08-08`	a year	crt.sh
teads.tv R3	`2021-06-14` - `2021-09-12`	3 months	crt.sh
*.search.spotxchange.com GeoTrust RSA CA 2018	`2021-04-08` - `2022-05-09`	a year	crt.sh
*.ads.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-07-08` - `2021-08-25`	2 months	crt.sh
ups.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-03-22` - `2021-09-15`	6 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2020-12-02` - `2022-01-02`	a year	crt.sh
*.exactag.com Sectigo ECC Domain Validation Secure Server CA	`2019-08-28` - `2021-09-13`	2 years	crt.sh
redintelligence.net R3	`2021-06-21` - `2021-09-19`	3 months	crt.sh
*.media01.eu RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	`2021-05-27` - `2022-05-27`	a year	crt.sh
adv.office-partner.de R3	`2021-07-10` - `2021-10-08`	3 months	crt.sh
*.webgains.com Sectigo RSA Domain Validation Secure Server CA	`2021-05-20` - `2022-06-20`	a year	crt.sh
ad-server.eu R3	`2021-06-18` - `2021-09-16`	3 months	crt.sh
www.awin1.com DigiCert SHA2 Secure Server CA	`2021-06-11` - `2022-06-16`	a year	crt.sh
*.webgains.io Amazon	`2021-03-12` - `2022-04-10`	a year	crt.sh

This page contains 43 frames:

Primary Page: https://www.opovo.com.br/
Frame ID: 8F24021AD2D897B16ADE0966918F1D8D
Requests: 94 HTTP requests in this frame

Frame: https://mcasproxy.azureedge.net/proxyweb/1.3.24/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fwww.opovo.com.br%2F
Frame ID: 5E31FC116486896D62A6D0926D82A7E9
Requests: 2 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 5C78B4FB7D38BE34EE159DCE83DA6308
Requests: 1 HTTP requests in this frame

Frame: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
Frame ID: 9B6627CDB4D14CEB8B69F79C93BB1967
Requests: 18 HTTP requests in this frame

Frame: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Frame ID: FF2CA701988954B5A353DA0146468AAE
Requests: 24 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Frame ID: 079F7A23CB1438934ABB00E85BC0D1B1
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuPnTl2eNCkCeStaPZarga55cPwFHQXTN3ua0mv3q0w2eDvFtXS3BZVDOx8Z8aXuBfzPVO4TIPd-i05hZlAfkbzNlow38wrUEqsvpF92x2IHY21UTGuqLEq6uayIch8szkfwUBeegwovsvSN7eOvV2N-xq3suJ7L5PIJd6YZh4jV55vtFS9GYjw9vgzhrNgTRvrY5ibBKu8R0ALpes6v7OqedXi_rytEBL-ufW-rcw9C9Up3H2ffSSidxKXzlThHH0k5hScI_7iAHh3ZBRE4zhNqRHlpOGtEM6fSXSwL8_dvybw1k-2Slfzm4I2pRkxWjbKzjk&sai=AMfl-YSmhaB6CQw70PyiORpcpenycRvF_XIwv4htrLVnSMTXmahTVrbDEx_JTI8-X1bVrIQZGKGA5nmeJ1dq4MgL3THp7JExFxTocb2xUFyaCMKzXH2cpBMcSyay2w5J3YM&sig=Cg0ArKJSzGFk-ziCjcF_EAE&adurl=
Frame ID: 9DFC1D633650992DC126CA6D49D4831B
Requests: 9 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 2EC43098D6C69A6866B68D983B39856A
Requests: 18 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: F63080FF0E2C80B3F400EC251E4E905F
Requests: 18 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 7F616E91C659C1491A46A2C6A315D7B4
Requests: 20 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E4B53B0F5C594C4963718EA027529D65
Requests: 17 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstpC8TEM77vj5u0EvtPxUCaBSHPQ6Dkh1wjI4ulPDZ9jYPICQo_tt4rGc-D4Mc-5MA06J7SSsg5JbGYcgLc4VKSpHHilCMlBH_H_8j3ynX2zPdLrx_wvMQtejKdWKWgMNrSTDnl-Noyvn5BUCJNg6ZzK4SvgZZ3V2R8P2NACAjtUt-SYjfe2H4-satEj4R8HM3JcQfWLquijwWtkqJZo0qyq6dVTwqQQHnup1QsvBm-QtK4PDo5G5uWJ3PZGhX5SyvF6dn6nK9p37rSzNfv_H_BmQZnlaIZ0ipnxi4kQkOh-rvGjGh-MY29x7mDnHh7Ag&sai=AMfl-YS9ehRXt34TkBbcBAobkxsZIwZd22_5AvJcECkY_qyUMbOKgU0YEq-arE7Tb6YSYjYwhSIYDwzzLSD4mSkctIl12GV_yxClZ0JsFYPUXlvBmc6TK9K1YDetR0VJLP0&sig=Cg0ArKJSzFIAeaelNNFMEAE&adurl=
Frame ID: 54ADBC3960C78CCC8B09105F5302F184
Requests: 6 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 3EF0865AF95F9B2F8FFA729F99A26C1C
Requests: 19 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJHu6K0BMAE&v=APEucNVs4cvfmzL9-ZXTx3UoyuBhTLwqcSxcIzq360xWN0BueqCEA8Uh96GD54O17feQxWWFVOtOSa1daMbN0aFhzC4-gicYjJ1axPcniwnuLTrLLppnNkWoxg-Lp2je4rEKdgR-qtaMK6CtpsjeGyZBZZpxwke-LGg8tq3Db0g_OIjh_ojznAA
Frame ID: 2A203BFBE03F71A404821BF07303449E
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8
Frame ID: 4A5942F8AF083710D9909F9B92CBD681
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYnMXFlQEwAQ&v=APEucNUYJ19k2z7OvDidWcvgapS00LxiWLgJj-OQkawp28ggjgsilBA-S9SCkFgWwbXeX3SwcFPWCC7G0a7lr70F0-FtP1w-rWoI_33bKWF2V2e0Pdu1CU-adRtUEgZHUZUm115eYoQ1ApO537BLCKkIRD83K6FBHGBU0PvVb-U0Z0LzVD79qFw
Frame ID: 0F2A142554025430BF1358179ADDE324
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNUlsXa10rnEgYcqGms9K2Wb2sGtqM7Y8Yr_fyovkpcGykFA-EeD9_1Is_ZcRIuNsKjoFfrU0saZwzgyoVP63nXDWgY7kiEgUGfSIa1gHF5rzb0jiXrp65FVRux952Wq6rpve_sf81oe_cSUCNZlvguU53ursDwhyPuEBJQMlbNd_zaRyuI
Frame ID: 81F79B5CD3B5B6577163DDF2004508BF
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU2p0OYf0ZumUWnpHjr-G7SfofhRYk0Fftvhr9pm8lsCz8GIJ-4vkIa67iDcejlJwdIB0D7FAXoe9PlyCoEpYEx7CYaP0w-obJOHhkNCc3tjyVROFTxros6rQ8L8PwMu4FShL_3KjZ5ipGN7xgBq3N84XpWnkKWRXa2d8poPz_vIVap1jw
Frame ID: A4D07731F177A8CBB310788FC4F893F9
Requests: 4 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 914F105DE5DC5A7559DD5F22F5146F39
Requests: 16 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
Frame ID: 42DC30236E56108CBAD08ACCE45702DB
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: B22D24F06956D4BECC1650CF0A09AF06
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
Frame ID: 046681EFF0547119A27AC30C418D9C7E
Requests: 11 HTTP requests in this frame

Frame: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
Frame ID: 4BDC86D4E84E5E5997911D1C99F34291
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 03EFAC88B93EEA605347E0E1BDF141D7
Requests: 3 HTTP requests in this frame

Frame: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 19C8DB4DC69F48A8E37DFFEDCD8E2D2E
Requests: 7 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: FEC5622FA7FDAAC133186174CA326E1D
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: BC44D6533980951D6B085D552488FDBF
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 09014299752B3996B044EB70BBA48314
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html
Frame ID: 4376E56306AEBFD72508ADFD3EF2E552
Requests: 11 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si
Frame ID: EC07B700908A9F08A499668883464214
Requests: 2 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=23721000158626301084702011683029&actionid=731824&produktid=businessgiro&dt_url=
Frame ID: 3129623AB0E33EB7F435A80BA26A94FA
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: 432D5AE486F8BDE30894DC911BD44288
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735
Frame ID: 215BC013CE7DB8BD51599ED5D80C1C2A
Requests: 2 HTTP requests in this frame

Frame: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
Frame ID: 7889459396CCB0CA5987598941241A1D
Requests: 8 HTTP requests in this frame

Frame: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68719600175274700710616011683030&actionid=879111&produktid=ratenkredit&dt_url=
Frame ID: B6505EFE4F5CAFF9009DC43E458D49BB
Requests: 1 HTTP requests in this frame

Frame: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Frame ID: D4C8C2C3B8FB8FCEA250669CBAB3605C
Requests: 2 HTTP requests in this frame

Frame: https://5994599.fls.doubleclick.net/activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01
Frame ID: 4F29AE571A31D7CD2768C11266667CFB
Requests: 2 HTTP requests in this frame

Frame: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
Frame ID: D6B8707732A568B9375876D3B7C2EDB5
Requests: 6 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js
Frame ID: A8BE0B5C03ED4125B2FF61FBFFC98522
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js
Frame ID: 8E611102BF51E59144D786D767BDDE52
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js
Frame ID: 94B352EA58B6D5148D54E7AD412A34CF
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html
Frame ID: AF84E3D9F17D605F8213EF0F52B1F4C3
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: A8C3050E5687B971165A082978A65257
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.opovo.com.br.admin-us2.cas.ms/ Page URL
https://www.opovo.com.br/ Page URL

Detected technologies

Lua (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]+?href="[^"]*bootstrap(?:\.min)?\.css/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

OpenResty (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /openresty(?:\/([\d.]+))?/i

DoubleClick for Publishers (DFP) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /googletagservices\.com\/tag\/js\/gpt(?:_mobile)?\.js/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

375
Requests

100 %
HTTPS

54 %
IPv6

45
Domains

70
Subdomains

76
IPs

10
Countries

13226 kB
Transfer

20865 kB
Size

7
Cookies

42 Outgoing links

These are links going to different origins than the main page.

URL: https://adorofutebol.com.br/
Title: Tabelas

Search URL Search Domain Scan URL

URL: https://assine.opovo.com.br/?utm_source=home&utm_medium=orange&utm_campaign=colors_test
Title: Assine

Search URL Search Domain Scan URL

URL: http://adorofutebol.com.br/
Title: Tabelas

Search URL Search Domain Scan URL

URL: https://especiais.opovo.com.br/
Title: Especiais

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/
Title: O POVO Mais

Search URL Search Domain Scan URL

URL: http://radios.opovo.com.br/opovocbn/
Title: O POVO CBN

Search URL Search Domain Scan URL

URL: http://fortaleza.novabrasilfm.com.br/
Title: Nova Brasil FM

Search URL Search Domain Scan URL

URL: http://fdr.org.br/tvopovo/
Title: Canal FDR

Search URL Search Domain Scan URL

URL: http://populares.com.br/
Title: Populares

Search URL Search Domain Scan URL

URL: http://www.anuariodoceara.com.br/
Title: Anuário do Ceará

Search URL Search Domain Scan URL

URL: https://thetrustproject.org/
Title: Participamos do

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/jornal/cidades/2021/08/11/vacinacao-infantil-ceara-nao-atinge-nenhuma-meta-do-calendario-nacional-em-2020.html
Title: Exclusivo assinante Vacinação infantil: Ceará não atinge nenhuma meta do calendário nacional

Search URL Search Domain Scan URL

URL: https://assine.opovo.com.br/
Title: Assine e tenha acesso aos colunistas

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/clovis-holanda/2021/08/10/vendo-o-noticiario-so-resta-correr-para-um-beach-club.html
Title: + Exclusivo assinanteVendo o noticiário, só resta correr para um "beach club"

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/clovis-holanda
Title: Clovis Holanda

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/andre-bloc/2021/08/10/recorde-brasileiro-em-toquio-foi-feito-por-grupos-marginalizados.html
Title: + Exclusivo assinanteRecorde brasileiro em Tóquio foi feito por grupos marginalizados

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/andre-bloc
Title: André Bloc

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/leda-maria/2021/08/11/o-esporte-e-a-paz-na-conquista-do-mundo.html
Title: + Exclusivo assinanteO esporte e a paz na conquista do mundo

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/leda-maria
Title: Leda Maria

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/guilherme-ashara/2021/08/10/transformando-feridas-em-felicidade.html
Title: + Exclusivo assinanteTransformando feridas em felicidade

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/guilherme-ashara
Title: Guilherme Ashara

Search URL Search Domain Scan URL

URL: https://radios.opovo.com.br/opovocbn/
Title:

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/web-stories/plantas-para-ter-em-casa/2021/08/10/plantas-para-ter-em-casa.html

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/web-stories/os-jogos-lancados-em-agosto/2021/08/03/os-jogos-lancamentos-de-agosto.html

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/web-stories/introducao-as-criptomoedas/2021/07/06/o-que-e-uma-criptomoeda.html

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/nazareno-albuquerque/2021/08/11/nao-sei-por-que-nao-confio-no-artur.html
Title: + Exclusivo assinanteNão sei por que, não confio no Artur

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/nazareno-albuquerque
Title: Nazareno Albuquerque

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/nello-rangel/2021/08/10/voce-sabe-ser-cuidadoso-parte-2.html
Title: + Exclusivo assinanteVocê sabe ser cuidadoso? Parte 2

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/nello-rangel
Title: Nello Rangel

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/neila-fontenele/2021/08/10/programa-mais-emprego-ceara-tera-inicio-no-final-deste-mes.html
Title: + Exclusivo assinantePrograma "Mais Emprego Ceará" terá início no final deste mês

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/neila-fontenele
Title: Neila Fontenele

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/henrique-araujo/2021/08/11/exames.html
Title: + Exclusivo assinanteExames

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/colunistas/henrique-araujo
Title: Henrique Araújo

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCj-RTZE-V3Q6jleatRR9k2A
Title: Ver mais vídeos

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/jornal/reportagem/2021/08/11/governo-perde-na-votacao-da-pec-mas-nao-sofre-goleada-na-camara.html
Title: Exclusivo assinanteJornalBolsonaro perde na votação do voto impresso, mas não sofre goleada

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/jornal/economia/2021/08/11/assumir-prejuizo-e-a-reputacao-no-mercado-as-possiveis-causas-da-recusa-da-ford-em-vender-a-troller.html
Title: Exclusivo assinanteJornalAssumir prejuízo e a reputação no mercado: por que a Ford recusa vender a Troller

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/reportagens-especiais/era-das-chacinas/2021/08/10/chacina-dos-portugueses-ha-20-anos-violencia-no-ce-assombrou-europa.html
Title: Exclusivo assinanteHISTÓRIAChacina dos Portugueses: há 20 anos, violência no Ceará assombrou Europa

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/jornal/vidaearte/2021/08/11/do-game-para-o-cinema-free-guy-explora-fronteira-entre-real-e-virtual.html
Title: Exclusivo assinanteJornalDo game para o cinema: "Free Guy" explora fronteira entre real e virtual

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/ebooks/2020/04/14/vende-se-uma-familia.html
Title: Exclusivo assinanteLivroVende-se uma família, de Socorro Acioli: leia o livro aqui

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/reportagens-especiais/2021/08/04/jornalista-cria-um-fortaleza-esporte-clube-na-hungria.html
Title: Exclusivo assinanteReportagem especialJornalista cria um Fortaleza Esporte Clube na Hungria

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/flip/

Search URL Search Domain Scan URL

URL: https://mais.opovo.com.br/reportagens-especiais/violencia-contra-meninas/2020/08/25/morando-com-o-inimigo--o-perigo--na-maioria-das-vezes--esta-em-casa.html
Title: ESPECIALViolência contra meninas: o perigo, na maioria das vezes, está em casaEm série especial, O POVO retrata a realidade de meninas violentadas a cada ano no Brasil e no Estado. Pesquisas revelam que em 70% dos casos, parentes próximos são responsáveis por abuso sexual praticado contra crianças e adolescentes

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.opovo.com.br.admin-us2.cas.ms/ Page URL
https://www.opovo.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 95

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=kz0UYabcI8W_gQenyaC4Dg&sscte=1&crd=&eitems=ChEI8OrNiAYQhsGUkJjWsejqARIdAAVz41lcNW7Oese0_6rMJVvXZFqvl2GloT9kIBE HTTP 302
https://www.google.com/pagead/1p-conversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=kz0UYabcI8W_gQenyaC4Dg&cid=CAQSKQCNIrLMQ49Y0ec9FYvYoh9ap7SvD4hHYkRGJi2eNMNsoOvXeQD6_bT9&eitems=ChEI8OrNiAYQhsGUkJjWsejqARIdAAVz41l_m-hBmUrecoQCFepcBm0oUqf2H4JpxYk&random=1418464088&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=kz0UYabcI8W_gQenyaC4Dg&cid=CAQSKQCNIrLMQ49Y0ec9FYvYoh9ap7SvD4hHYkRGJi2eNMNsoOvXeQD6_bT9&eitems=ChEI8OrNiAYQhsGUkJjWsejqARIdAAVz41l_m-hBmUrecoQCFepcBm0oUqf2H4JpxYk&random=1418464088&resp=GooglemKTybQhCsO&ipr=y

Request Chain 146

https://pixel.adsafeprotected.com/rfw/st/741547/55522419/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 153

https://pixel.adsafeprotected.com/rfw/st/741547/55522707/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 170

https://pixel.adsafeprotected.com/rfw/st/741547/55522707/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd= HTTP 302
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

Request Chain 196

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc= HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEVBNsm-4N91k_LYhb1r02I&google_cver=1

Request Chain 197

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YRQ9lI7lvuWt51e6.AlqDAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa5RFv9ybei7GefJALUVqU&google_cver=1&google_hm=2

Request Chain 198

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc= HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEGdZEYPMEvN4QjCLWf3a07g&google_cver=1

Request Chain 199

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMxOTgxNDY4MDI2NDYwMDQ4Nw%3D%3D

Request Chain 200

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_dbm=&google_tc= HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK8hpYMshcPNi7JoueIWp4g&google_cver=1

Request Chain 201

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODE3MDU4OGQtZDRlMy0yZTZlLWY3ZTEtNmZmNWU5M2E1NmZk

Request Chain 202

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm=&google_dbm=&google_tc= HTTP 302
https://sync.teads.tv/um?eid=3&uid=CAESEDwqbJup58s4o7Hba7O_mt0&google_cver=1

Request Chain 206

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm=&google_dbm=&google_tc= HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1

Request Chain 207

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=09e93921-fae9-11eb-b267-1365eaaf0106 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2

Request Chain 209

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm=&google_dbm=&google_tc= HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1

Request Chain 210

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID HTTP 302
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_id=09e94945-fae9-11eb-90f3-1ab0ad8d0506 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2

Request Chain 212

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1 HTTP 302
https://pixel.advertising.com/ups/55946/sync?uid=CAESELj-8B8LH1asuNIUW3fytYo&_origin=1&google_cver=1 HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELj-8B8LH1asuNIUW3fytYo&_origin=1&google_cver=1&apid=UP09e5a1f7-fae9-11eb-99fb-069fb351cf48

Request Chain 213

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true HTTP 302
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true HTTP 302
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP09e5a1f7-fae9-11eb-99fb-069fb351cf48 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAwOWU1YTFmNy1mYWU5LTExZWItOTlmYi0wNjlmYjM1MWNmNDg%3D

Request Chain 214

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true HTTP 302
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0xYm9RUjhWRTJ1R3RJNERGOHhHUktQcElENkhWTkhLUX5B

Request Chain 217

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=306717470&d_campaign=26006000&d_bust=1887967491&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=306717470&d_campaign=26006000&d_bust=1887967491&gdpr=&gdpr_consent=

Request Chain 232

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDLtpTtQBDeAhjeAjII0goevw9MXWY HTTP 301
https://tpc.googlesyndication.com/simgad/16718395175647122093

Request Chain 236

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=706555163&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=706555163&gdpr=&gdpr_consent=

Request Chain 242

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=1511790481&gdpr=&gdpr_consent= HTTP 302
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=1511790481&gdpr=&gdpr_consent=

Request Chain 249

https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0 HTTP 302
https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1

Request Chain 269

https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0 HTTP 302
https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1

Request Chain 297

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si

Request Chain 303

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=23721000158626301084702011683029&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=23721000158626301084702011683029&actionid=731824&produktid=businessgiro&dt_url=

Request Chain 306

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735

Request Chain 308

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=23721000158626301084702011683029 HTTP 301
https://ad-server.eu/wm/pb/native.png

Request Chain 310

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=68719600175274700710616011683030&t=htlp HTTP 301
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68719600175274700710616011683030&actionid=879111&produktid=ratenkredit&dt_url=

Request Chain 313

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01 HTTP 302
https://5994599.fls.doubleclick.net/activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01

Request Chain 315

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68719600175274700710616011683030 HTTP 302
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68719600175274700710616011683030 HTTP 301
https://ad-server.eu/wm/pb/native.png

375 HTTP transactions
10 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 / Show response
www.opovo.com.br.admin-us2.cas.ms/ 1010 B
834 B 2807ms
35ms Document
text/html 52.155.166.50
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

52.155.166.50 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

openresty /

Resource Hash

fbf857f2d8e2082494a42b59bb1f2c8bc8a7ec864d62d5165a024ffc25653054

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

:method: GET
:authority: www.opovo.com.br.admin-us2.cas.ms
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-type: text/html; charset=utf-8
server: openresty
date: Wed, 11 Aug 2021 21:13:54 GMT
x-mcas-request-id: 24fbec6dbd3dcdf0d3526ca0b50ca94a
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
strict-transport-security: max-age=31536000
expires: Mon, 01-Jan-1990 00:00:00 GMT
x-mcas-upstream-time: n/a
x-mcas-processing-time: 3
content-encoding: gzip
x-mcas-cache-status: MISS

GET
H2 200 session-context-store-helper.min.js Show response
mcasproxy.azureedge.net/proxyweb/1.3.24/js/ 5 KB
5 KB 20ms
7ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/1.3.24/js/session-context-store-helper.min.js
Requested by: Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: ef6b116f5d682673f7e8ebbfa0027176ccb482caea43b4077cc34f0748d7bc4b

Request headers

Referer: https://www.opovo.com.br.admin-us2.cas.ms/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Wed, 11 Aug 2021 21:13:54 GMT
last-modified: Wed, 04 Aug 2021 07:17:20 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: PLOXavfa2pddds7xHBr81w==
etag: 0x8D95717E6041C3F
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d67a67af-a01e-00f6-540d-8973c2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=30886541
x-ms-version: 2009-09-19
content-length: 5084

GET
H2 200 session-context-restore.html Show response
mcasproxy.azureedge.net/proxyweb/1.3.24/html/ Frame 5E31 281 B
729 B 7ms
7ms Document
text/html 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/1.3.24/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fwww.opovo.com.br%2F
Requested by: Host: mcasproxy.azureedge.net
URL: https://mcasproxy.azureedge.net/proxyweb/1.3.24/js/session-context-store-helper.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: d593eab937ae208334c866b7afc56b0703787c857dae8bb562aefbbd3ca15ee6

Request headers

:method: GET
:authority: mcasproxy.azureedge.net
:scheme: https
:path: /proxyweb/1.3.24/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fwww.opovo.com.br%2F
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br.admin-us2.cas.ms/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br.admin-us2.cas.ms/

Response headers

content-length: 281
content-type: text/html
content-md5: vDuuGHIdcY/gQtnraxH9qw==
last-modified: Wed, 04 Aug 2021 07:18:01 GMT
etag: 0x8D95717FE9A6378
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-request-id: 1825ea4c-201e-0009-480d-894e5a000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
access-control-allow-origin: *
cache-control: public, max-age=30886509
date: Wed, 11 Aug 2021 21:13:54 GMT

GET
H2 200 session-context-restore.min.js Show response
mcasproxy.azureedge.net/proxyweb/1.3.24/js/ Frame 5E31 36 KB
36 KB 7ms
7ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://mcasproxy.azureedge.net/proxyweb/1.3.24/js/session-context-restore.min.js
Requested by: Host: mcasproxy.azureedge.net
URL: https://mcasproxy.azureedge.net/proxyweb/1.3.24/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fwww.opovo.com.br%2F
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 84631de0bca7e12b1b542849e146044afb360af10af6ae4f5d90ec534e017734

Request headers

Referer: https://mcasproxy.azureedge.net/proxyweb/1.3.24/html/session-context-restore.html?action=store&contextData=https%3A%2F%2Fwww.opovo.com.br%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Wed, 11 Aug 2021 21:13:55 GMT
last-modified: Wed, 04 Aug 2021 07:17:20 GMT
server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5: d0ja3c44qO7D3vm2nqObfQ==
etag: 0x8D95717E6200DC3
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: d67a69f2-a01e-00f6-630d-8973c2000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=30886511
x-ms-version: 2009-09-19
content-length: 36521

GET
H2 200 Primary Request / Show response
www.opovo.com.br/ 61 KB
13 KB 23ms
23ms Document
text/html 2606:4700:3037::6815:3403
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3037::6815:3403 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5c3cafd09dcc182446bac9da532a773ef49387b2010cb699fe489e3b3740be65

Request headers

:method: GET
:authority: www.opovo.com.br
:scheme: https
:path: /?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://www.opovo.com.br.admin-us2.cas.ms/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br.admin-us2.cas.ms/

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-type: text/html; charset=utf-8
last-modified: Wed, 11 Aug 2021 20:06:37 GMT
vary: Accept-Encoding
x-fivecom-rewrite-portal: home
cache-control: public, max-age=120, s-maxage=604800
x-varnish: 193594330
age: 216
via: 1.1 varnish-v4
x-ua-device: desktop
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
cf-cache-status: HIT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ysFMuyHQxF2BV9WeHfSzbEp%2B9PmWEbXHVOEJQpffQYw%2Boz8TaYLmH5dsv8zOL4%2BoctxhJDVsDv3v9akpPSqwV9rwB5kmCu%2FjemTcVEazDyJtvjjNubHOqlXmS%2Bi04dyUD61gIERHyrqbLL%2Bij4ln"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 67d47876d8ae2c3a-FRA
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/ 141 KB
21 KB 23ms
22ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Origin: https://www.opovo.com.br
Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 756, 617, 617
age: 1180997
cdn-cachedat: 2021-07-24 16:53:09
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:04 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 5556e1672a3336be2e69601e83efd441
cf-ray: 67d478770a834a80-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 main.css
www.opovo.com.br/reboot/includes/assets/css/ 31 KB
7 KB 32ms
19ms Stylesheet
text/css 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6fd5607dcbe171b837fe85c863ceaa921f82aa628f30006944cac938286376e6

Request headers

:path: /reboot/includes/assets/css/main.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7535
cf-polished: origSize=45958
content-type: text/css
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Tue, 10 Aug 2021 18:20:12 GMT
server: cloudflare
etag: W/"6112c35c-b386"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Bal4OEEOYIPqq7lEwamJhDmxJo7thn%2F6OhOq6hN6G52j1REClGhvCiS0aPds3dShpIrscYdLBs42Yf2AahC%2BCzXi%2BOpq4me9K9zSv%2BBGLCD7L4TuR%2FXpE63miXEtqzMctVsaakKBjRqk3FILN2mK"}],"group":"cf-nel","max_age":604800}
x-varnish: 176720548 177079723
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
cf-ray: 67d478772ab24e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
cf-bgj: minify

GET
H3-29 200 home.css
www.opovo.com.br/reboot/includes/assets/css/ 24 KB
5 KB 29ms
16ms Stylesheet
text/css 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.opovo.com.br/reboot/includes/assets/css/home.css
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 01926c1dc655b802e2f4e5f9501684064f48e6ac9bd9ec900968937fe44dea1a

Request headers

:path: /reboot/includes/assets/css/home.css
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7516
cf-polished: origSize=36351
content-type: text/css
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Mon, 02 Aug 2021 18:41:36 GMT
server: cloudflare
etag: W/"61083c60-8dff"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qHp92xjSP9BtfE6qcRB1Pq6jdxBboFj2gtPdGaLbTkY43WPOeMFp3gf%2BZyZOsp5EjZoedP54wSXVnkFOAxwIsKeNgYvs%2FY0oFjjBHyNV6mKqoW%2B84hmiduDEFCdaKX%2FHBPUIMVVvIE4gQyZrr58r"}],"group":"cf-nel","max_age":604800}
x-varnish: 175184349 174231704
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
cf-ray: 67d478772ab34e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
cf-bgj: minify

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 25ms
10ms Script
application/javascript 2001:4de0:ac18::1:a:3b
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4de0:ac18::1:a:3b , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

Origin: https://www.opovo.com.br
Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
last-modified: Tue, 02 Mar 2021 17:27:20 GMT
server: nginx
etag: W/"603e7578-15d9d"
vary: Accept-Encoding
x-hw: 1628716435.dop242.fr8.t,1628716435.cds287.fr8.hc,1628716435.cds144.fr8.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
40 KB 14ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-23310373-1

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3df581ede5b6755ba8ff7ed918d78063854a7b1d499a9beb4a86abfe5cecb307

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40983
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H2 200 gpt.js Show response
www.googletagservices.com/tag/js/ 71 KB
25 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/tag/js/gpt.js

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9793b7ffe16ab6975ee3b25c407232bae1a6ddebfd6b2c317644f79c5a6d27fe

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "956 / 528 of 1000 / last-modified: 1628680311"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 25135
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H3-29 200 menu%20icon.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 1 KB
1 KB 16ms
16ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/menu%20icon.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 61deae71fd0ad0396d0819d19356b76f37d4d6a6d028bd1d04775ff083c3e147

Request headers

:path: /reboot/includes/assets/img/icon/menu%20icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7535
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 04:09:57 GMT
server: cloudflare
etag: W/"61022a15-476"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gDRB1CLoBnxXNT%2Faf4jM38m5AtueWbima%2FkauKdLH8vBo0EVuXgUSwaSg5cALihwEVQcTDLUm4JxUFdUmMx1oaQK2Ed663uGzRUNEmAXW3DM%2BKHDP6wLJRSMTFPppTYfpUsmE1fm9e6iG3%2BkyAwp"}],"group":"cf-nel","max_age":604800}
x-varnish: 177045741 177079731
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d478779bd34e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 opovo%20logo.svg
www.opovo.com.br/reboot/includes/assets/img/ 4 KB
2 KB 22ms
22ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/opovo%20logo.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d9db9c26133de44e188ba8efdffc8ada7122550a3023fe6070660f02a1528e3f

Request headers

:path: /reboot/includes/assets/img/opovo%20logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7533
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 04:09:57 GMT
server: cloudflare
etag: W/"61022a15-1187"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ihEHenrlw6bwOp7FC0Ezfxw1OSGSOrVslX5Jb0t9hcR5gzX5QMJmIa9fYQinNEJY88F77UX2zhGX%2BuVRjGW0XdeyPVhUcReb9DTqh2jYkKsMOJjlwgYzV6mDi9BeDcLWP08Vgqyo%2Bpfc7f%2FphCvS"}],"group":"cf-nel","max_age":604800}
x-varnish: 176720597 176065243
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d47877abf74e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 busca%20icon.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 556 B
1 KB 12ms
11ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/busca%20icon.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 37be7a267c93deed806a27dbc7c367081e0f9399a76748a20e6f9f5e20ee51c0

Request headers

:path: /reboot/includes/assets/img/icon/busca%20icon.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7534
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 04:09:57 GMT
server: cloudflare
etag: W/"61022a15-22c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=keO9VPfDx8Pzf7wkCLrexAtiviOyLa5Piw3saG6leVaVyNlXUqWQIlDSpSZmUNmPekQ4EmUfe5JNui9toiyPJBYECZcfYVo7crxJWJkSggktMxr3927djCaB%2BPBU3n4NgERveUNmf7hJdcihy8hM"}],"group":"cf-nel","max_age":604800}
x-varnish: 177045786 177079740
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d47877bc124e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 x-icone.svg
www.opovo.com.br/reboot/includes/assets/img/ 557 B
996 B 15ms
15ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/x-icone.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11dc66a366c3952a0dbed2205d6d5c48c26200befa3a4ccb6112be49ab774878

Request headers

:path: /reboot/includes/assets/img/x-icone.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7533
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 04:09:57 GMT
server: cloudflare
etag: W/"61022a15-22d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RYsUovUhq6tn0dFITsIiwy04bVU3XEGQZp4JqIbyBryPUrNJCHn7VgJ0u%2FHMaCwG7huiqdYwVe8I7eB0ielhee4IK0PLMwrKuFhJKqfDM%2FaPEYGgQVco1dvwR1EZekjWDHhIiOG3OAXyy4hBMzyv"}],"group":"cf-nel","max_age":604800}
x-varnish: 175474315 176065233
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d47877dc6b4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 trustlogo.png
www.opovo.com.br/reboot/includes/assets/img/ 3 KB
3 KB 12ms
11ms Image
image/png 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/trustlogo.png
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dfc2535f6e81fe3e03bc7f1585541629734216cdd9c99f99dd8e7c09feb71089

Request headers

:path: /reboot/includes/assets/img/trustlogo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7533
content-type: image/png
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2731
last-modified: Thu, 29 Jul 2021 12:49:24 GMT
server: cloudflare
etag: "6102a3d4-aab"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPPkcaCbjnJnjRh3tSb6BkMy%2Fz9SunINAa1ppqAEAOPs206EtiUqEgCX595qGHx7Jd40dTOJYvVJyMOOdP5jb4OSRMPdh16MFRjWb2VTk2xTYUj2L6tMouDT1oXu%2F4isu1D9RtY9yUdIpmt7ZiVd"}],"group":"cf-nel","max_age":604800}
x-varnish: 175474313 176065240
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d47877fca94e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 breaking-news-logo.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 5 KB
3 KB 17ms
17ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/breaking-news-logo.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ce46f553ca45d2ff6acac8e983bc80ad540a9e07c06309e79fddf07c9629f69

Request headers

:path: /reboot/includes/assets/img/icon/breaking-news-logo.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7516
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 04:09:57 GMT
server: cloudflare
etag: W/"61022a15-1339"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BW3ZGoIaRHXib8EvWDBHUPfRzVokmYrEi0cwvLNbKK2xRKsHR%2FnH5qjcqNGh1D%2Boa4vl6rnHxxpP76a%2F%2BC9XhMDyC%2BTLxAfnOda4fxqH2g8jPsaykK7Q2QRxCFfZRb6KmFL3rM%2Bx4IY6ViqzIBFl"}],"group":"cf-nel","max_age":604800}
x-varnish: 175184364 174231719
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d478780cdc4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 logo-op+.svg
www.opovo.com.br/reboot/includes/assets/img/ 2 KB
2 KB 14ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/logo-op+.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 70009818dd359fa38d706cf06c2906f7ad035c19218cd9eb0d083f19925aaf87

Request headers

:path: /reboot/includes/assets/img/logo-op+.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7515
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 13:25:35 GMT
server: cloudflare
etag: W/"6102ac4f-93d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eIlOWBLHanXfcRXx4VXzBM6AEsoz1MhkS606WzoTirhAhTKgF%2FXBcs00URoA2YzCMS0VZIz4l7sU0m14D3MD4MuuCF8Q8zgT4CoGbTRdPbY2XyhfkKUCcRAuF%2F5bIkuJuSAsZAHezDhwW5j2SIcx"}],"group":"cf-nel","max_age":604800}
x-varnish: 172629044 176393703
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d478782d134e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 logo_cbn_home.svg
www.opovo.com.br/reboot/includes/assets/img/ 5 KB
3 KB 20ms
20ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/logo_cbn_home.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ea5b6a0210cfbd83a9bde2a3b9944d77e2c8b041e19c2d7c907d54bdd8f87828

Request headers

:path: /reboot/includes/assets/img/logo_cbn_home.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7515
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 18:41:58 GMT
server: cloudflare
etag: W/"6102f676-158d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bY6yDZgi6sMctP1pHRKvDcLhCyLTH%2FrdBoIbKQ9bZcz%2F5w%2BtbAqZvkBE5H43C9Ki%2BKUYKa%2FG9MP3MOanTswf46Rl%2FEIBVAdY17yV3U5r8mpe6Iniju3gBjKPgN3XGbDMXYakuhUzMm03B2sOwZlx"}],"group":"cf-nel","max_age":604800}
x-varnish: 175184389 176720680
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d478783d614e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H2 200 rdstation-forms.min.js Show response
d335luupugsy2.cloudfront.net/js/rdstation-forms/stable/ 179 KB
48 KB 39ms
13ms Script
application/javascript 13.224.89.106
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d335luupugsy2.cloudfront.net/js/rdstation-forms/stable/rdstation-forms.min.js
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.224.89.106 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-224-89-106.zrh50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: f2cd97361029231f60fed13cfcf4b7647194819d1e7510777a42c0757e9614c3

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Jul 2021 23:44:49 GMT
content-encoding: gzip
last-modified: Tue, 20 Jul 2021 13:38:32 GMT
server: AmazonS3
age: 1286947
etag: "936c0e9f9f2e7062db9525fd93e9a629"
x-cache: Hit from cloudfront
x-amz-version-id: sTRI5oPxk0GUIriIlx7bdWWVPfl8DTyA
via: 1.1 1437ff2cfbc1ea8c7a36e6b0ce6e935a.cloudfront.net (CloudFront)
cache-control: max-age=315360000, must-revalidate
x-amz-cf-pop: ZRH50-C1
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 48720
x-amz-cf-id: oBUetXA_rDzQHy7S7xyYMxUmdvvbGzfaNAa92F3QCsEccc9h_6TEHw==

GET
H3-29 200 1_violencia_contra_meninas___capa1-13352210.jpg
www.opovo.com.br/_midias/jpg/2020/08/24/608x344/ 39 KB
40 KB 14ms
14ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2020/08/24/608x344/1_violencia_contra_meninas___capa1-13352210.jpg?20210809082104?20210809082104
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cbddc59fd95006e6df8dd917bc0f59cbb4f3216ed7a8b5fb735f532de86603c0

Request headers

:path: /_midias/jpg/2020/08/24/608x344/1_violencia_contra_meninas___capa1-13352210.jpg?20210809082104?20210809082104
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7514
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 40411
last-modified: Mon, 09 Aug 2021 11:20:51 GMT
server: cloudflare
etag: "61110f93-9ddb"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BS1RAd%2F237yEK%2B%2B6V7TE5iNcuUKnydcg5II84lvgPLvWMJwsqJRryi%2FygYgQ2Urapx7AQ2erMG%2FKDvkPRC59GUD1hBiEkC1SXqcv6EcUcYhxDqHyOfDLxsUMVOW1NRql%2BT3V2D4zWOFRmkQc2jB%2F"}],"group":"cf-nel","max_age":604800}
x-varnish: 176882478 173512520
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d478786d984e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 o-povo-online.png
www.opovo.com.br/includes/assets/online/geral/imgs/ 6 KB
7 KB 12ms
12ms Image
image/png 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/includes/assets/online/geral/imgs/o-povo-online.png
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fb78178efb17880986453d866dc2c7ff441b2b2426665937e77f2ae214f44713

Request headers

:path: /includes/assets/online/geral/imgs/o-povo-online.png
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7533
content-type: image/png
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 6467
last-modified: Fri, 28 Jun 2019 14:34:35 GMT
server: cloudflare
etag: "5d16257b-1943"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EDTMmFECtY90CwNrxH27KcE6K5CFRUfmsqTDCDP0yURSj0wugBJ7RvtgMjKpRqjj8rr7nksB2K0nh%2Fdqe1in3thuj%2BWHW0BZeJU9FTTapRoRfhIFrct6eR2nnt95xAekAM917RwHWM4nRLSJE0uS"}],"group":"cf-nel","max_age":604800}
x-varnish: 175474317 177079734
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d478788dcb4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 main.js Show response
www.opovo.com.br/reboot/includes/assets/js/ 3 KB
2 KB 17ms
17ms Script
application/javascript 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.opovo.com.br/reboot/includes/assets/js/main.js
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7c30b7faefd4e8fefed030603d324d54adcab250726f3b2baa6d07388ababc2c

Request headers

:path: /reboot/includes/assets/js/main.js
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7535
cf-polished: origSize=6649
content-type: application/javascript; charset=utf-8
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Wed, 11 Aug 2021 12:40:50 GMT
server: cloudflare
etag: W/"6113c552-19f9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LE06KlBDbNNk8pVntkDVRnYBG4J0hD6mXvoj%2BLr2fRzGTLTAO%2BkdQghISqb5dsl8PQknU2dihTOeCML058GyfCUqrR%2FRs9GV1KhZgFMHzJD84XgXPP679px%2BfU5l%2BLDANJUr6OL4eyNxnJtHVzGA"}],"group":"cf-nel","max_age":604800}
x-varnish: 173512377 176065246
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
cf-ray: 67d478789df74e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
cf-bgj: minify

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
1003 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&display=swap

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

25a97b6f96010411d7098a277fc392cf8fe4c024a5bb5ef44b9da7790f0c0022

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 19:33:48 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 9 KB
878 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Serif:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8acb353b031da51b2508fa3b0f6037cbafb24a10063e30e720869142f4ae1eca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 20:57:11 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 439 KB
121 KB 26ms
25ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@300;400;700;900&display=swap

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

02b42891008d9664f81c4d4a49510e55a943f863a79b711ef820ee778cf1c46f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 21:13:55 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H2 200 pubads_impl_2021080501.js Show response
securepubads.g.doubleclick.net/gpt/ 328 KB
115 KB 93ms
36ms Script
text/javascript 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

sffe /

Resource Hash

999dd215435801026f51fb5847df0b1127bd49541ef7d9aeb8b799a9669d8c56

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 05 Aug 2021 08:37:44 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 116820
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H3-29 200 gtm.js Show response
www.googletagmanager.com/ 120 KB
44 KB 15ms
15ms Script
application/javascript 2a00:1450:4001:828::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WBWHQHX

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e44b89ad714fb0c6274b63cef72f68a66e32194cefe161f1e75ad7eae962b002

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44545
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H2 200 hotjar-254673.js Show response
static.hotjar.com/c/ 5 KB
3 KB 76ms
25ms Script
application/javascript 54.192.219.92
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-254673.js?sv=6

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.92 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-192-219-92.mrs52.r.cloudfront.net

Software

Resource Hash

eed69e1ad88cb0fee94ff49f9d3ba118ee75d1d42ca07b7874f7fbde426a00e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:36 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 19
etag: W/7586a2bfe1af4f77d7c2f275152f37bb
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
x-amz-cf-pop: MRS52-P2
x-amz-cf-id: hzDP7haSYA8zCeUfjxc2S_oTmT7_KjoHr8H13MDP7BBhPN966O33pg==
via: 1.1 c5c1467e47aa14975ca9a42cf837f5ec.cloudfront.net (CloudFront)

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.opovo.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 01:30:05 GMT
x-content-type-options: nosniff
age: 157430
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15640
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:37 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 01:30:05 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
15 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.opovo.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:30:52 GMT
x-content-type-options: nosniff
age: 160983
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15720
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:56 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:30:52 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
165 B 16ms
15ms Script
application/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.opovo.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
165 B 15ms
15ms Script
application/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.opovo.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 149 KB
39 KB 371ms
370ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2257128310838884&correlator=4156639936928508&output=ldjh&impl=fifs&eid=31062030%2C31062141%2C31062188%2C31062234%2C20211866&vrg=2021080501&ptt=17&sc=1&sfv=1-0-38&ecs=20210811&iu_parts=10216148%2Cbanner_bottom_desktop%2C20%2Cteste_digitalpremium%2Cbt_smartphone_portal_home%2Cteste_digitalpremium_mobile%2C29%2C2124%2Cbr2_smartphone_portal_home%2Cbm_portal_mobile%2Cbr_smartphone_portal_home&enc_prev_ius=%2F0%2F1%2C%2F0%2F2%2C%2F0%2F3%2C%2F0%2F4%2C%2F0%2F5%2C%2F0%2F6%2C%2F0%2F7%2C%2F0%2F8%2C%2F0%2F9%2C%2F0%2F10&prev_iu_szs=468x60%2C1190x250%7C728x300%7C970x90%7C728x90%7C970x250%7C970x150%2C1190x250%2C320x100%7C300x50%2C320x100%2C300x250%7C336x280%2C336x280%7C300x250%2C300x250%2C320x100%7C320x50%2C300x250&cookie_enabled=1&bc=31&abxe=1&lmt=1628712397&dt=1628716435410&dlt=1628716435044&idt=285&frm=20&biw=1600&bih=1200&oid=3&adxs=-9%2C180%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adys=-9%2C300%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9%2C-9&adks=765604454%2C2160817647%2C2239437085%2C550397358%2C2196125528%2C322037220%2C3462848208%2C1496226131%2C1757523621%2C1138306896&ucis=1%7C2%7C3%7C4%7C5%7C6%7C7%7C8%7C9%7Ca&ifi=1&u_tz=120&u_his=3&u_java=false&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=0x-1%7C1240x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&msz=0x-1%7C1240x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1%7C0x-1&ga_vid=1658683163.1628716435&ga_sid=1628716435&ga_hid=1279857775&ga_fc=false&fws=2%2C0%2C2%2C2%2C2%2C2%2C2%2C2%2C2%2C2&ohw=0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0&btvi=-1%7C0%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1%7C-1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ..

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

5447f6b6ef0a1a76bb80b615bb46b1fbd67f60a05dbb8a5a30432bba080a1429

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: br
x-content-type-options: nosniff
google-mediationgroup-id: -2,-2,-2,-2,-2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39620
x-xss-protection: 0
google-lineitem-id: 5729574695,-1,-2,-2,-2,-1,-1,-1,5380793470,-1
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138354169478,-1,-2,-2,-2,-1,-1,-1,138312824854,-1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 5C78 6 KB
3 KB 61ms
16ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 icon-relacionados.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 482 B
1012 B 13ms
12ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/icon-relacionados.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/home.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3f0a286769312e8db193ae35a08d50d0b60988e0e8faf3d4f9294b822617fe63

Request headers

:path: /reboot/includes/assets/img/icon/icon-relacionados.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/reboot/includes/assets/css/home.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/reboot/includes/assets/css/home.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7514
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 04:09:57 GMT
server: cloudflare
etag: W/"61022a15-1e2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zl3PgKTqwbrOoMO%2BWoMqbGB%2FiQpqk4FA4qOOI%2FBfu2yX%2B48xtTwkBx5YLCaNSSlRsCQmIH9Na5k7RBlxQmVbt1Az%2FrhchXKIcHFo4oXQFLZrm8b9EY3LquboqAJUFSaLWgwpNzWK%2FNYwb78RzDuB"}],"group":"cf-nel","max_age":604800}
x-varnish: 176195789 176524940
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d478796fea4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 simbolo-mais.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 709 B
1 KB 13ms
13ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/simbolo-mais.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/home.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a81ee9f7aad91808ed8611c7b85abef34084d1717b3ac32314af7f705accaf1b

Request headers

:path: /reboot/includes/assets/img/icon/simbolo-mais.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/reboot/includes/assets/css/home.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/reboot/includes/assets/css/home.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7514
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 14:59:36 GMT
server: cloudflare
etag: W/"6102c258-2c5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZiZbL%2BOLuOudfTu3tTaPxZI7hoFF%2F1a2ICzJBLRkWFLXDDrWCSToslW7JXIwwrdGwDaEZLtNstf%2B4eYcC%2FxiO9RwO%2B0Iwh03Jsq1GtJsyCYIFIFvyQVMSMEJdgY880BzTPgTGe2tqYsQwViI1frF"}],"group":"cf-nel","max_age":604800}
x-varnish: 176882502 176720554
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d478796fec4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 70 KB
19 KB 776ms
776ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

dce1dbf98150f2afaefaddc9f7376d3f893ce234844e9848d8ff69e4cc35850d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19892
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 icon-seta-branca.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 486 B
1 KB 14ms
14ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/icon-seta-branca.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5ee25ab981932f30b684b02dbdf11c1297fec0354b5b2d8e5e78e5ebbace3345

Request headers

:path: /reboot/includes/assets/img/icon/icon-seta-branca.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/reboot/includes/assets/css/main.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/reboot/includes/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7514
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 13:50:45 GMT
server: cloudflare
etag: W/"6102b235-1e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zqj3W9E1MEMWsErAUGj0dfMBpVkO%2BlxDLunYhlJ6Hn3Qu2PVtwzPF99lFHDPfcoKF2u%2BIXL8Z3u93J%2F%2BMo333LIQeyxSRU%2FBKwXZ%2FhDd7YXwV7Sza6%2B1149%2B%2FGAMn2tArughSV9w7z09w8hR1BTC"}],"group":"cf-nel","max_age":604800}
x-varnish: 168829071 176328230
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d47879780e4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 icon-seta-azul.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 489 B
1 KB 12ms
12ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/icon-seta-azul.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 19b7fbb7d2c2b44d319cbd02d4a37289b73fb75fa20a350a055fc84b0b96d7d0

Request headers

:path: /reboot/includes/assets/img/icon/icon-seta-azul.svg
pragma: no-cache
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/reboot/includes/assets/css/main.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/reboot/includes/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7514
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 13:50:45 GMT
server: cloudflare
etag: W/"6102b235-1e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1laQ1%2FqHU0rqB3xbZa5XbPQ0VtVYRtlWem%2BOu5Fd9RiMLvWXPZtoGMnuZ9RtK%2FWTI8U1oobpTRDww5Ph4s4wnz6%2BvO77j%2FI8piK68SyPTPpPLHlzryMl5%2B0AxWfxUKwBv3NTk536hRQnYqyqkBSQ"}],"group":"cf-nel","max_age":604800}
x-varnish: 168829066 175474285
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d47879780f4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H2 200 modules.9a6619e61150e4449f35.js Show response
script.hotjar.com/ 221 KB
59 KB 78ms
27ms Script
application/javascript 54.192.219.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.9a6619e61150e4449f35.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-254673.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.192.219.81 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-192-219-81.mrs52.r.cloudfront.net

Software

Resource Hash

fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 05 Aug 2021 14:18:05 GMT
content-encoding: br
x-content-type-options: nosniff
age: 543350
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 59579
access-control-allow-origin: *
last-modified: Thu, 05 Aug 2021 14:17:07 GMT
etag: "f404c80c4e9647abd5db65360cf9ecee"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 1cfafe71e396134dc106e8c1515876bd.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: ajeI_op_rKbAMcgfOTwrBTJSXSe8FpVWr5qLH58XPW8jk799EEC8ww==

GET
H/1.1 200
OK /
player.transmissaodigital.com/proxy/6802/1/ 195 KB
0 302ms
113ms Media
audio/aacp 51.79.78.239
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://player.transmissaodigital.com/proxy/6802/1/
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.239 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568638.ip-51-79-78.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_qos/11.64 PHP/7.2.34 / PHP/7.2.34
Resource Hash

Request headers

Referer: https://www.opovo.com.br/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Wed, 11 Aug 2021 21:13:55 GMT
icy-name: O POVO CBN 95.5
X-Powered-By: PHP/7.2.34
icy-notice2: SHOUTcast DNAS/posix(linux x64) v2.5.1.724
icy-url: opovo.com.br
icy-sr: 22050
Connection: Keep-Alive
icy-notice1: This stream requires <a href="http://www.winamp.com">Winamp</a>
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_qos/11.64 PHP/7.2.34
icy-br: 128
Vary: User-Agent
Access-Control-Allow-Methods: GET, POST, OPTIONS
icy-pub: 0
Access-Control-Allow-Origin: *
icy-genre: News
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Content-Type: audio/aacp
Keep-Alive: timeout=60, max=100

GET
H/1.1 200
OK /
player.transmissaodigital.com/proxy/6736/1/ 195 KB
0 302ms
113ms Media
audio/aacp 51.79.78.239
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://player.transmissaodigital.com/proxy/6736/1/
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.239 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568638.ip-51-79-78.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_qos/11.64 PHP/7.2.34 / PHP/7.2.34
Resource Hash

Request headers

Referer: https://www.opovo.com.br/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Wed, 11 Aug 2021 21:13:55 GMT
icy-name: Radio O Povo CBN AM 1010
X-Powered-By: PHP/7.2.34
icy-notice2: SHOUTcast DNAS/posix(linux x64) v2.5.1.724
icy-url: http://www.orban.com
icy-sr: 22050
Connection: Keep-Alive
icy-notice1: This stream requires <a href="http://www.winamp.com">Winamp</a>
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_qos/11.64 PHP/7.2.34
icy-br: 128
Vary: User-Agent
Access-Control-Allow-Methods: GET, POST, OPTIONS
icy-pub: 0
Access-Control-Allow-Origin: *
icy-genre: Notícias
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Content-Type: audio/aacp
Keep-Alive: timeout=60, max=100

GET
H/1.1 200
OK /
player.transmissaodigital.com/proxy/6790/1/ 81 KB
0 317ms
118ms Media
audio/aacp 51.79.78.239
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://player.transmissaodigital.com/proxy/6790/1/
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.79.78.239 Québec, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns568638.ip-51-79-78.net
Software: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_qos/11.64 PHP/7.2.34 / PHP/7.2.34
Resource Hash

Request headers

Referer: https://www.opovo.com.br/
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Range: bytes=0-

Response headers

Date: Wed, 11 Aug 2021 21:13:55 GMT
icy-name: Orban Opticodec-PC Encoder
X-Powered-By: PHP/7.2.34
icy-notice2: SHOUTcast DNAS/posix(linux x64) v2.5.1.724
icy-url: opovo.com.br
icy-sr: 22050
Connection: Keep-Alive
icy-notice1: This stream requires <a href="http://www.winamp.com">Winamp</a>
Access-Control-Allow-Headers: Origin, Content-Type, Accept, Authorization, X-Request-With
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_qos/11.64 PHP/7.2.34
icy-br: 32
Vary: User-Agent
Access-Control-Allow-Methods: GET, POST, OPTIONS
icy-pub: 0
Access-Control-Allow-Origin: *
icy-genre: Various
Transfer-Encoding: chunked
Access-Control-Allow-Credentials: true
Content-Type: audio/aacp
Keep-Alive: timeout=60, max=100

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 5ms
5ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBWHQHX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 5841
date: Wed, 11 Aug 2021 19:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 21:36:34 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 36 KB
14 KB 64ms
29ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBWHQHX

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13981
x-xss-protection: 0
server: cafe
etag: 6132654052448080839
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 19ms
6ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 25944
x-xss-protection: 0
pragma: public
x-fb-debug: lj4Lg3V4lB46mTN6yJkQqmjWFLSKUp/+N4YUi1+hAtdW8PRwkxvmr1Nqqwx98PUSSEQJIm8pgcvvJJXU+RfwVA==
x-fb-trip-id: 686109401
x-frame-options: DENY
date: Wed, 11 Aug 2021 21:13:55 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 382 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3-29 200 icon-seta-preta-cbn.svg
www.opovo.com.br/reboot/includes/assets/img/icon/ 489 B
1 KB 12ms
11ms Image
image/svg+xml 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/reboot/includes/assets/img/icon/icon-seta-preta-cbn.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/reboot/includes/assets/css/main.css
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b4be89713a4c1c9d3924114991f78514a1889ebc8471656534da0a2e67a3fe82

Request headers

:path: /reboot/includes/assets/img/icon/icon-seta-preta-cbn.svg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/reboot/includes/assets/css/main.css
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/reboot/includes/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7514
content-type: image/svg+xml
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified: Thu, 29 Jul 2021 19:54:44 GMT
server: cloudflare
etag: W/"61030784-1e9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JwIEK8iGGxDlYKM6NFmmA9Rbqbg0gAflJ2NSZ4WiEcE4%2FJlf6uYjNTtYPJvPmHWV68tzW%2B0Ou7AnlWqAU0WmnNXobI7jq73BPU%2FRGMobhnZkXzgvqSaWgJeITNnbO%2FzBvWAE0V3QJw2jotv4w2l"}],"group":"cf-nel","max_age":604800}
x-varnish: 177079805 176328173
access-control-allow-origin: *
cache-control: public, max-age=120, s-maxage=604800
cf-ray: 67d47879b86e4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
122 B 25ms
24ms Script
application/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.opovo.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
122 B 24ms
23ms Script
application/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.opovo.com.br

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3-29 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 71 KB
24 KB 1045ms
1045ms XHR
text/plain 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

f6ec74cbaa77faa5a1b1a3a5f010df29a8a610221148427d0968a5962b5c1e7a

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COXD-MTxqfICFTFR5QodTIUAXQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=COXD-MTxqfICFTFR5QodTIUAXQ&gqi=&layout=/sadbundle/%24csp%253Der3%24/17626451119355985920/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24468
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
date: Wed, 11 Aug 2021 21:13:56 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 RShXiDjJIIA Show response
www.youtube.com/embed/ Frame 9B66 56 KB
24 KB 47ms
47ms Document
text/html 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/RShXiDjJIIA

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

039a425d15fb3b11e7cff30eac2c2bc63be9013a7d04d59e4b17c6a5e787f3cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/RShXiDjJIIA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Aug 2021 21:13:55 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, DPR
accept-ch-lifetime: 2592000
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=BejXfQb7gCA; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none VISITOR_INFO1_LIVE=-I2jNd57S6o; Domain=.youtube.com; Expires=Mon, 07-Feb-2022 21:13:55 GMT; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+210; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
DATA 200
OK truncated
/ 180 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 354 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 escolha-de-newsletter-d40ab0d6a7038b3a503f Show response
forms.rdstation.com.br/ 36 KB
36 KB 353ms
117ms XHR
text/html 34.68.90.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.rdstation.com.br/escolha-de-newsletter-d40ab0d6a7038b3a503f
Requested by: Host: d335luupugsy2.cloudfront.net
URL: https://d335luupugsy2.cloudfront.net/js/rdstation-forms/stable/rdstation-forms.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.68.90.188 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 188.90.68.34.bc.googleusercontent.com
Software: /
Resource Hash: 6dae544072c4991301930f77bbb9827737cf46282fb38a2862762cc84b39eb76

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
content-length: 36456
content-type: text/html

GET
H2 200 e Show response
embed.radiopublic.com/ Frame FF2C 11 KB
4 KB 31ms
8ms Document
text/html 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ed10d35454e38914e25e3065e29a312b424941cb16fdcbc232aaa7799025c1db

Request headers

:method: GET
:authority: embed.radiopublic.com
:scheme: https
:path: /e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

content-type: text/html; charset=utf8
last-modified: Fri, 24 Jan 2020 14:31:48 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 11 Aug 2021 21:10:24 GMT
cache-control: public, max-age=300
etag: W/"cc35806c9c7a0e629964629c8ffa3729"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: gSKwaYE57irJVtM6LQZNlMCJksAQ5nHtuaM8FfgS8V3MrpMXPxOs3g==
age: 471

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 13ms
13ms XHR
text/plain 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1279857775&t=pageview&_s=1&dl=https%3A%2F%2Fwww.opovo.com.br%2F&dr=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&ul=en-us&de=UTF-8&dt=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YAhAAEABAAAAAC~&jid=1048416591&gjid=1324207916&cid=1658683163.1628716435&tid=UA-23310373-1&_gid=1714665948.1628716436&_r=1&gtm=2wg891WBWHQHX&z=2120101217

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 200307651652585 Show response
connect.facebook.net/signals/config/ 253 KB
72 KB 8ms
8ms Script
application/x-javascript 2a03:2880:f01c:216:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/200307651652585?v=2.9.44&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2ca9c4e355f5caba2d98744fce8cd95767b4196f3670388328d6af12ce5394f7

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c;
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 73404
x-xss-protection: 0
pragma: public
x-fb-debug: d/dmlT+skcACWrjo2uApv5tiDEH5yYENM3IUBtXQd3+mfwRUDddZ7xAlt8WyZE1OAZpyjzKsealbyGD50tT+hg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coop_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Wed, 11 Aug 2021 21:13:55 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}],"group":"coop_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3-29 200 1_1_e7ucacqxsaiubtj_16545239-16807523.jpg
www.opovo.com.br/_midias/jpg/2021/08/11/506x360/ 30 KB
31 KB 15ms
12ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/08/11/506x360/1_1_e7ucacqxsaiubtj_16545239-16807523.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6334d3fb12d9adaf7c8dbdbbb98e6b38bdf95f53d675011e821802a0b82e6e13

Request headers

:path: /_midias/jpg/2021/08/11/506x360/1_1_e7ucacqxsaiubtj_16545239-16807523.jpg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5631
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 31167
last-modified: Wed, 11 Aug 2021 17:34:59 GMT
server: cloudflare
etag: "61140a43-79bf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Err7Uf5mt2s%2B9eOQJ3r7A84FrXqvyiD2%2FGBq5abkRiIJm7wpgYlsaFqukExE0r6huDrKyB9VJICWPiZQEEJ4Bl3Ia5OQid5yy2JzvVdHmRTtuoj%2FqSZWZu%2F%2B6BLb2lcHJqpPVFJ7lGe9is5uNbgR"}],"group":"cf-nel","max_age":604800}
x-varnish: 183238661 181764438
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a398d4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 1_untitled_design__3_-16806280.jpg
www.opovo.com.br/_midias/jpg/2021/08/11/190x144/ 10 KB
10 KB 14ms
11ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/08/11/190x144/1_untitled_design__3_-16806280.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 723e501f4e38617a697af2b4047c3185034ed26f1e5577d5f64feb1f46975cc7

Request headers

:path: /_midias/jpg/2021/08/11/190x144/1_untitled_design__3_-16806280.jpg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3782
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9947
last-modified: Wed, 11 Aug 2021 13:33:40 GMT
server: cloudflare
etag: "6113d1b4-26db"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=66%2BgrM0xQJ6QgKtVDr6KcOONDCTlZgi%2FkiUqa%2FjH4Q%2B5GL%2B9bLt%2BmwXCwp%2BpwziAeq0XcYg6iNk8OVcnPwMzeBgoNkQm6jmZ5YfXrkpMyVhypdQY%2Fr5YfYw8n5QJvNtE9fpMWHyJ7N4ivtZJAOS3"}],"group":"cf-nel","max_age":604800}
x-varnish: 187269675 186712790
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a39944e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 1_fumaca_no_pecem-16802273.jpeg
www.opovo.com.br/_midias/jpg/2021/08/10/190x144/ 10 KB
10 KB 46ms
43ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/08/10/190x144/1_fumaca_no_pecem-16802273.jpeg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ecc69ac2569c7d51c47188683562fa35f391a92207a4ea4cfce6327ed4b7124

Request headers

:path: /_midias/jpg/2021/08/10/190x144/1_fumaca_no_pecem-16802273.jpeg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 739
content-type: image/jpeg
x-ua-device: desktop
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 9920
last-modified: Tue, 10 Aug 2021 21:55:30 GMT
server: cloudflare
etag: "6112f5d2-26c0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oJRonMdvBpiC19RHM6cCnZcu3Mbxp28ztEGwrSxzEzZa411nLEgz6Ncmk6pSwwmrBBtp2nohGLlVIrt%2BJuo7PpO5XP8UQkqGfWMvv1krVjbblcfPpOylCs4E990%2BKCopANrcpikj%2Fq8GRN48pHf%2B"}],"group":"cf-nel","max_age":604800}
x-varnish: 192774737 191398643
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a39954e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H2 200 clovisholanda_2021-15447451.png
mais.opovo.com.br/_midias/png/2021/04/13/ 701 KB
702 KB 749ms
405ms Image
image/png 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/png/2021/04/13/clovisholanda_2021-15447451.png
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: 8390ca880cb9010395dfcf17e842c4b846fe445a88008317853280d2c198b8fc

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Wed, 14 Apr 2021 01:40:18 GMT
server: nginx
age: 13470
etag: "60764802-af477"
access-control-allow-methods: GET, OPTIONS
x-varnish: 9899530 911937
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 717943

GET
H2 200 andre_bloc-16039537.jpg
mais.opovo.com.br/_midias/jpg/2021/06/09/ 296 KB
297 KB 1079ms
735ms Image
image/jpeg 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/jpg/2021/06/09/andre_bloc-16039537.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: ba959ccf71867a76d7e4bc7bba9477b2d979659980edb7808e912964ae8356fe

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Wed, 09 Jun 2021 03:56:34 GMT
server: nginx
age: 13470
etag: "60c03bf2-4a01d"
access-control-allow-methods: GET, OPTIONS
x-varnish: 3590038 9044286
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 303133

GET
H2 200 ledamaria-12638099.png
mais.opovo.com.br/_midias/png/2020/05/20/ 489 KB
489 KB 1078ms
735ms Image
image/png 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/png/2020/05/20/ledamaria-12638099.png
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: 51068d7e137c6b7726ed0c3761e2d5f06707bf6d43f9fd982e8c585ede2c4dba

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Wed, 20 May 2020 21:28:23 GMT
server: nginx
age: 13470
etag: "5ec5a0f7-7a203"
access-control-allow-methods: GET, OPTIONS
x-varnish: 7620671 3795678
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/png
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 500227

GET
H2 200 ashara-16567683.jpg
mais.opovo.com.br/_midias/jpg/2021/07/28/ 305 KB
306 KB 1079ms
735ms Image
image/jpeg 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/jpg/2021/07/28/ashara-16567683.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: 6298b38f3fff05de65d95e2488175cfe03899c0fdb9708b2cf89d8cb0970a132

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Wed, 28 Jul 2021 22:48:40 GMT
server: nginx
age: 13470
etag: "6101dec8-4c393"
access-control-allow-methods: GET, OPTIONS
x-varnish: 9705344 8200832
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 312211

GET
H3-29 200 1_agenciacorinthians_foto_175146-14807098.jpg
www.opovo.com.br/_midias/jpg/2021/02/03/500x300/ 37 KB
38 KB 46ms
43ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/02/03/500x300/1_agenciacorinthians_foto_175146-14807098.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b08c9f7a86522551301ca94e21255ee178956b6fa21b5b339012a4b862028584

Request headers

:path: /_midias/jpg/2021/02/03/500x300/1_agenciacorinthians_foto_175146-14807098.jpg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7502
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 37841
last-modified: Thu, 04 Feb 2021 02:16:47 GMT
server: cloudflare
etag: "601b590f-93d1"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jSbD0z%2Bi3CnJvyRfPDEQw0uNyZhnhbMXSFztQNrHuRmRFzG3J6Fhal5TZrLHm5%2F0Hp78h52XfRuEvcBLJAX1wnoDGpxgqHIEexy%2BCN%2B%2BD4mhbrtNXiwQj4mGiSfNgcXksKktO3JX%2BRvqAPYexC9J"}],"group":"cf-nel","max_age":604800}
x-varnish: 168829263
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a39964e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 1_20210810103800817673e-16806457.jpg
www.opovo.com.br/_midias/jpg/2021/08/11/400x300/ 48 KB
49 KB 47ms
44ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/08/11/400x300/1_20210810103800817673e-16806457.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f62d058eed4cc539bd198e74f38867d3e7ec28d1d70123573ea231647a066eab

Request headers

:path: /_midias/jpg/2021/08/11/400x300/1_20210810103800817673e-16806457.jpg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 3799
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 49058
last-modified: Wed, 11 Aug 2021 14:39:07 GMT
server: cloudflare
etag: "6113e10b-bfa2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4kUEK5ggzTi70pi9fUOIcwQF%2BzaFLHU2ndu8ivKznceYUDRAcyCpcpJpjztqZ8UhvqEuaTIlq4HZABkD9a2ex6l3ztbL6C8RaxuauNc1cgXoaVC3%2FtyKlP0V0IhjpDhKASS71Iig3tfYYAI26iEy"}],"group":"cf-nel","max_age":604800}
x-varnish: 187728485 182913051
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a39974e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 comercio_de_rua_e_saloes_de_beleza_reabrem20200627_0330_0-16805810.jpg
www.opovo.com.br/_midias/jpg/2021/08/11/ 325 KB
326 KB 33ms
30ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/08/11/comercio_de_rua_e_saloes_de_beleza_reabrem20200627_0330_0-16805810.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0ad109632376588f52247123a1faf794c8611b3b420c46386d00427733623a3d

Request headers

:path: /_midias/jpg/2021/08/11/comercio_de_rua_e_saloes_de_beleza_reabrem20200627_0330_0-16805810.jpg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7491
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 333037
last-modified: Wed, 11 Aug 2021 09:48:45 GMT
server: cloudflare
etag: "61139cfd-514ed"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1j0PdWkEksg921%2FMCivTyZ%2Fes8qvKXjnU2VR6ryrU90rwD7j6PJBdMgw6veX3PYp9naeaPC%2Bg08kv38nax1JVaZO2MbKWWgf%2Fs5yAuxd3cKaXfaI2kmI1AT6%2Fh7bK1uIGhG1v3PVHVLurJmPBEri"}],"group":"cf-nel","max_age":604800}
x-varnish: 174790012
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a39994e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 provas_concursos_publicos_2014_620x300__1__ggh-16802252.jpg
www.opovo.com.br/_midias/jpg/2021/08/10/ 223 KB
224 KB 48ms
45ms Image
image/jpeg 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/jpg/2021/08/10/provas_concursos_publicos_2014_620x300__1__ggh-16802252.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c8eca11d2042157cca4452b3e76ec73d8bea575f1b02a196fe64fdc6288d92ab

Request headers

:path: /_midias/jpg/2021/08/10/provas_concursos_publicos_2014_620x300__1__ggh-16802252.jpg
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7491
content-type: image/jpeg
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 228591
last-modified: Tue, 10 Aug 2021 21:49:35 GMT
server: cloudflare
etag: "6112f46f-37cef"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sFbheOuYcUqle07QSgEBUNOeuEvvOzIDzZDQG4X8IT6W5aUUfxQVX%2BnvEKBWvPfmSNLtLFJj7IrIf8UCueHeUiBAxVWGleyER%2Fw3Nd%2FbxXMrR6AWzwwDhUSZq%2BRs65lFuPzjIZT2Mh%2BGW%2BhYfriZ"}],"group":"cf-nel","max_age":604800}
x-varnish: 174790030
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a399b4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 itau-13309284.png
www.opovo.com.br/_midias/png/2020/08/20/ 2 MB
2 MB 20ms
18ms Image
image/png 2606:4700:3033::ac43:c0c1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.opovo.com.br/_midias/png/2020/08/20/itau-13309284.png
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3033::ac43:c0c1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5883c97b5d12d166d1489e2f96e38a8c4e70b8eae2d97a6fb743f0b62d31c4c1

Request headers

:path: /_midias/png/2020/08/20/itau-13309284.png
pragma: no-cache
cookie: _gcl_au=1.1.2090275383.1628716435; _ga=GA1.3.1658683163.1628716435; _gid=GA1.3.1714665948.1628716436; _gat_UA-23310373-1=1
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: www.opovo.com.br
referer: https://www.opovo.com.br/?
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://www.opovo.com.br/?
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
via: 1.1 varnish-v4
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 7490
content-type: image/png
x-ua-device: mobile
access-control-allow-methods: GET, OPTIONS
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 1687045
last-modified: Thu, 20 Aug 2020 15:48:59 GMT
server: cloudflare
etag: "5f3e9b6b-19be05"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0VQIEbXr4XlUgz3Rk9WvFQ2SHvq%2FRuRJQa4sK6ItYKsNNjn6n75ddMeYCaj62nUlJHRlSCS6yhgccwNp%2Bf6icuwB%2Bx7DTm0eN74lgxz6SwoCO6V61EnswCVaTm5SG0AB8HiBcyB6qE5TUjoj4eBg"}],"group":"cf-nel","max_age":604800}
x-varnish: 174790053
access-control-allow-origin: *
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
cf-ray: 67d4787a399d4e3e-FRA
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token

GET
H3-29 200 RShXiDjJIIA Show response
www.youtube.com/embed/ Frame 9B66 56 KB
23 KB 70ms
68ms Document
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBWHQHX

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

de2497b0f38f31843985675650d9abc40905fa46ba83aa7ef8e6a14b094c7ca7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: www.youtube.com
:scheme: https
:path: /embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: YSC=BejXfQb7gCA; VISITOR_INFO1_LIVE=-I2jNd57S6o
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Wed, 11 Aug 2021 21:13:55 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, DPR
accept-ch-lifetime: 2592000
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: CONSENT=PENDING+520; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 iframe_api Show response
www.youtube.com/ 980 B
513 B 33ms
31ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WBWHQHX

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fc0cbaf945a159758b1e56536890cd2d929d45c74f5c1a0b22a66daf3d8c246a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
accept-ch-lifetime: 2592000
content-type: text/javascript; charset=utf-8
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, DPR
cache-control: private, max-age=0
permissions-policy: ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*
expires: Wed, 11 Aug 2021 21:13:55 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 15ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-23310373-1&cid=1658683163.1628716435&jid=1048416591&gjid=1324207916&_gid=1714665948.1628716436&_u=YAhAAEAAAAAAAC~&z=235526653

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 21:13:55 GMT
content-type: text/plain
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/837786358/ 2 KB
1 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/837786358/?random=1628716435555&cv=9&fst=1628716435555&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d454e6c4da3a0abaa8ffa671f15b8d101073c5e1c1b94af6cba27ec333f3473f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1062
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 / Show response
www.googleadservices.com/pagead/conversion/837786358/ 2 KB
1 KB 37ms
36ms Script
text/javascript 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/837786358/?random=1628716435558&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.184.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s11-in-f2.1e100.net

Software

cafe /

Resource Hash

c5fbf01dd1c6132ce61b7afbdd9fc0c1bbffa294eb3f35dbce36edda8c9043af

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1261
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/privacysandbox/conversion/837786358/ 0
0 16ms
15ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/pagead/privacysandbox/conversion/837786358/?random=1628716435558&cv=9&fst=1628716435558&num=1&fmt=3&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&bttype=purchase&async=1
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 polyfills.63d6daa4ba80a22905cf.bundle.js Show response
embed.radiopublic.com/ Frame FF2C 91 KB
30 KB 15ms
14ms Script
application/javascript 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.radiopublic.com/polyfills.63d6daa4ba80a22905cf.bundle.js
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3893d9665f8fbf07ef6b354ba585077392c45b3f503831a7e1e6ec48d2e2270b

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 11 May 2021 00:44:14 GMT
content-encoding: gzip
last-modified: Wed, 18 Dec 2019 15:13:36 GMT
server: AmazonS3
age: 8022582
etag: W/"097d72b7703cf13e2cb95377efd8930c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
cache-control: public, immutable, max-age=999999999
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: jG7TxOIOHoNEOxCLmQFL9pr0V6fy48aAv3Mt4F9p-uG_5cVkPaYZWg==

GET
H2 200 main.d7153dbb4656afb51bf8.bundle.js Show response
embed.radiopublic.com/ Frame FF2C 649 KB
146 KB 15ms
14ms Script
application/javascript 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c17bdd3155570f35de26a1f74f5d8d38ebd693cb690c8b09f7eab540c4d520f4

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 27 Apr 2021 16:21:43 GMT
content-encoding: gzip
last-modified: Wed, 18 Dec 2019 15:13:36 GMT
server: AmazonS3
age: 9175933
etag: W/"51996d331753822cd1680871ba63d94b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
cache-control: public, immutable, max-age=999999999
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: brnZL4fnppYx9VyV5m9bsxNZ9dKHFg9uNSL4JL1zgz4mlKU0gsRXvQ==

GET
H2 200 large-semi-transparent-play.svg
embed.radiopublic.com/assets/images/ Frame FF2C 1 KB
945 B 11ms
6ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/large-semi-transparent-play.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c97016870b24d7e538d20e7775074972e95d8d1bba9843968034059cf8e06a47

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:33:12 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 2444
etag: W/"352791b998a1ef81e542b4b37adedd37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 5xdQotnk9N1uWJ0FBG_DM4vKbNZxS9uTjmeDfvnWE3lDGcMeQfUozg==

GET
H2 200 back-5.svg
embed.radiopublic.com/assets/images/ Frame FF2C 2 KB
1017 B 12ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/back-5.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 17a7e110fe75abb6ae45bdb59eb36815371f0dcbf3a2a8b1296dccef40cc487b

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:01 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:08 GMT
server: AmazonS3
age: 895
etag: W/"51fca168215f1ddadf9d8b82df8b97e4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: PnC6dyckw6cLL5PNXTGH1f-gp5ETv5seCYiVD4XbJ3tpYGYW4AXqkA==

GET
H2 200 play.svg
embed.radiopublic.com/assets/images/ Frame FF2C 1 KB
862 B 13ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/play.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 55fa35d4287b6076f06fe6c33f5302e04c594549b6fdb2fb67c27a840eb5060d

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:33:12 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 2444
etag: W/"ef5d29e971ea72d8b333969a125207a6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: ZotsRUaPgzRoTmfPyOkvcQmCN8_XLUylYgW1IOv8qNtYU5DTzpJXcg==

GET
H2 200 forward-30.svg
embed.radiopublic.com/assets/images/ Frame FF2C 2 KB
1001 B 13ms
8ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/forward-30.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e1dcab28d56d415e3591c4a20dcb4f579750ddbc5c2927db2693537a3be3d18

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:01 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:06 GMT
server: AmazonS3
age: 895
etag: W/"8392484df7737c2a76160593aeaac67e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 74veYVPkR4f_YSq1L8tQ5obIEEebhwRWzmIjniVA8UMAHx-9O2j3pg==

GET
H2 200 download.svg
embed.radiopublic.com/assets/images/ Frame FF2C 494 B
813 B 13ms
8ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/download.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d981ce75575944eb8894c8288c35a4a433e0073294af0bbe2e197ad896bc4a4

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:10:24 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 3143
etag: "13d192981ff41814a5790114edba6af1"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 494
x-amz-cf-id: L5oVWT3KzlN08QxaQGZ8edT770RouvCw8j1hQHRLJdDtzvW4MriQmA==

GET
H2 200 web.svg
embed.radiopublic.com/assets/images/ Frame FF2C 4 KB
2 KB 13ms
9ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/web.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9790b1e59dc7381d61727e37a3427430c62f5507d85243b96dace08caf43f6e4

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:01 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:08 GMT
server: AmazonS3
age: 895
etag: W/"154bef7bff0e9c58a130e7e11a6e3b45"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 9s4pVQa8f-w1sC7OyVqVIXWY7QHV3P41_KgBqpPixMM_zHQFnMQ_MA==

GET
H2 200 embed.svg
embed.radiopublic.com/assets/images/ Frame FF2C 566 B
886 B 14ms
9ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/embed.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf741964e9f94011b12fba5ee48912ed12c9bc0530448ebb08c0fc69f0c1206b

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:32:25 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:09 GMT
server: AmazonS3
age: 2491
etag: "75ec802dc5528af1e787aed002c19f77"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 566
x-amz-cf-id: YAW8mJYIu43fBCxEtc6BgjmWvJErLwobdIONP6bHUmIqrysrhPWxlA==

GET
H2 200 dismiss.svg
embed.radiopublic.com/assets/images/ Frame FF2C 687 B
1006 B 14ms
9ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/dismiss.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fd27afebefc1df9f840e6c9f09fabda18857d03e89c5245e24d709e7618e3420

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:10:24 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:09 GMT
server: AmazonS3
age: 2444
etag: "3a5a444c9c7d17ecabcaa6f81020f4c8"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 687
x-amz-cf-id: doPlJ-BCCrphUO6TEp9_D4k0txUorkEkCd8hQou4g2TZGmD_JXs3rw==

GET
H3-29 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/ Frame FF2C 27 KB
7 KB 18ms
14ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css

Requested by

Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://embed.radiopublic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 565, 617, 617
age: 12269603
cdn-cachedat: 2021-03-11 11:58:04
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: af3097212757f6b13d804a73f5f188bc
cf-ray: 67d4787a8dd22b7d-FRA
cdn-requestcountrycode: DE
cdn-requestpullsuccess: True

GET
H3-29 200 css
fonts.googleapis.com/ Frame FF2C 2 KB
546 B 25ms
21ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans

Requested by

Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://embed.radiopublic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 19:29:18 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 28ms
24ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-23310373-1&cid=1658683163.1628716435&jid=1048416591&_u=YAhAAEAAAAAAAC~&z=503851966

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 20ms
17ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-23310373-1&cid=1658683163.1628716435&jid=1048416591&_u=YAhAAEAAAAAAAC~&z=503851966

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 box-25a418976ea02a6f393fbbe77cec94bb.html Show response
vars.hotjar.com/ Frame 079F 2 KB
1 KB 74ms
25ms Document
text/html 52.84.45.59
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-25a418976ea02a6f393fbbe77cec94bb.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-254673.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.84.45.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-84-45-59.mrs52.r.cloudfront.net
Software: /
Resource Hash: 7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-25a418976ea02a6f393fbbe77cec94bb.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

content-type: text/html
content-length: 1044
date: Thu, 03 Jun 2021 10:15:05 GMT
accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: br
etag: "76922233be8bdb14c053af468d29404a"
last-modified: Thu, 03 Jun 2021 10:14:54 GMT
x-amz-server-side-encryption: AES256
x-robots-tag: none
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0ea0aa067bccec2bca8820a976e6164b.cloudfront.net (CloudFront)
x-amz-cf-pop: MRS52-P1
x-amz-cf-id: X3BzcX-KJ1DG6uLVn5ppC8twvcrb-CLmHE0hc2xoDC1qB_hoRIZx_Q==
age: 6001130

GET
H2 200 /
www.facebook.com/tr/ 44 B
297 B 19ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=200307651652585&ev=PageView&dl=https%3A%2F%2Fwww.opovo.com.br%2F%3F&rl=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&if=false&ts=1628716435625&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.2.1628716435622.404332943&it=1628716435538&coo=false&rqm=GET

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H3-29 200 /
www.google.com/pagead/1p-user-list/837786358/ 42 B
64 B 18ms
17ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/837786358/?random=1628716435555&cv=9&fst=1628715600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&async=1&fmt=3&is_vtc=1&random=1831398088&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 /
www.google.de/pagead/1p-user-list/837786358/ 42 B
64 B 27ms
26ms Image
image/gif 2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/837786358/?random=1628716435555&cv=9&fst=1628715600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&async=1&fmt=3&is_vtc=1&random=1831398088&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 www-widgetapi.js Show response
www.youtube.com/s/player/4224c673/www-widgetapi.vflset/ 126 KB
42 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21c656c6aae5babedb87b7511e29fad50499615042bf7fdf35667dfcbbf19acb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:37:32 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 2183
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42930
x-xss-protection: 0
expires: Thu, 11 Aug 2022 20:37:32 GMT

GET
H3-29

200

/
www.google.de/pagead/1p-conversion/837786358/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u...
https://www.google.com/pagead/1p-conversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_a...
https://www.google.de/pagead/1p-conversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw...

42 B
64 B

20ms
20ms

Image
image/gif

2a00:1450:4001:812::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=kz0UYabcI8W_gQenyaC4Dg&cid=CAQSKQCNIrLMQ49Y0ec9FYvYoh9ap7SvD4hHYkRGJi2eNMNsoOvXeQD6_bT9&eitems=ChEI8OrNiAYQhsGUkJjWsejqARIdAAVz41l_m-hBmUrecoQCFepcBm0oUqf2H4JpxYk&random=1418464088&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.de/pagead/1p-conversion/837786358/?random=384282868&cv=9&fst=1628716435558&num=1&value=0&label=17eDCNvjrYwCEPa1vo8D&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=3&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg891&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.opovo.com.br%2F%3F&ref=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&tiba=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&auid=2090275383.1628716435&capi=1&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=kz0UYabcI8W_gQenyaC4Dg&cid=CAQSKQCNIrLMQ49Y0ec9FYvYoh9ap7SvD4hHYkRGJi2eNMNsoOvXeQD6_bT9&eitems=ChEI8OrNiAYQhsGUkJjWsejqARIdAAVz41l_m-hBmUrecoQCFepcBm0oUqf2H4JpxYk&random=1418464088&resp=GooglemKTybQhCsO&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 analytics.js Show response
www.google-analytics.com/ Frame FF2C 48 KB
19 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80f::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://embed.radiopublic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 13 Jul 2021 18:24:06 GMT
server: Golfe2
age: 5841
date: Wed, 11 Aug 2021 19:36:34 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19672
expires: Wed, 11 Aug 2021 21:36:34 GMT

GET
H3-29 200 www-player-webp.css
www.youtube.com/s/player/4224c673/ Frame 9B66 328 KB
45 KB 10ms
9ms Stylesheet
text/css 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/www-player-webp.css

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

47175b1daa58725f19ffe6baa072761eeb7e1c80cb30e4c6ba0e58b0605915aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 15:45:05 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 192530
vary: Accept-Encoding, Origin
content-type: text/css
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 46099
x-xss-protection: 0
expires: Tue, 09 Aug 2022 15:45:05 GMT

GET
H3-29 200 www-embed-player.js Show response
www.youtube.com/s/player/4224c673/www-embed-player.vflset/ Frame 9B66 192 KB
64 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/www-embed-player.vflset/www-embed-player.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

63d41983cb11cb819383ae7d42101f22005b612b02e3cfab3ca39a7208778a2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 01:49:28 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 69867
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65180
x-xss-protection: 0
expires: Thu, 11 Aug 2022 01:49:28 GMT

GET
H3-29 200 base.js Show response
www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/ Frame 9B66 2 MB
493 KB 12ms
11ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/base.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e26b31b609e44e401e93111cd65784f23b93e73320a17ad7c0aa21389c118758

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 15:44:22 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 192573
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 504682
x-xss-protection: 0
expires: Tue, 09 Aug 2022 15:44:22 GMT

GET
H3-29 200 fetch-polyfill.js Show response
www.youtube.com/s/player/4224c673/fetch-polyfill.vflset/ Frame 9B66 8 KB
3 KB 11ms
11ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/fetch-polyfill.vflset/fetch-polyfill.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 06:07:11 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 54404
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2830
x-xss-protection: 0
expires: Thu, 11 Aug 2022 06:07:11 GMT

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 9B66 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.youtube.com
Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:42:56 GMT
x-content-type-options: nosniff
age: 160259
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:42:56 GMT

GET
H2 200 back-5.svg
embed.radiopublic.com/assets/images/ Frame FF2C 2 KB
1017 B 7ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/back-5.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 17a7e110fe75abb6ae45bdb59eb36815371f0dcbf3a2a8b1296dccef40cc487b

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:01 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:08 GMT
server: AmazonS3
age: 895
etag: W/"51fca168215f1ddadf9d8b82df8b97e4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: xsY7zcJcKHnq5zM3c5szJvwFlWkdJI6aP-PkhvABm8uh7cVHKXUQww==

GET
H2 200 forward-30.svg
embed.radiopublic.com/assets/images/ Frame FF2C 2 KB
1001 B 8ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/forward-30.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 3e1dcab28d56d415e3591c4a20dcb4f579750ddbc5c2927db2693537a3be3d18

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:01 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:06 GMT
server: AmazonS3
age: 895
etag: W/"8392484df7737c2a76160593aeaac67e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: sSvM7zqlG4Wtk0Qmr6eIrZQ3pBIpIaFu3c-A7XU-wUdbq02BgXEnGQ==

GET
H2 200 embed.svg
embed.radiopublic.com/assets/images/ Frame FF2C 566 B
885 B 8ms
8ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/embed.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: cf741964e9f94011b12fba5ee48912ed12c9bc0530448ebb08c0fc69f0c1206b

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:32:25 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:09 GMT
server: AmazonS3
age: 2491
etag: "75ec802dc5528af1e787aed002c19f77"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 566
x-amz-cf-id: -nXDGzl3GnB2uLjZGml2bzUZXH-jT9-jizV912-Q8B61VAaaoCCA8A==

GET
H2 200 dismiss.svg
embed.radiopublic.com/assets/images/ Frame FF2C 687 B
1005 B 8ms
8ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/dismiss.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: fd27afebefc1df9f840e6c9f09fabda18857d03e89c5245e24d709e7618e3420

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:10:24 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:09 GMT
server: AmazonS3
age: 2444
etag: "3a5a444c9c7d17ecabcaa6f81020f4c8"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 687
x-amz-cf-id: erVpKscF6u9UHah7bmt18jRu8PxLB7OyEhRy9Tg0I2eNf0dNLTZtrQ==

GET
H2 200 large-semi-transparent-play.svg
embed.radiopublic.com/assets/images/ Frame FF2C 1 KB
944 B 7ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/large-semi-transparent-play.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: c97016870b24d7e538d20e7775074972e95d8d1bba9843968034059cf8e06a47

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:33:12 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 2444
etag: W/"352791b998a1ef81e542b4b37adedd37"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: W9Wttf3ZtDP38oeHgWTUNU3cmgGPi5T9owVvD1ok51a7_cOxfF1kag==

GET
H2 200 play.svg
embed.radiopublic.com/assets/images/ Frame FF2C 1 KB
861 B 8ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/play.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 55fa35d4287b6076f06fe6c33f5302e04c594549b6fdb2fb67c27a840eb5060d

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:33:12 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 2444
etag: W/"ef5d29e971ea72d8b333969a125207a6"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 6eW9tmlvVJFWOqZQavl_diHHUs8wb_gv6V4n_dA-W8zGMaXHxPpWiA==

GET
H2 200 download.svg
embed.radiopublic.com/assets/images/ Frame FF2C 494 B
812 B 8ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/download.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 2d981ce75575944eb8894c8288c35a4a433e0073294af0bbe2e197ad896bc4a4

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:10:24 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 3143
etag: "13d192981ff41814a5790114edba6af1"
x-cache: Hit from cloudfront
content-type: image/svg+xml
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 494
x-amz-cf-id: Jj3pK3U0fymg295Nrm0QutirsVt8PRMon4wWzOcAuYT0Qk4_FMgjlw==

GET
H2 200 web.svg
embed.radiopublic.com/assets/images/ Frame FF2C 4 KB
2 KB 8ms
7ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/web.svg
Requested by: Host: embed.radiopublic.com
URL: https://embed.radiopublic.com/main.d7153dbb4656afb51bf8.bundle.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 9790b1e59dc7381d61727e37a3427430c62f5507d85243b96dace08caf43f6e4

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:01 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:08 GMT
server: AmazonS3
age: 895
etag: W/"154bef7bff0e9c58a130e7e11a6e3b45"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: cal0ZCR7fW-HV0MOJ9YC5BrA4rmxOwFVsnR8ZfCMU-vNyQQ4IIhO7Q==

GET
H2 200 google-play.png
embed.radiopublic.com/assets/images/ Frame FF2C 18 KB
18 KB 9ms
9ms Image
image/png 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/google-play.png
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 93de9da26817cc716a1e41bb7508dd98825bfb43ca156d26987d963287dd4291

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:14:58 GMT
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
last-modified: Tue, 19 Nov 2019 21:49:07 GMT
server: AmazonS3
age: 3538
etag: "3214fc1e6a17100f065a527afc736aa8"
x-cache: Hit from cloudfront
content-type: image/png
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 18509
x-amz-cf-id: Ifz___9PGcOm_xRjVzUF4b1dz5DqdzY-WT7TeI693wrEQ69D1_OLWg==

GET
H2 200 app-store.svg
embed.radiopublic.com/assets/images/ Frame FF2C 12 KB
5 KB 9ms
9ms Image
image/svg+xml 143.204.98.26
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://embed.radiopublic.com/assets/images/app-store.svg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 143.204.98.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-98-26.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 25178aeef6eb6b83b96f5f2d004eda3bffbb37122de64afbaef7107b384a4132

Request headers

Referer: https://embed.radiopublic.com/e?if=futcast-GAxDgY&ge=s1!e4944a27c7bae916d6a0e027ae7e2ad8c5d9e982
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:02 GMT
content-encoding: gzip
last-modified: Tue, 19 Nov 2019 21:49:08 GMT
server: AmazonS3
age: 894
etag: W/"d0558d91063038236b60e3ef71fdc1fd"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml
via: 1.1 5d8c59c4e33ff30f6610982ac8ad0232.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: XPzNsTW7aMq6sORzI-6ECa4urFqwg1oVGGS2Tf_uz9IO2PEMnpk3HA==

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9DFC 0
0 26ms
25ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuPnTl2eNCkCeStaPZarga55cPwFHQXTN3ua0mv3q0w2eDvFtXS3BZVDOx8Z8aXuBfzPVO4TIPd-i05hZlAfkbzNlow38wrUEqsvpF92x2IHY21UTGuqLEq6uayIch8szkfwUBeegwovsvSN7eOvV2N-xq3suJ7L5PIJd6YZh4jV55vtFS9GYjw9vgzhrNgTRvrY5ibBKu8R0ALpes6v7OqedXi_rytEBL-ufW-rcw9C9Up3H2ffSSidxKXzlThHH0k5hScI_7iAHh3ZBRE4zhNqRHlpOGtEM6fSXSwL8_dvybw1k-2Slfzm4I2pRkxWjbKzjk&sai=AMfl-YSmhaB6CQw70PyiORpcpenycRvF_XIwv4htrLVnSMTXmahTVrbDEx_JTI8-X1bVrIQZGKGA5nmeJ1dq4MgL3THp7JExFxTocb2xUFyaCMKzXH2cpBMcSyay2w5J3YM&sig=Cg0ArKJSzGFk-ziCjcF_EAE&adurl=

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 9DFC 18 KB
8 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:41:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1961
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 20:41:14 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 9DFC 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:50:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1402
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 20:50:33 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9DFC 124 KB
37 KB 6195ms
6194ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 9DFC 0
0 14ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS6P4daF7pS9QIjXKB2GGbIB8hWRS9G-9bUspK3QoaIEKdVJlnEPgrSpDqE5fdMaLUj5WJbqHicj-0HHq6TleE6eZXOBg
Requested by: Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 16070139301635325997
tpc.googlesyndication.com/simgad/ Frame 9DFC 11 KB
11 KB 7ms
6ms Image
image/png 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16070139301635325997

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5b4653897fa212130fb903edef7589c0e0e8fd2e7b89140eca46359c1110bf2d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 21:23:14 GMT
x-content-type-options: nosniff
age: 85841
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11118
x-xss-protection: 0
last-modified: Fri, 25 Jun 2021 18:32:23 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 21:23:14 GMT

GET
H3-29 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 2EC4 6 KB
3 KB 20ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame F630 6 KB
3 KB 16ms
7ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 osd.js Show response
www.googletagservices.com/activeview/js/current/ 73 KB
27 KB 26ms
26ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/osd.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eecda7280d7a8779cb5ff8bf7459b430bf970052106a1c4b186ff2eddd8c82d7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508781313717"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27998
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:55 GMT

GET
H3-29 200 id Show response
googleads.g.doubleclick.net/pagead/ Frame 9B66 113 B
160 B 15ms
15ms XHR
application/json 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/id

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/www-embed-player.vflset/www-embed-player.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bde8b4a6a7932250743eaed28abd85b5e062ce5c1e1c0d7b3a9cacddc8db3b2c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 133
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.youtube.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ad_status.js Show response
static.doubleclick.net/instream/ Frame 9B66 29 B
91 B 6ms
6ms Script
text/javascript 2a00:1450:4001:808::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://static.doubleclick.net/instream/ad_status.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 20:59:41 GMT
x-content-type-options: nosniff
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
server: sffe
age: 854
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:41 GMT

GET
H2 200 edward_scissorhands_17-16756115.gif
mais.opovo.com.br/_midias/gif/2021/08/05/ 654 KB
655 KB 709ms
708ms Image
image/gif 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/gif/2021/08/05/edward_scissorhands_17-16756115.gif
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: 10ad0fbca352f0d3867dcbf157d2995634564a7f1d648e3599af809ac5d8c8e4

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Fri, 06 Aug 2021 01:57:28 GMT
server: nginx
age: 13470
etag: "610c9708-a37dc"
access-control-allow-methods: GET, OPTIONS
x-varnish: 6216170 8200835
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/gif
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 669660

GET
H2 200 43d187a496656b5a9cfe1a381cc38a64-16648852.gif
mais.opovo.com.br/_midias/gif/2021/08/02/ 1 MB
1 MB 709ms
709ms Image
image/gif 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/gif/2021/08/02/43d187a496656b5a9cfe1a381cc38a64-16648852.gif
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: 1df872b27381fae0c7d9347f74f1e3a80de82342c209844355e92537b0320b35

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Mon, 02 Aug 2021 22:34:01 GMT
server: nginx
age: 13470
etag: "610872d9-13aca6"
access-control-allow-methods: GET, OPTIONS
x-varnish: 6744746 9044291
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/gif
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 1289382

GET
H2 200 pexels_alesia_kozik_6780838-16127845.jpg
mais.opovo.com.br/_midias/jpg/2021/06/17/ 2 MB
2 MB 709ms
709ms Image
image/jpeg 200.194.101.94
SECRELNET INFORMA...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mais.opovo.com.br/_midias/jpg/2021/06/17/pexels_alesia_kozik_6780838-16127845.jpg
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 200.194.101.94 Fortaleza, Brazil, ASN11921 (SECRELNET INFORMATICA LTDA, BR),
Reverse DNS
Software: nginx /
Resource Hash: ebf760ddf1da609d8fe7b122b98658ed1323ddce8c386aa71a455cce587514e1

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:25:29 GMT
via: 1.1 varnish (Varnish/6.0)
last-modified: Thu, 17 Jun 2021 22:53:49 GMT
server: nginx
age: 13470
etag: "60cbd27d-26ae42"
access-control-allow-methods: GET, OPTIONS
x-varnish: 10289928 8200841
access-control-allow-origin: *
x-ua-device: desktop
cache-control: public, max-age=60, s-maxage=604800
accept-ranges: bytes
content-type: image/jpeg
access-control-allow-headers: Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
content-length: 2534978

GET
H3-29 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 7F61 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E4B5 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 54AD 0
0 27ms
26ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstpC8TEM77vj5u0EvtPxUCaBSHPQ6Dkh1wjI4ulPDZ9jYPICQo_tt4rGc-D4Mc-5MA06J7SSsg5JbGYcgLc4VKSpHHilCMlBH_H_8j3ynX2zPdLrx_wvMQtejKdWKWgMNrSTDnl-Noyvn5BUCJNg6ZzK4SvgZZ3V2R8P2NACAjtUt-SYjfe2H4-satEj4R8HM3JcQfWLquijwWtkqJZo0qyq6dVTwqQQHnup1QsvBm-QtK4PDo5G5uWJ3PZGhX5SyvF6dn6nK9p37rSzNfv_H_BmQZnlaIZ0ipnxi4kQkOh-rvGjGh-MY29x7mDnHh7Ag&sai=AMfl-YS9ehRXt34TkBbcBAobkxsZIwZd22_5AvJcECkY_qyUMbOKgU0YEq-arE7Tb6YSYjYwhSIYDwzzLSD4mSkctIl12GV_yxClZ0JsFYPUXlvBmc6TK9K1YDetR0VJLP0&sig=Cg0ArKJSzFIAeaelNNFMEAE&adurl=

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:55 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 54AD 18 KB
7 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 99
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:12:16 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 54AD 2 KB
1 KB 15ms
13ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 136
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 54AD 124 KB
37 KB 6070ms
6069ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 12117038990469997748
tpc.googlesyndication.com/simgad/ Frame 54AD 12 KB
12 KB 18ms
17ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/12117038990469997748

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

973e6795da37c3922841c161eae4f74ee150fb8e4ce740104b44d4601d0f6278

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 06 Aug 2021 13:36:42 GMT
x-content-type-options: nosniff
age: 459433
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12342
x-xss-protection: 0
last-modified: Mon, 25 May 2020 21:37:15 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Aug 2022 13:36:42 GMT

GET
H3-29 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 3EF0 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 remote.js Show response
www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/ Frame 9B66 95 KB
29 KB 8ms
8ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/remote.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b9cf652fa4cfc3b7d5cfcc57fed17d0c4780061e6c643fd03141e94426f26936

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 15:44:24 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 192572
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29745
x-xss-protection: 0
expires: Tue, 09 Aug 2022 15:44:24 GMT

GET
H3-29 200 DydZgTxJbj4WkQtk7-lHHyYpajEQA8iwHywFbszFFf8.js Show response
www.google.com/js/th/ Frame 9B66 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/js/th/DydZgTxJbj4WkQtk7-lHHyYpajEQA8iwHywFbszFFf8.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0f2759813c496e3e16910b64efe9471f26296a311003c8b01f2c056eccc515ff

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 20:00:44 GMT
content-encoding: br
x-content-type-options: nosniff
age: 90792
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13238
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:30:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 20:00:44 GMT

GET
H3-29 200 embed.js Show response
www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/ Frame 9B66 25 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/embed.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/base.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d717c22b73d39caf59c4d46c23774ac2386bfc80937b90fd09ab56c0f2e7b072

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 15:50:57 GMT
content-encoding: br
x-content-type-options: nosniff
last-modified: Mon, 09 Aug 2021 00:18:29 GMT
server: sffe
age: 192179
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7445
x-xss-protection: 0
expires: Tue, 09 Aug 2022 15:50:57 GMT

GET
DATA 200
OK truncated
/ Frame 9B66 175 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 AKedOLSYHl8K3x8TqgPS1rWvNly_31PGI7HpBIEOIVDDCRI=s68-c-k-c0x00ffffff-no-rj
yt3.ggpht.com/ytc/ Frame 9B66 3 KB
3 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://yt3.ggpht.com/ytc/AKedOLSYHl8K3x8TqgPS1rWvNly_31PGI7HpBIEOIVDDCRI=s68-c-k-c0x00ffffff-no-rj

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

4d49733b68153b5908d90444dd86378352eba5f9c0915fdb780f409ea126a889

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:05:01 GMT
x-content-type-options: nosniff
age: 535
content-disposition: inline;filename="unnamed.jpg"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3000
x-xss-protection: 0
server: fife
etag: "v17e84"
vary: Origin
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 06 Jul 2021 23:13:38 GMT

GET
H2 200 sddefault.jpg
i.ytimg.com/vi/RShXiDjJIIA/ Frame 9B66 21 KB
21 KB 6ms
6ms Image
image/jpeg 2a00:1450:4001:809::2016
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.ytimg.com/vi/RShXiDjJIIA/sddefault.jpg

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2016 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b4d0b0ad9c7d497814338ccfb16c3ffab79729f3a2f8b1de1148398ce0bfb798

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:12:32 GMT
vary: Origin
server: sffe
age: 84
etag: "1628618793"
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/youtube
content-type: image/jpeg
cache-control: public, max-age=300
x-content-type-options: nosniff
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 21604
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:17:32 GMT

GET
H3-29 200 css
fonts.googleapis.com/ 15 KB
1 KB 15ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: d335luupugsy2.cloudfront.net
URL: https://d335luupugsy2.cloudfront.net/js/rdstation-forms/stable/rdstation-forms.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e5fe677f5b7e72b891cd094fc07280de57be8c282ac46c6640cb898f2fc75d01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 20:16:51 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H2 200 select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/ 14 KB
3 KB 17ms
17ms Stylesheet
text/css 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.css

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

939b4f5c505097e74e93c3a6a82b69b516bb6d160d449bafb37edb72ab260c1d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 449792
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 2295
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fcb-38aa"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sELHMKcG9JhSVL%2BkuKEzZ1zG3yk9VV6rOcCP315OTcKRQ9n38Vovzm8gPq%2FLC1wx5%2FUgf1dGJHTHeyTgI5FH4X5w06pismbRYAPYZHbxWU1RaJP8b6sXGvLR9kc4RcDZOjqJT4hpUAHVjCt0q%2F7gVjNZ"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67d4787db909061c-FRA
expires: Mon, 01 Aug 2022 21:13:56 GMT

GET
H3-29 200 select2.min.js Show response
cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/ 65 KB
16 KB 22ms
21ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/select2/3.5.2/select2.min.js

Requested by

Host: d335luupugsy2.cloudfront.net
URL: https://d335luupugsy2.cloudfront.net/js/rdstation-forms/stable/rdstation-forms.min.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f3cd9162638b743c8bf4d939bcfd1dc256f2e97231e13b5cff600502a78a10e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 10238080
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 15507
cf-request-id: 09766cecb3000063b9c688c000000001
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:16:11 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03fcb-10424"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BUKd6jdzvAZHQl%2FDYT2ilxXibeK%2FQpP69LsWIMkmsKL58SGJGdZ7HlHb69UaJmbk2mmk0sKUskn%2F9mMNMomPoOVBB0ayAT8tSdSZrZzu8Y5lK7rMBSNVoa9KkCyvCiPyisKsHXPLp47K1c6hxrwzyDf9"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67d4787e09662b1e-FRA
expires: Mon, 01 Aug 2022 21:13:56 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2A20 624 B
297 B 17ms
17ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJHu6K0BMAE&v=APEucNVs4cvfmzL9-ZXTx3UoyuBhTLwqcSxcIzq360xWN0BueqCEA8Uh96GD54O17feQxWWFVOtOSa1daMbN0aFhzC4-gicYjJ1axPcniwnuLTrLLppnNkWoxg-Lp2je4rEKdgR-qtaMK6CtpsjeGyZBZZpxwke-LGg8tq3Db0g_OIjh_ojznAA

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COWiHhDhjN4CGJHu6K0BMAE&v=APEucNVs4cvfmzL9-ZXTx3UoyuBhTLwqcSxcIzq360xWN0BueqCEA8Uh96GD54O17feQxWWFVOtOSa1daMbN0aFhzC4-gicYjJ1axPcniwnuLTrLLppnNkWoxg-Lp2je4rEKdgR-qtaMK6CtpsjeGyZBZZpxwke-LGg8tq3Db0g_OIjh_ojznAA
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlEK7fk7ZaLkpmWaZ6Y6rCuIQWzSIbU5-v0K0lsLJk4Hg4YHI6uiTTrukJy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 21:13:56 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 2EC4 76 KB
29 KB 50ms
49ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7SzkFdbzT4crQeLUPAMCUJViBYvH_Nq8eDK7d07fJ9QLfx82F25LunRRgdT3K32QmTaF0EvR-9jMB5JLeCI9F0xvhXAbtk_jfemqtfCZb8UzC0Bm9kEA47H-2Yjy0FPukpsVBvYsTtG82Up6kbon-85jUiw&dbm_d=AKAmf-DBXBhYjUkTHATQurfhujnsnQV14R5N6RanBBSX8ZMrUfdqtDeMRG_80yxqGHjEv8U46lhuIm3qvORIyQ2TJ41emvPuLwVdGoCURar1sETWYkKvQ4bMCi8feih07ZXYYyletHyHpIRfmDlNFfWlnF7w5QetDXyYw7zQmgyqBCb1bUuzooYKKMQMvIqVRdeeaC7YvIB210pMcPWnH91-50M4365pT9_PKoeMlzHYOywrMiH5m8Z1-T-Kmu8RpLAeHKW-FGjFy0hhPqfJvUdKPxZDqT1Ac0LFeuwea-pHHs0wU8Jpxk26EtNNJVI3G-MnHkj73nM5CVrNMgqOmEOZKUgQV56MTFqVU5i9LywDeyf1MgW4oShNmou45-jtSJNJCZGXTmRjROiqTvr9EHYMurzwiZQU7bvHw996iux3ObGkXPaWJPZYjlRiO8qQ6DaQ8hphNP8YMvt5bY8eMRpJiesITHbx5G8cARPK7CXtur-XVCkcqHT8F2Z7OIqSIRqTsAHoGbvol7k1hLuCMuI2oSAqVVbFdVfSYwUfZDnfibC1yT_EPjteZlq8ItaP-k6GOsmbSTnWlaB7Ss04huQHPwkU5OALMVyPyp7pkQ12aiX73mMsKgC6_AiTQ2NmWKVaaqwthbVmQtoCB-9iVVR4otUS0Brf_1wZbXil0bkIx3X1va1iX2PQtVlTfSVF4MdesQFaQWEZ9_6SKhT4jJJThhVhSzjgO8IY6JWd6VW0WgBkQQ0g1FXUdvklJCr8EPA4vKTp3sfXnuMecDWegAlrIqt6HnXBSBgfa9cGOKv6tMtS0z97ehKXkDYtZCd27WCNQ5eGvZt95nDoKDQKsUHK-QF8emOCHe7UcE0qDtOicOHI6CgIbfLTzkc7Qxjz3UTI77Jt4_ffDg7yw7OfsqKUWKB0FcvrfYnlSZz_0eu6OfaOpU-KSi0lEPQWRHs35ufl7O5EbFxfvgcv3GxAAVv6yCOtPzYJt9lIGIbByIzoJCuxE4Zn7T5ZmDrGUdtmb2Eo8d3Rt9nGEGJpHPOW-8Pw1fgrrDfeu_i4vNHFL3JL3qFYXWklKNbwvWfV-OcpUFa83n5oRr28Lhar-ZWPScngovYUa44qWXm5c_a--8TFiUo1HV8crgU-R5k25TpRctGDORcn7TFTr0Q1SCgzYvyyJOyBgjH39CN2gm8eAoEJxQmRlHlJHaablK5f_5oaDK4kqn6YtsjGZLDVuU3MRYwvsah9n-vzeBu9nIz9biD0qkMdHCnyGnsqvoSL4nNusiEjWOpHe_RGIqCt77lKKnJUfmOF5rCHVXGLfzeTH6itrQfT_h1IK_ja6SKWHacnuaIaE4sGACJsRqWXwNS3TdXPRx4AehSAiq7KucPvlcckiu5ptwm-nYeJOg33qW9ogQYpEyR7kq-1K0pB8TeE040abe7jMRCxUBuJMCxotHcmvbPBzNs-3K3b6acIK1Gvo0vashBb-5kXpuDEfvi2eyYu-vBNUZIR_oh9z9CbsX00KNjeKH6daIo7tceuTbWetV_DUYiso9DIngb5mWkwgW1JpWamGS8Tqnf-fIplYcHR7kToTqmRKJPkK6NZRqJA1BPxtBraZ20tPX84tR4nil5PAlHZNhJ3Qy40oz9JxidhIyH0ZyeDRv8IisqjWN5_kccTHK7XFKkQAaF28gA_czcBrM0ghklDGZnU1OGcvBy-ZXc1V_4oxORpw0t-g1ij8OQ10SGImikQmqiuQqFLPYD18Ovr4o-X_XuIzufUvUD0DtMmmPb0AFkAzwsGVtEU_1TRpkz3SIoTayapTIxILgBLo1x8VFYvfsucbGT0d7xC47IgwJCGLlNIRYcKC1l5BOKzbeE_A6LKtzDJs5ELuvrTI83H_-4KDoMrgXqI28FhzYY6bFlMCluwOtM0wLvnxUvXrI2eq-1r0cPcHD-RmlSZRDL54PZB2FClN5Paq0iVyXsfY-XezCE3i1Piqlrh9JdkkR4YenbF5zAgsPzGNEhKifEpeH9MnZzstQx_gqchKvEuoNAyHs-CU3OVnHvYeuUME0P9WPHXTfiVXAW1gl-jHMX52qDK9WOZ27XxPTbv0oOVKnb3NeInOw2btglPBJdrTBTaF1OWdG2nzrvCVqlpZmRQSqtP82fzbay4y7LZ-9t9ZmC0whPrJqOwRfgpKcKoPb1Jdb6nuzHyOlzALd2ecmAnhIgrr8yx0MBrUYeZDOeTTx7Wo8umLQDBBuzw1BY-wfS1Yez-wj5xWdi-ViYqypKTQUjWAke4_TI6TCq1nIthpOSaOrgs9T2KVbkDUqXJ7YYVKAsbU7tLcb5Jym-nRDF9nxhMhg4mpnWFGw_rbiGDrQEhiXHxTmVPvnzqLJR-YoFGn-k7GR6djs7Gk4GweKPfsA3I3pEq39ktkwKinfoYAW41IuBov6L_Nbxt1pBBSoAXB9xgtti5D2bD6C74qdDU0NG1RPaiGr7t3BNtipF06Y3pn0lBib0KafJWtnYmjWk-YGQZqK_mlJw6f2_uWc6O7fzVBwYVh1ObnVGs0XSat-hQ5_CdmI2zlIoSkHwaSqpBkL_T3nqOJWAon-Ymort-GhZLszWZP1Jf8g9AIV--c9U8th4CasMN2OaQH1GNZudEBKxsncbfpb37GPqHkRW7dcIhlUYziSVb7tD4wnbBvRDSF1ACTlGuZUUHwtpfSNWxreiBzoNy5gUJpOe1-8_ohG5QYL9L6cvip6dRSOmLfh4Pv3tR9QE-je-HQjPk7yU1GFAUH2b2_kG1PPTkZ5tuKDmLaNg0esdKKQNIYNEJDnmSCSh2tMUjGTR7moVcltvv_pYl1ZUkOYnxHEPmTSnyPtq6MCOO9CJNN8oaUM3P5kfqKGkEdTlDyNoeJ7Vqi-jP8-FkfUt0FGbOi-Kw78-vlv3SRoHOqBZIoQmhrjoO-IVADrYOKwHkuavNzYkjIW2v80bgqH0XCYDYzvdQdn01k8x8N0tfrvhVCAUzkxWM0_8md_bHmJZ5W2bjs2hhFPojgO_TMGYID4_SYIUBJpuWeGefx4RgzChgG6Es9xZe3QCw_QL-t46TySm2QiRj6Nt1jThRIgP2TqmBO72g3TAcIKZTl4W26SGJ0EBOlN2aQ3U_cobu596g6zoEq4A3jhw3ohMwurfKi5XuxgbdbS44g2wytw&cid=CAASFeRoWEDypxjlotQtklx0-pLXukW7gg&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b18d61b86715bd86a3e4d8af4564ab2a03bf8b0bc02c0aba56a9fa116fc435cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29195
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2EC4 42 B
107 B 27ms
26ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BT8NSB8Rly8-pigLlgeYp8a7s4tkFwEHe88r552mlehduE2tsb1mThKTPM_DHIahNSZPdpdX75v4gCNFvHOklg1YJQFdtQQVpW1YcQtaGnyL0C5xs

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame 2EC4
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/741547/55522419/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

43 B
482 B

31ms
31ms

Image
image/gif

2600:9000:2175:a200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2175:a200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 02:11:29 GMT
via: 1.1 c4acc760356ea7c6beb4a9af299dbda2.cloudfront.net (CloudFront)
age: 16138948
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: MRS52-P1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: XE2rC29skJh1d6yfOvGvqdMBOkf0drMBo6s6VdCGBuYYrbyMP1n6IQ==

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-server-name: app20.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
cache-control: no-cache
content-length: 0
server: nginx

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 2EC4 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 2EC4 124 KB
37 KB 5881ms
5881ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 2EC4 14 KB
6 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 4A59 640 B
316 B 18ms
18ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlEK7fk7ZaLkpmWaZ6Y6rCuIQWzSIbU5-v0K0lsLJk4Hg4YHI6uiTTrukJy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 21:13:56 GMT
server: cafe
cache-control: private
content-length: 295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame F630 65 KB
26 KB 88ms
88ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CGAPKrs3S9Wks_EQ91Co2UYqskjn3SYYlpoiRmG38BXqcrVIHpHx7jvONqub9CS0KPofSKjwo0YS81E0l073rqqodQUqtD7kv0LTOMziOFCZCK099nZsdoWAwL-VZsiIKdJQHdKJ9XurOoC-Jsj0cbgIUpZw&dbm_d=AKAmf-A0OuWBdotZXpPYo9_4nIP25L1AAQHubKClE9mLs1NdrV61Ncie76gkzrYXFhbWMigySSL6lQ0zC_pKkbnpeptlgOfSBz08zN5QsKiYFFzW5442dkBj5istbhIPsQd-4qgu54KuB-16LmnCt4IYNEY_tXgJJF0V1Eh7qTyFwQuvbUgA_S0G1KrgvocahbLu7uCyLCQ3wEG6IijNzzTqZcFSZQBHh08vqWoWPv-Uk-7bh0qvGwXOZu1XQbiuNBZOGYpZ4MCDsYvr275K8ZYohVxpllF0W5PWJMN3TfPP0aWQIfze97652-FCf9JN44jSnnS-qyafhxZXxQS-S9fDN8AxUsD-5j97UdbC0Xg5pttknz8qLZMILg9t73C-w2bMumptwJvWxlcAjfO8NNySaBhnehpGjjKo2mF9_apR4FxVhwf4qRpMMQjP2tSIrCkpdtbuRsETLafUJO9ulfSoRbu1XQb0DPoRsOLh63I-y91DaAA89dUiVdGk5rwA6RN-wNLg1vul0-WooxH0ibjVnjGqC-J7_i7_tJ1A-BbBgFZGhPN6vNzX3td5biQDecyoTSgymHfRfTLsaS5QOZRSm0p9rNrrkbzqKz_ql-DtlDtLWqAlLEvhJH0Zq2yKhqvxC_A3T2k9HDAUOxh0fnfnFcE4HLqaKyPEEpMz8vfR-eCQcLKFSxbnXmlS0BMOZCreIwSRW0TtEvt1mC07IEDon7DJvXIweebGeYJajUNcL3ZPfgrDhAnm4_20rEden7gWEXRrIOVycWG11TC63FkHANXu_0hKGd5cXowHLfDc3ve0jIpnpYbH8SD34brr2V8L6st2sWNRH2Ef1WHjC2ei56cowcfCvpzrmsCvcQdTzKwmg-O5Y42TJCApzOR_5NG38GQrFcB0wD9ENtzoJC4yGIT0O8Sx2JVe-EAujxo9kMJaMQ3A9zLo3aSgHHCuxcMWlTimMfJF3xd5bcgvKTVFmKD3x8wI-IFGDJUJyy0aOKDjq4U_X88GtVQGgnCrNEBaW_ilxSe8apEehjbhW2u9ws_iexdFK2QPjV6lc8gsTJdFL9iS7NmvFFjYlOtntDnPHd6tTsczIDu8oHDca9ZkH4Gj1czGxznQAt23xZh-klatU78fkAgjlH9hUwmhtYKqdCpqp4BQ5UInuwgeDjh-qw7PiaQIpDytPHAoYf3KTbr3MbMH15rqatJhGWSKl0MASakX8WmXuePp2WejSKgNc5C65c2bQ7f7FoAQv5LCbOs80YrZ80whjpMVP8cmdk65DUX0wHd0Iv-PHUcEqG7b7-1PMqTvjl4m0Uagps79Ww9XSmRWSYwRc5Cxc3QkolQOJ6vHQQpOI8VVQR4nNMqG48V-HaLtOy4VneUrNfGYK5j1-Jw4aHXH6TSleFraxf0YYJe6gOiJihZIADC8l1KNIk6q4WdbGqGQVFR2aOcTpXfzUAN9_AIqNYo7Hw56lWgfmfeViWMQN8ALMf2ZWt7DoKPLiMs9eM1SE839bIwv4dxGJtqPGoWXBqEO257jQB7XPyngnrZUms8n6FfhmuDbzkdTBcE7quyWJgfU98IhZwc0phEZ2NSZvMi1RD9K4mNKv-SPc1ejoNFbD-03Us_kilninYd-jJN4lQnyX_VVckoVFuiflOAxDepvOBBJ3XaKdTPJKe58PI7o3GNRh5ssQpV0PF3HREZwnGmjPO5onEyCE6Y_kR4w3rqVADOXbZk2W_kqG4wWA-9kG59naoSzQmFshK-WujGWahizXNv3PLJGGOFTWKSlR1CXzNQ7usW3_-fj_lLHpndA_ETP0IUC7jXR6fPbU1mC8UCA5ghnmuHyauWfsAaDRxwU2xIIihPWMdTEWrfPLPPYKBSJVacfIrhgsAqfQBpwa9NzqsgVfdcI1cjeolimEdjy8rjkn2RFifvkuijknLzDCSDZXpk-R8QIXYiil4ufxMfyAD_A_3svHFBanKnolWlKU36sCRVd9AVCokj3nxehzxZWKuXf-KMoIIdo1FqhyjDGfNQyITESxCo68eDKxB8mo_2I6TqZL1b1MwtjU6g6IFGkSs9dxZSobnJmmMaWUJZXqTmTFTmmrI6Yxcl3-4xb84luD81N6zEeJ3p_CsM3nvkpY0jORs8qEyPZ-OzZIHUnSjmnP_sh4ZA3ww5g5ID9Fpp5OFt2_C9YCHMrGPNmMgqMmzRONQToHo2i_7SmSIz5voVfCxhr26iCBUbbrQpVAQVUP-gK-aRAqVCDdEmWgskCojH3B4dViJnlnAHXF8Ztm2MdjMr-noBr64s8aqWh5ydysM6K1w2qn47xD992TK9kL2N8RCFLhKX0Vhn89C425PU5B--Ng93JfAaa6eZye2oa8zmOBTbM7h8H5l-McjvSh83g3-9LSVgaro4d-MoHvdbl3aC8slPsoaDyd9a6jEITCgGX2KyMFPmwaUx168Z_4xdzdkiMT1HwD0umkUUpV_WPYY-BjGmTpcROZ4hTK-DMU8fgYdy8Snj3Vbrml8W1R4K9UMViH0skrPJSx7f3Je6yWALq5BDXpFhmwkpAIU57BPrGIdKdGbWCdV95IBw44lJ79O8wH4zinfSUh1A2MN_MC48TCym1G5QDMsY717IwB67oU_RKN3i1_ZkG5pQSHsXeaVHUoP5hs4Y1UnxAZ3KIliTGDL9rJSrll7dWCj5SSoXTn598uhJ6I2I1el0fC1zVgzbUjD5bgHS_-L0p-mOy_2h2s1aVRqryNtRgfHWjpzhIaGar0U99SIFYJMTtAEjBotP3aatFCI9kIVUuXMUa09guJH3ZLpYlPPylUIbhzfsxELCOxz_XIkYzoRPqlAKzzmcRviy6IxZYkn_lk60-XWpE4AV1iwxbku8syS1gncKjELYugn1Shm4eaYI-_7zLC5e-fHYMsVUmjWXhxmnjcnh4zykmqIVcosIzBUqOzkwknF2anCyHaFoqHisEvcdzJ6A1qEZWlN3cUDQPz32kEWBXv1c4UdT-ROp3V_wX9JyFS1h8D_Jm9CEmaAQNZJ_pMgM5lUNHCZozxU_fHngFusHL_3zMrSKwQwsAJX8gUJIr-fSjFrXs813WRVdUPiUrwDmxEysuEixJHEP9RbTFdmvrnxyBScrpaVEHe4QKDiKcFDxBPNEQlVoJBymu2zILj2cVjQXR8g&cid=CAASFeRoVyxiJXd_jcURlVbSR971wMFjqg&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36fc82ad82111bf7da88225f18aab0e154bed6944094d09f837b4e7ab2b8713c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26365
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame F630 42 B
107 B 27ms
26ms Image
image/gif 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DbBmmliABu5QVSSg64GGV_TfL3xkUeMLi7jP-yCXwpaoFrCeHkT8-VP67XBEAs3JEWhW6sl2LlTX9OifagLFQYjj1smztct27yAXXdpoWbjnkaHcg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame F630
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/741547/55522707/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

43 B
482 B

32ms
32ms

Image
image/gif

2600:9000:2175:a200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2175:a200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 02:11:29 GMT
via: 1.1 c4acc760356ea7c6beb4a9af299dbda2.cloudfront.net (CloudFront)
age: 16138948
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: MRS52-P1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: nB2jDl7uAMMtbE7fx1l4Y3eYHPAecKAupzMyNLDKXo1eFeJuRyUcGQ==

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-server-name: app04.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
cache-control: no-cache
content-length: 0
server: nginx

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame F630 2 KB
1 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame F630 124 KB
37 KB 5873ms
5872ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame F630 14 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame F630 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRCNnIzJtFhM_JE6_RnQKGH-fAGdxPt2rwbVm_Cjga-49My0Pb50_va9tNkTSlu_Ld0_eHbStJWqGeiRj--E8INhrpICQ
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 15 KB
15 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://www.opovo.com.br
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 06:52:18 GMT
x-content-type-options: nosniff
age: 138098
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Mon, 05 Apr 2021 21:10:35 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 06:52:18 GMT

GET
H3-29 200 /
www.facebook.com/tr/ 44 B
91 B 7ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=200307651652585&ev=Microdata&dl=https%3A%2F%2Fwww.opovo.com.br%2F%3F&rl=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&if=false&ts=1628716436199&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%20%20%20%20%20%20%20%20O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil%20%20%20%20%22%2C%22meta%3Adescription%22%3A%22Not%C3%ADcias%20de%20%C3%BAltima%20hora%2C%20an%C3%A1lises%20pol%C3%ADticas%2C%20neg%C3%B3cios%2C%20opini%C3%B5es%2C%20esportes%2C%20entretenimento%2C%20podcasts.%20Tudo%20isso%20%C3%A9%20O%20POVO.%20%20Somos%20multiplataforma%2C%20comunicando%20h%C3%A1%20mais%20de%2090%20anos%20a%20hist%C3%B3ria%20do%20Cear%C3%A1.%22%2C%22meta%3Akeywords%22%3A%22%22%7D&cd[OpenGraph]=%7B%22og%3Alocale%22%3A%22pt_BR%22%2C%22og%3Atitle%22%3A%22%22%2C%22og%3Adescription%22%3A%22%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Aimage%3Awidth%22%3A%22400%22%2C%22og%3Aimage%3Aheight%22%3A%22240%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.opovo.com.br%2Fincludes%2Fassets%2Fonline%2Fgeral%2Fimgs%2Fopovo-online-img-og.png%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.opovo.com.br%2Fhome%2Findex.html%22%2C%22og%3Asite_name%22%3A%22O%20POVO%22%2C%22article%3Atag%22%3A%22%22%2C%22article%3Apublished_time%22%3A%222021-08-11%22%2C%22article%3Apublisher%22%3A%22https%3A%2F%2Fwww.facebook.com%2FOPOVOOnline%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22url%22%3A%22https%3A%2F%2Fwww.opovo.com.br%2F%22%2C%22potentialAction%22%3A%7B%22%40type%22%3A%22SearchAction%22%2C%22target%22%3A%22https%3A%2F%2Fwww.opovo.com.br%2Fbusca%2F%3Fq%3D%7Bsearch_term_string%7D%22%2C%22query-input%22%3A%22required%20name%3Dsearch_term_string%22%7D%7D%5D&sw=1600&sh=1200&v=2.9.44&r=stable&a=tmgoogletagmanager&ec=1&o=30&fbp=fb.2.1628716435622.404332943&it=1628716435538&coo=false&es=automatic&tm=3&rqm=GET

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
priority: u=3,i
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 0F2A 499 B
334 B 51ms
50ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYnMXFlQEwAQ&v=APEucNUYJ19k2z7OvDidWcvgapS00LxiWLgJj-OQkawp28ggjgsilBA-S9SCkFgWwbXeX3SwcFPWCC7G0a7lr70F0-FtP1w-rWoI_33bKWF2V2e0Pdu1CU-adRtUEgZHUZUm115eYoQ1ApO537BLCKkIRD83K6FBHGBU0PvVb-U0Z0LzVD79qFw

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYnMXFlQEwAQ&v=APEucNUYJ19k2z7OvDidWcvgapS00LxiWLgJj-OQkawp28ggjgsilBA-S9SCkFgWwbXeX3SwcFPWCC7G0a7lr70F0-FtP1w-rWoI_33bKWF2V2e0Pdu1CU-adRtUEgZHUZUm115eYoQ1ApO537BLCKkIRD83K6FBHGBU0PvVb-U0Z0LzVD79qFw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlEK7fk7ZaLkpmWaZ6Y6rCuIQWzSIbU5-v0K0lsLJk4Hg4YHI6uiTTrukJy
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 21:13:56 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 7F61 24 KB
13 KB 51ms
50ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bm6hEWWBHlXhKWAcNZCGsrSFHoDIZHVY5tF8-SG9z_FeggvN1sJK4w8z2j4DVh8juBKbVbQTwqyJiryNJML6VuWfFuXUIGhXfE-zKVKZMkionhA_MP_jB8ACBUmrTCMy9ZF7ynXsGSjxFcW__EnH0avllvFQ&cry=1&dbm_d=AKAmf-DKn2VF2Yl1CrF_Hf9RbkNIy9OkgR8gj1mmAfg5Oahe7fJyDcAQBmiJBk7CN0qbxPxopNSzq5E0PrbuDTSZS2O-SNlSb2fKQnToEjZeKmOq2kv4EEXER2eaGr_sa0km7P0IhvuykIKohH1UdnW_ynEymTrqQCJrSco7bQTjPlwZHMvcwEAUTPbDFEENBTyPRFEiy0Tn96oeMgtIZjLEsc-JxEU-pGyEB7F-ITLinAprwNzQLeNDkOMUo6qpTtlrEVwRihRtz7zglzOwUBy7ITFB_kb_Dk0XjFf3NaXudySI7-BQCBdezwYc_vlLhrs1u5g34wNFFzW668ObUA5qaEw6kciQVOFYdZupkneuD6oqrN0sLMwGZidCldWzwnldc7hNWbQR86PY1AP0UYTfM-V7k0rGhD0dSn6oiyPimJYESe6dPPUNOA-A03kFRQ6Zd6FEjmY8eXrk7qyc-RW00sk2to5IRJ0f6v_hIq2VIUUQnjjTHOXPXCDKcFonr-50DpCEy8HNA_E5Z8Ca_Ud5OFrpdvloqqyhOHY6JYWpjplbQsjJdioHDbPPvrJWXeU6uatHEpdYtt_yZ4iKZswoLhOVQ6raKzQ3w7qUY9e89tPAJdnRVvlIt6mFOwgkZ4Y_Xu4HGqMchNT0tZbszjAO-pF3Qnbtwn_e-D4aRByhL4_Sw-0EOL8GzhpEz2naLWFxsXP3FTwrifbSb66rv90c2ZMGMIkeKUasKD3gWQUMtk1ASjnmFvFU_DHPSNJ77bD7VEDAW9SqD0d9x5hb1HY0IlZwu9Md6XtDJZwYN2Pe3rrnm5VD4wBI7aANnJgsbjMERMbF8lIMBRPlpSAT1QZpTGo3NC6K0WCeDafBRaqVTDoblt2Z8xnQWD1gch5tS_1tLsiIt2JQfPCzfVTJ0PCURmW8OjaRUQ2yhjt4PCTOqvFsf_iES_ZdiErtb6MDXhpyQ2M8GPoTCVzU8ZrhGQ2PlK1lxxYRzheZQefY_E2JPl-J1anzteYUVGT-2_N4cJa2uPiZSWJwS4QhACxq2scILckzhmRE6amyRoTvzQsiFv8ZZmp9wK6qJZcnxJYVjLA5CmEAzSPk2DSd0pdP9NinUIlgQ5QUGdE5ilU-0IlOPioAXWmZZgy-p05HBLOcFqARil6d6Jaexx0Kj8lETppKe9twND2MY_4CI5GEKL2GwnJW19z6pf-XADMqClD8p8MGnSL8CaSbq-0FrN3appNsRmozNz0WXXG9x4GiQjJqkzv_4lNND9n7n7v956neMeKYFXXdyifWtoWNlRP-qSrnlqg7Rt9lMa5xzFFHZV79mBCaBsg8eGpf6chrf2Bdmafrou9ZdzQiioyPfST5-m3lEqFOQ3BvAvAcZamG4EWFZOFtQIbhX3oQHvFTpuejT-mHMk1HZUi4YvqjCFJ0zufDjBr1uSdfpqi1ebLv8waxLk0jxtI-JjAv_a3_K5EOd_8_SPXl_wjTYIYQMMzcMNel7AHTYzwNbuen62A5pAc32pIzIiWkNUUzyuXj-fy_lHyDxTnOwrq-e5XZ5bHXja_-CNYoynAEJgofmWXn5hURZBZS7MJaOEahrDlrGVmctbPiYLfZ-mN1pBKvKTGXT-uQydaN8MzBPYkRLVzbUPCcwHYNHR2A8igmdG7m_wkO2apS0tSshv2vD_s1ZZQvMdOlKO0hY-JsI1rcp0pFxt3fe-UVFus-91DLM0FYoJuvwHBNzTl1aSN64PmKRIbIT7508Y9yyyEvKDL69XK3YI1jgWjEoGPrIdhQtVLGAN6Eknq3pdJxngfHWewEAfS9bUWqmxOVJ40tTrliSfXzMWLfEobPFyGksD3zP-BfwSCDAa9Eckp8KZS5vypaJg8huF6KE7wOlwyVLYsKTne-czUsfB8xvT_Q4yiUGv8Kf84fU9epbk6QA113VZ6PwQ6339p6MD4IAdkxAvXNDreeOZE_S6F4plq3c_3syi-A9d3o34hZla1KBoQgEwHakTwDFrc51b8qVMNY6qzibIxw8s8WuelMFt1eBCgEFraOWz3ym1M00cBtnN7AN84wzAqH_vjU7Wsy_WgsX8RHdGxJ1uZ77nO5UGaXacZ33KXjbFc2ce3V_G7q9TQ-DwBVW_Cnex4VFnHABUp48QbuXAsM5LOuYjFSLt5Tav5pec4-4GQF71tnn34MICaDMLkEmDLl8AQYyBFQhL3wM3P8vb7led7rEwMO2jEvgao5Gp2aV1B2kqEHzBeJibbK2o-uMy0QPt3aZ3kFrwY-yyKzKksCItm7VMQxFk3xuiK5gZOFwAMwntZ3OskeBvUJM8CHjuQfTKuaP7PcR-60g_3jMQFI1dQvk18IyRBoNxyPN-52ywGcXnp9ppuFV91LtKuiY5X-xIMjR9nwM7AQPUIdMKZBKIesv1JBTVEIJzkTn8XQKLwd6CNEzc4zlcMzweiH5W_d5OV69Z0wWjEsCGjbNotUNYDoqYEQ6nD4VQtJaSKje9joKKV3651pbozRFKrOv0QpJI2kN_l9mUnDjrh9GQ-ZoGCvBhUC0W4t3bOzdDClyZpbVBqOtvC5aOEprkYYzGJqrHtj_5iFpeptwKrGY4noMYhQc3q3EYQugN1rq72ZfaWljpC7B3JofyecOGd3X_kaS8LSeSM_V2AmAgUxooDinEiECt3uGuADAhDNNUtzGhCR_0lCTn1mvvLxIP0hf1Ac3xPtNoiDxgvajv3r9MVVBG_5-PJ7BhAwhHZrDDD2iaOykKwdx7MX7KHq33uUfaJzeE5w6OZFryMAgsow2X2_7X5B4sfRKBDL03HXfgee6YMmy6Q0RSqOL5pAaTcu5Hmy_mCcqN2jVyLfADAHY91EH9N_XRw_zd-tAuOM2veK2GlPdjs7yzSTz1Y6RtT_G08QQv9uCQEcZLJOiO9z8_hm6ik_CKltHpxWJmJkWLHqEmJZJL_aeQwBNL5d38EhqoOMwuHkldKgJWrLXnfZELwmDqJ2HG3SNcFUDjVB3V1F0F8GNygivbZn1MlJcBb9kCT3ducBpSf65oKQF8Rgoqm-vD_YFy1We5y_o3wKQuSehS1UZmAsl6p_P3B8DJ2-z6WyRel_VgzQHCMTlkbI8rENhS4SgIbtbkv3ZuCvaNAlM-TH3qi1VDZPF6Xl&cid=CAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ede4cae635acd7b2fff35bec7fd7e82e78f02a3f7c0ae6bcad68a02b6b75574a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12797
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 7F61 42 B
63 B 94ms
41ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-ATS5bznIi2IErA8BktyE4rNiyl7Ff1DZtVS6WcBgORH17rcw4XOOZ_NAjJv1evB2kvMrO5cRvI8pmVCB-ID5ttSrwH9yq9hGLzDG9aImJYkWg1mEA

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 7F61 2 KB
1 KB 10ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 7F61 124 KB
37 KB 5827ms
5825ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 7F61 14 KB
6 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 7F61 0
0 50ms
47ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRxdsp9PScywA8v-hJeeKdxQ8zoONvJP1ombUdkBjTFBM1RsGtfOsBqX_2lycZ0rwg4IJdYrGqPkgm_CawbmpiUuDHpcA
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 81F7 499 B
336 B 47ms
44ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNUlsXa10rnEgYcqGms9K2Wb2sGtqM7Y8Yr_fyovkpcGykFA-EeD9_1Is_ZcRIuNsKjoFfrU0saZwzgyoVP63nXDWgY7kiEgUGfSIa1gHF5rzb0jiXrp65FVRux952Wq6rpve_sf81oe_cSUCNZlvguU53ursDwhyPuEBJQMlbNd_zaRyuI

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNUlsXa10rnEgYcqGms9K2Wb2sGtqM7Y8Yr_fyovkpcGykFA-EeD9_1Is_ZcRIuNsKjoFfrU0saZwzgyoVP63nXDWgY7kiEgUGfSIa1gHF5rzb0jiXrp65FVRux952Wq6rpve_sf81oe_cSUCNZlvguU53ursDwhyPuEBJQMlbNd_zaRyuI
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlEK7fk7ZaLkpmWaZ6Y6rCuIQWzSIbU5-v0K0lsLJk4Hg4YHI6uiTTrukJy; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 21:13:56 GMT
server: cafe
cache-control: private
content-length: 313
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E4B5 66 KB
26 KB 51ms
48ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVGhDVaI7G0vhOVeumQgeO3_I06VyfWoMLLOgKAbNiGwQHQfrgzNCJWSeRtQeNuZRKRUDn29ql4572HdbmjdZoU88clSIV2x5fVlDueXhRNOi9g-tRdNbC2GHhMw8QFAQg6MNNn5kyAhZnVGMcIIxhEOCmSA&dbm_d=AKAmf-Bxm9BuoluefLblw9LQl3S1fRIkjJl91km6xiKqXU6hWpLVEViOs_xkkDW5GC-RvlAbyqIrZ7qpHs_HfIIFrlloG1CCNItq9rmf2jKVUYciKACl1bZoP9gCZz0bfXQtl4mkf1uMGyLOm1cUZCfH7vkaNgM0S_xvVVpmIuxrWyHdlQ6Qi7v0GaUnjfu_-UNi5jwB55yfz5S12AO-f1JyGVZ7eN6eGCPyiUdr_3egRiIOeUav_-FB-V_0dHGR85PWhDQCRxI2QOnW7ZzjGL42VYlc6OCY-mwMhfUeJbILvP1DtBwNy_QZry6cq4YFAWJx7cC2Ow2jx5LxvoWYUhvyb4AKS0nHv0aoxY0kdsr9OOZF10Sf-P7BnrWMZEKraCqdRz3wciH6fHv8rZ9zRf6rwzlMrARHR30tx5qYPW6_DlDsrX91zrCCRyRrJIDqvSIAQR2i2H9GXA3cIYpxUrPJPq8sHfxqw-k8QrSw4ie-1Wo9qIpM_2fl_2HFFuehhxj1kWbhHqNUkZjLKzTGMUuAgjPAv087N_MF72UDLeItBKfEkWX7NbcMAWPfNPxLjcHxgzD3fVviK4Qo2mPOuR8CUdxTxaQIyzzavWrUQWcDDdm7-5y0xlMneE6kLfV4O9serZoQWjlfj5e0mqmtwGHQe7Zn1Ub0xTQDIodr-h28uSVQYu92RD2W7j8xkXS1xxJJEul0cYhPA6NeB1ifF-hv0Nnv-Bljn6GMxBY0Bllxvygs-W8IF8jbH7XEhKSB7qUwq6adklst-0mXiWDl1Z25cOnnJWy5q4gkpMkDaScjLLoG4frrwwyvzE-YZTdyssz3AfQvBILjLh7ASwy-GPvkTt1sOGmQW62vAP9x05sq7DRx04wNi7xkNfsuo-tZm8x3EmhPOA5ZnSivN1cZ-VopoG4a2lNk68tCcA-WBUIoTObUSB15jZsBE33YuHxrya_9WBBG4RjFOKjLlzE-z4TVP9w-yed1DwdpSMgswu_2uXcLHFLAi4Mgj7ZqTGBHDTqIXvAWykvPYiJOcug-iUv476ucHDv-pwurJimvVBc0B-zd4Pz6PYifS6Y4WB8jruNGYeE6q0_Zm51ju9l_b-BBYQQk16br45RsiosWvkCiTrJxebLlKsGtGN9BtEh7XCLMO7ctgWBbpLCkCN4mbrDWRJAJfNaAMEiEnzPu9rX-ATd4EPh3gv1KQTzrdPL5WPHT3vAdD10wArDjHBlZtZgtyXkB7P7l_BEyR39KiqCwVNEC0_sobxqkeZ4r8YJY-8g2k3Imm3GaBgpxTKSrEiGZXLydIGRRH70Vh-yB5nr5XW3M0QDPLXLboLU_8NiAfkEAIEd7rTPCrnhTdmvS63hAmz29RyuQUrKtt4o3uj_QKz8sSpQsbCTh1y8w0ylur08dH4y1qoYXvTD8IngKOoAzRoraPmAepE_3ucEnc6k0P5qiJJqNdXC0pSNJPblvtlMf3yOPPhk44ARXaq5ck234Najxv0LyST6Y2s6rAnCXglWb77vMb-H2HSkW7WmWuco80DdDTcolh-U4B_90lb4o8kLiEZ6PEIcV2i-ybHN7uU1lq1WfJi_MjLaB68iZS9MxxVfeil808bCbdkT9lKAnNtIPCh-jwY1dtFzjrRrFcIFYJJnjwWsB7aWAcK4NaqxpWqfnkntz1xp96EbeQtQ8KCxBqEANNi_Ot9QJB3MCRITEy0-I8eAlm5L_if8FqNALcQbzIwivKs1ed-mWlxGUuHNb1T-2sr8Ww649-TxtFDKJTXEd5GXnwN_e2Rl0JkglHfMhNvgl_vK33xShgTz7YOzIhFUdsFfxgqaNHIuRjUHr3l2D6crOEez1FmMTC5iTa80wlBW2Lv59tG1c_hOoz226MC_vvQGOAq4bNxywBhjJhFvUZrTsW53ITAV2DHsGHauBlKXlksM4VZ65MawVNv6L0aLiSoa0yEQQidOTcAy1zeqQI7-ES-Pz6SpQM58qxY-bGF-tLpHwk1vygHoUWgo-C9fxXvASQOgMFVsfkbdLkV9Xd8SZEHxIqChhUGANgkWyo1pw_Pr-kAW6LLzwIvKttDOPiuygEUt9YA_212T5686esRpF1XhbwUHLi4odP45zFodw3ZpE0cba90lqdAiRFKquDAf4x2mSzXj3R3_lBYvCucwUYMYHS1RWKGvS7TlC-awNDPm6Yj385DyD3GXPD_u-W9rRl-oF4ciNHTLZ5gEYTkBzvwmBW-N0pOZUaCR_0zhxekBEFJ6r6xixN_khlvWqhg4En6TZbQUFx49nStoJy0QeO5Vgjcp8eTcynQh-sSjf7IabY2FVhNlyhYYCIwfI44viPZ9m0D2RKtcdvETm2PCAXkDj4T8cvI1Qc6SqTkzDW15txMU8bVkx__Lz10IIbnBsWd-cxROlcHEqyLVo11TQbmEsr0HJdmEKfDqHmFjysde6tSTreXd0TMIjRjpwTQZjZw87wtD5GgKJb7KCdL-hKNHHrNnvZ5G0ztrKHNU32vY6KEgfFQFP3n0bTBTRC4C0k4KH9nSI78Ih1luykpsS4OQKiO5VAJaVJ_mRT56EkIXwTUSC1J7K0CxFcd6_5pVFF_kJlO5RsP3wnrTiXia43Tzz8y54GUQ2qQiKHfpLaKPaehgM14HWjZyNDtebqNCU19vjIvVj7-MZCH1czr1OQ-mM1C0o8e32HwG5pN1BqR-HbO-uQgRU7PlVLsTrQFC9VC-ewH1X-THD8bNBArGk4MQOALaP8ACi4wclNhvFnDNu01d-g6ttpAbw1su4W0GkjdMUVHaM3bWyi31ZO63-U2oldS50mUWGwAboMUse4vfD7DQdKmX2Zycx5-UkTLKOnAiPnRlBzivYsCewPFbuVZZBQPn42qqDXuvnnivv3W7ClcGvealbLH_VEdfuciEg-wklcY1qke2JbvLwUhFcSF3L-bqETErJKkIITYuGBfH4s9MW_jusMQTp5VSlx4p9vZrfnQHLHxP5pxRqWr4iGXGBWHJP21l1kgDIaeo0IIDa9jgP7oZgAZrpAHxWXBI8fJxsufQS11pER2bmd2RIZWPB4ZD1cKKdUA7o55GEZ28wGYMPCgvTwO9t-Yw0bDjPgeOwRD4qy6zt3_lLZiSFeysktwBxrlocOLLff3P6_6X8QcxOJGM8CS2BJcNQww&cid=CAASFeRo7ZsnIv1exoQqVhlHKEIkaOGt9g&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

685c891724937f7182b419a9f3a9d5d3643a31669377ab6fd208148a83ed61ca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26557
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E4B5 42 B
63 B 89ms
41ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-CK_Yn95z9lg9KuicnYU0mJajHRIt9xZnEQKUKc1Aw8lF2KaFnDLItZLlWv5tTGk5Joojd7q5cLl70yLdEojNw873tSC3KTe4ji6NRMjBwyVBGMDJ8

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

skeleton.gif
static.adsafeprotected.com/ Frame E4B5
Redirect Chain

https://pixel.adsafeprotected.com/rfw/st/741547/55522707/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=

43 B
480 B

32ms
31ms

Image
image/gif

2600:9000:2175:a200:8:48e:53c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2175:a200:8:48e:53c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 06 Feb 2021 02:11:29 GMT
via: 1.1 c4acc760356ea7c6beb4a9af299dbda2.cloudfront.net (CloudFront)
age: 16138948
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
content-length: 43
last-modified: Mon, 17 Aug 2020 23:55:15 GMT
server: AmazonS3
etag: "45cf913e5d9d3c9b2058033056d3dd23"
x-amz-version-id: iiN8XkcmZQdDIQeKkzAiegPwcD.5WPja
cache-control: max-age=315360000
x-amz-cf-pop: MRS52-P1
accept-ranges: bytes
content-type: image/gif
x-amz-cf-id: tsRJigiz2_mftLA46m0SmPVj1A1m37We6QSzatR9rmmV_UpAwLF7kw==

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-server-name: app16.ie.303net.net
p3p: CP="COM NAV INT STA NID OUR IND NOI"
location: https://static.adsafeprotected.com/skeleton.gif?gdpr=&gdpr_consent=&gdpr_pd=
cache-control: no-cache
content-length: 0
server: nginx

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame E4B5 2 KB
1 KB 46ms
44ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E4B5 124 KB
37 KB 5833ms
5830ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame E4B5 14 KB
6 KB 46ms
43ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame E4B5 0
0 46ms
42ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSasZrQcGunBmnwQrcXY4ZFXF2scnDkqitbFBOf05WUkE7CCfPq2pxbKw03HKQ0TR5H6cws4gH6O9-hSA7_vRSxY2gNdA
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame A4D0 363 B
229 B 58ms
17ms Document
text/html 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU2p0OYf0ZumUWnpHjr-G7SfofhRYk0Fftvhr9pm8lsCz8GIJ-4vkIa67iDcejlJwdIB0D7FAXoe9PlyCoEpYEx7CYaP0w-obJOHhkNCc3tjyVROFTxros6rQ8L8PwMu4FShL_3KjZ5ipGN7xgBq3N84XpWnkKWRXa2d8poPz_vIVap1jw

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU2p0OYf0ZumUWnpHjr-G7SfofhRYk0Fftvhr9pm8lsCz8GIJ-4vkIa67iDcejlJwdIB0D7FAXoe9PlyCoEpYEx7CYaP0w-obJOHhkNCc3tjyVROFTxros6rQ8L8PwMu4FShL_3KjZ5ipGN7xgBq3N84XpWnkKWRXa2d8poPz_vIVap1jw
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUlEK7fk7ZaLkpmWaZ6Y6rCuIQWzSIbU5-v0K0lsLJk4Hg4YHI6uiTTrukJy; test_cookie=CheckForPermission
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 21:13:56 GMT
server: cafe
cache-control: private
content-length: 206
x-xss-protection: 0
set-cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Fri, 01-Aug-2008 22:45:55 GMT; SameSite=none; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 3EF0 24 KB
13 KB 89ms
44ms Script
text/javascript 2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DaHb6VFCRfe9iRy50zM8Ox1ap876MqUSIXhAChyrUMyylW-2XmlnIzkg7O4AGsSvf8XZcnqNuWVCGrLmK6CAvjsWKTUQaqB4rp8X1Y6pjHC4yku9in9D6J22reQMz9q7iw3xnfINV87uUhNsFKP9tSgo5IJg&cry=1&dbm_d=AKAmf-AYljfNTeRLWF5_vpUvK1FAfZyfchIQ9pUVqkMjWn5e7UTCML9kqOpz12_gn8V8wy87OSsIkenfGGhCRQyQazZIAv8HN1-qmHe5uSnN3z_n2MteeFAa1P7lNjFOehJAa4jDCvOs2E9shUEOCSIjzEIXrtxY4wy2IKh6jKwxVY2uZsO-34qTkrPlSlGICMs4S9KNNozkXj4IYzMZj75ZCmiCbYIEE-bs2oKHUugDRHS8G1ecb21nYBkp7CzgfARElDhVM49Kszu6wXRJI5bfbW1UU5nR_ud44RXInqMXS9XLw03NaeVMRH1M2PpIts7v9x-9eufPZWGINqpf6iiCdARMygMiEDjCM0nUqYaKLsdA-RdXNk5F00htHoZMeyUX_JqcuM4Po5QVlVcHuHf-hDkrBztDPEwNmtfyZ99ezNCCwf5FJXzCVfcL_3y6cTJrxcbGxz0llW7FyPxxpFcnGSImZwpoGML93SoZ0F8LbIFzQQHGpJ9pCyvmDa9s3obRDDAW2zwYLDNMdFNssJ4wlZdT6_JFTxl-ZCjStpXAE53cMLAlbtzn1Ype1RoGodgba31xgdaZ4xiBO7qFnF9v2R4teCgyXifUaotuwgFhClpiuCj0xocFEU8DpujzOcDttXqw5mQf8ruC8ZcfPfgmBrSqxpZrn1gGDtnXbvMit6Qefpp7bOpfMvsh5QdtOiiXDK-tid5Ho-EuOkCCS6hQ3qsJmYYDfdf8P6e4JxJr0RSCfePEDHYjliPLARmAKksc-Af9QMLGl1qE67xcLyjj9tp4wI4v6AI1qO_zi-wMFy8bWOgVpv_5VN_XSL-7kF2Br2dUT_qNBpydM8b3r2y9AGc9TppRVeOPqP5YdfhMbTPXKJGPbHgUvn_55byW8dfEFu-EvsZ9iVJQ522YSV6plNfDD5-V_Hahy3ayMQPVtM2RiWfSIN0d5fIdECNM1Up-1ItAZMEVA3vtg0SRX2ZafnvlpA8D_JK59lBc3ndDeKglvHJ6pO_ZsdjItv3gUxmef-34iwxJ_UAdky6hOj3bh_5WhQDUCVKacvULQ750fUXeehjbbVRyQyk8GXVOgMfjIKZaPcIzMsQSn9ZZaI_F72-1JEPEdMHkbpEKA_1xWRjCsLrtY9kCdpdMpsmDAVuD5AnC8H1amFVW6sMKPWNAAK3tgucxxxS0GN6vRjaltjAJNYvMZKT3kxCCe-2p96mD67O--k4mk_sfzbueTBI-40oOtt5dPeslbHYv7a42XRpUd6df2tZxmMd-dqLSKJMFObwABQTqQs1Fm6AIzjampzfA2kNuV8SxepZIMK6m_sDUrgLWTC_x0pSJDURmwbM8NYsIb40XV1jdRjbGeXgN6yUVOvh7ReoL7SvAuLD312exC-12XaAYDTTXX3PzzxEMRCUAldxk_sumypi_ZxgOH5Dmheq1NeC3cXMGp9UbtN7NJxTOqvutepsPQLP-M0HjnGq9dniOq5NPLLH9e_Rwrlv0V_7aLQZdd8QWLvTNGu5smpo8-9Ps8v-Pn8DjHQVXJmUcAhrq54LaRd6UzcnnTId8ZHWsawj941VI0BY-7zycuFTGJJD8gWSApwRMJZu5moREBM11pF5vjr0cORYrvAT9cItAt2kAGK9wm82Xm6xcZKkpP8dMyqAiEmByUSNAX-kuzw5Tnenh2onQYbFKWLybEqftGyKHuX3MFa2k-7liVnutdTJQi-GWo1hQ8BAppfAgSwKk6bY7v0rg45fAQGvWP9XFrDvJDIN0OIfRVp8KNE-bghwTkGc0OuBBzIRBvPx4bV5-HIQs_E6zKGGptTk1uXDjTCczNqwyfAXnrWJWtoKTaJIJqu4yuckI48fYi2nygrHdu_EAtBMOWDFlkTtDkvt8ufCyYMg8E2mhCFS84KyVZkBuF6Yy370Pq3SofYtjooUS0olXUWMfkVhs0X8iznbPNx6pogd4zuITpUxZ8r6pxxwV7iTtX1mdG83TL4bi3Paw6ycfTsaqnM-RjxJFQmqYMniuCDfCPzuz2kBNK0AZBue1mUnwaVJsgtxXJ98R7I4zcFBloV51QqaKpO5q_B154MUbD53mH1ADM6IharJDC1LzfZjQZmxg7_9tGSHTsx5n3VoPv5MES4T-4EwkbABm9cm5INo6ORYZcmsNfdjnyvgev5en34yK-LIfVi6w--QTj6sMnsHF1b_jRsqUvgtVpCzH6MzwER1E7Irjeuyhp1Yw4pSlf2Ju_O5rli9NBC6tQA7awtihQBGNeNb415hDolMYw95Hnxwvb_aVKhDFvznIxUPO56bXtxUGdyRHcR5Eurb34YsMkcl7FCSopzhEu_uVo5bOKA3_s7xxhzu1LM8LNd6Ooy-DHm42Gr7XotIUADIzx63qCyjKQHNl04RToP6W_seKyDbFHZtggFDnMi9tQW7rChPL8_wO80_I6DwNlHsIdmT9IQppGt0U-eK9MVr_F2RNMF-oH_mX9_nTXoNbhGbSs5o7KFy_OUq6MGeaCcdB7Nn1v1xcxIsq3Yk33wVVQW0xhhE09AlXhUAsk0pocHx4phup8oBKreMzjwHzuu2QRtjNXu2Oa8UkXmosWNkXB9kuUSWS63gjxKSHHUqnSjGzOnSCLjttcILwyV8IJJliAVmNT7vSA-NmRhtrvGqYjrrvHlaoFRQlaaYiev5Fg_KdaG7sLWjkFgrw6nh2f2lmMuMel-w_-7O_lsYPO0BsYODLLr-4ZmaDOik1i5w9oJLuWXPSGVzpCO6FI7IlxR1FK1QVxxLikl-Y7dDOEb9qyO0aoKl2R7FV_CQ5l2LHoKPJeR2HnXDnqWbPCqtTT-WL8UE3gw6fKel3iKGyWLUm9THpbNP3sOpTGd5_-gm50eWVeiDYm3wypdfc4j8Repaq2r3aYNLqwh3Df7HPQfp_c0EdqVfa0pK0L9oZkIseZc9xbF1oWWNiYwhEb954BMkaM5fRzQ0DT4FSY6yTfawo_IMfgvBSXde3bIu_pbusUnsYv64xQR1b9uaF8HasZ48--rUW-Cmplym9-l5whpZiS6gkbvaFqhajoBXBL-R2cz3JCGA6sVqPInbtsPreFCVpYrMjOCZ-mG6QwhUdEbwGujEVxTqDozcnahA9q998bdQRz2rncZ1_8JyVR5yRLNEfXj66UUJwTq4dnGhwjg&cid=CAASFeRovG9NzbmqqX0hLO31G7uGl0duQw&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef77661c9a82727ffa00dc3d30539b65dac8ee0630cf4e2ffc3c47cc02ff7184

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12979
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 3EF0 42 B
63 B 94ms
44ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-D--cLYm_Vr7nyjVcBd1H0o1_I3OgC4cUn7yTHHGVtbUQifNOK9kaspVvCMMM4B2wmAiV0FqShNjikKelpoufSYJ5mFTNbP_zx8XbyCIawOvb0pEWo

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 3EF0 2 KB
1 KB 49ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H3-29 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 3EF0 124 KB
37 KB 5822ms
5779ms Script
text/javascript 2a00:1450:4001:82b::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 3EF0 14 KB
6 KB 49ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 3EF0 0
0 63ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTB9J8sMfkJnsThBGJlWwwKpjp1GTZYYqFT6pSE_IJdWHiwJJ6OHPQRXQUeLxu4c5PO5Z4nlTn95PrBpoKyAJ69YgKSeg
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ Frame 9B66 4 KB
2 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/player_ias.vflset/en_US/base.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.youtube.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
x-content-type-options: nosniff
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 914F 6 KB
3 KB 6ms
5ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 204 generate_204
www.youtube.com/ Frame 9B66 0
9 B 6ms
6ms Image
text/plain 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.youtube.com/generate_204?YR0N7g
Requested by: Host: www.opovo.com.br
URL: https://www.opovo.com.br/?
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame 2EC4 169 KB
59 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29638
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:59:58 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/elements/html/ Frame 2EC4 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D7SzkFdbzT4crQeLUPAMCUJViBYvH_Nq8eDK7d07fJ9QLfx82F25LunRRgdT3K32QmTaF0EvR-9jMB5JLeCI9F0xvhXAbtk_jfemqtfCZb8UzC0Bm9kEA47H-2Yjy0FPukpsVBvYsTtG82Up6kbon-85jUiw&dbm_d=AKAmf-DBXBhYjUkTHATQurfhujnsnQV14R5N6RanBBSX8ZMrUfdqtDeMRG_80yxqGHjEv8U46lhuIm3qvORIyQ2TJ41emvPuLwVdGoCURar1sETWYkKvQ4bMCi8feih07ZXYYyletHyHpIRfmDlNFfWlnF7w5QetDXyYw7zQmgyqBCb1bUuzooYKKMQMvIqVRdeeaC7YvIB210pMcPWnH91-50M4365pT9_PKoeMlzHYOywrMiH5m8Z1-T-Kmu8RpLAeHKW-FGjFy0hhPqfJvUdKPxZDqT1Ac0LFeuwea-pHHs0wU8Jpxk26EtNNJVI3G-MnHkj73nM5CVrNMgqOmEOZKUgQV56MTFqVU5i9LywDeyf1MgW4oShNmou45-jtSJNJCZGXTmRjROiqTvr9EHYMurzwiZQU7bvHw996iux3ObGkXPaWJPZYjlRiO8qQ6DaQ8hphNP8YMvt5bY8eMRpJiesITHbx5G8cARPK7CXtur-XVCkcqHT8F2Z7OIqSIRqTsAHoGbvol7k1hLuCMuI2oSAqVVbFdVfSYwUfZDnfibC1yT_EPjteZlq8ItaP-k6GOsmbSTnWlaB7Ss04huQHPwkU5OALMVyPyp7pkQ12aiX73mMsKgC6_AiTQ2NmWKVaaqwthbVmQtoCB-9iVVR4otUS0Brf_1wZbXil0bkIx3X1va1iX2PQtVlTfSVF4MdesQFaQWEZ9_6SKhT4jJJThhVhSzjgO8IY6JWd6VW0WgBkQQ0g1FXUdvklJCr8EPA4vKTp3sfXnuMecDWegAlrIqt6HnXBSBgfa9cGOKv6tMtS0z97ehKXkDYtZCd27WCNQ5eGvZt95nDoKDQKsUHK-QF8emOCHe7UcE0qDtOicOHI6CgIbfLTzkc7Qxjz3UTI77Jt4_ffDg7yw7OfsqKUWKB0FcvrfYnlSZz_0eu6OfaOpU-KSi0lEPQWRHs35ufl7O5EbFxfvgcv3GxAAVv6yCOtPzYJt9lIGIbByIzoJCuxE4Zn7T5ZmDrGUdtmb2Eo8d3Rt9nGEGJpHPOW-8Pw1fgrrDfeu_i4vNHFL3JL3qFYXWklKNbwvWfV-OcpUFa83n5oRr28Lhar-ZWPScngovYUa44qWXm5c_a--8TFiUo1HV8crgU-R5k25TpRctGDORcn7TFTr0Q1SCgzYvyyJOyBgjH39CN2gm8eAoEJxQmRlHlJHaablK5f_5oaDK4kqn6YtsjGZLDVuU3MRYwvsah9n-vzeBu9nIz9biD0qkMdHCnyGnsqvoSL4nNusiEjWOpHe_RGIqCt77lKKnJUfmOF5rCHVXGLfzeTH6itrQfT_h1IK_ja6SKWHacnuaIaE4sGACJsRqWXwNS3TdXPRx4AehSAiq7KucPvlcckiu5ptwm-nYeJOg33qW9ogQYpEyR7kq-1K0pB8TeE040abe7jMRCxUBuJMCxotHcmvbPBzNs-3K3b6acIK1Gvo0vashBb-5kXpuDEfvi2eyYu-vBNUZIR_oh9z9CbsX00KNjeKH6daIo7tceuTbWetV_DUYiso9DIngb5mWkwgW1JpWamGS8Tqnf-fIplYcHR7kToTqmRKJPkK6NZRqJA1BPxtBraZ20tPX84tR4nil5PAlHZNhJ3Qy40oz9JxidhIyH0ZyeDRv8IisqjWN5_kccTHK7XFKkQAaF28gA_czcBrM0ghklDGZnU1OGcvBy-ZXc1V_4oxORpw0t-g1ij8OQ10SGImikQmqiuQqFLPYD18Ovr4o-X_XuIzufUvUD0DtMmmPb0AFkAzwsGVtEU_1TRpkz3SIoTayapTIxILgBLo1x8VFYvfsucbGT0d7xC47IgwJCGLlNIRYcKC1l5BOKzbeE_A6LKtzDJs5ELuvrTI83H_-4KDoMrgXqI28FhzYY6bFlMCluwOtM0wLvnxUvXrI2eq-1r0cPcHD-RmlSZRDL54PZB2FClN5Paq0iVyXsfY-XezCE3i1Piqlrh9JdkkR4YenbF5zAgsPzGNEhKifEpeH9MnZzstQx_gqchKvEuoNAyHs-CU3OVnHvYeuUME0P9WPHXTfiVXAW1gl-jHMX52qDK9WOZ27XxPTbv0oOVKnb3NeInOw2btglPBJdrTBTaF1OWdG2nzrvCVqlpZmRQSqtP82fzbay4y7LZ-9t9ZmC0whPrJqOwRfgpKcKoPb1Jdb6nuzHyOlzALd2ecmAnhIgrr8yx0MBrUYeZDOeTTx7Wo8umLQDBBuzw1BY-wfS1Yez-wj5xWdi-ViYqypKTQUjWAke4_TI6TCq1nIthpOSaOrgs9T2KVbkDUqXJ7YYVKAsbU7tLcb5Jym-nRDF9nxhMhg4mpnWFGw_rbiGDrQEhiXHxTmVPvnzqLJR-YoFGn-k7GR6djs7Gk4GweKPfsA3I3pEq39ktkwKinfoYAW41IuBov6L_Nbxt1pBBSoAXB9xgtti5D2bD6C74qdDU0NG1RPaiGr7t3BNtipF06Y3pn0lBib0KafJWtnYmjWk-YGQZqK_mlJw6f2_uWc6O7fzVBwYVh1ObnVGs0XSat-hQ5_CdmI2zlIoSkHwaSqpBkL_T3nqOJWAon-Ymort-GhZLszWZP1Jf8g9AIV--c9U8th4CasMN2OaQH1GNZudEBKxsncbfpb37GPqHkRW7dcIhlUYziSVb7tD4wnbBvRDSF1ACTlGuZUUHwtpfSNWxreiBzoNy5gUJpOe1-8_ohG5QYL9L6cvip6dRSOmLfh4Pv3tR9QE-je-HQjPk7yU1GFAUH2b2_kG1PPTkZ5tuKDmLaNg0esdKKQNIYNEJDnmSCSh2tMUjGTR7moVcltvv_pYl1ZUkOYnxHEPmTSnyPtq6MCOO9CJNN8oaUM3P5kfqKGkEdTlDyNoeJ7Vqi-jP8-FkfUt0FGbOi-Kw78-vlv3SRoHOqBZIoQmhrjoO-IVADrYOKwHkuavNzYkjIW2v80bgqH0XCYDYzvdQdn01k8x8N0tfrvhVCAUzkxWM0_8md_bHmJZ5W2bjs2hhFPojgO_TMGYID4_SYIUBJpuWeGefx4RgzChgG6Es9xZe3QCw_QL-t46TySm2QiRj6Nt1jThRIgP2TqmBO72g3TAcIKZTl4W26SGJ0EBOlN2aQ3U_cobu596g6zoEq4A3jhw3ohMwurfKi5XuxgbdbS44g2wytw&cid=CAASFeRoWEDypxjlotQtklx0-pLXukW7gg&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 205
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:10:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 2EC4 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9da31cabd7ad9f32c9a2c18ce1838a6eaeeca9fbf55995a3e5a2abb2aface6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9343
x-xss-protection: 0
server: cafe
etag: 12459758733850244510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:06:31 GMT

GET
H3-29 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame F630 169 KB
58 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29638
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:59:58 GMT

GET
H3-29 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/elements/html/ Frame F630 8 KB
3 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CGAPKrs3S9Wks_EQ91Co2UYqskjn3SYYlpoiRmG38BXqcrVIHpHx7jvONqub9CS0KPofSKjwo0YS81E0l073rqqodQUqtD7kv0LTOMziOFCZCK099nZsdoWAwL-VZsiIKdJQHdKJ9XurOoC-Jsj0cbgIUpZw&dbm_d=AKAmf-A0OuWBdotZXpPYo9_4nIP25L1AAQHubKClE9mLs1NdrV61Ncie76gkzrYXFhbWMigySSL6lQ0zC_pKkbnpeptlgOfSBz08zN5QsKiYFFzW5442dkBj5istbhIPsQd-4qgu54KuB-16LmnCt4IYNEY_tXgJJF0V1Eh7qTyFwQuvbUgA_S0G1KrgvocahbLu7uCyLCQ3wEG6IijNzzTqZcFSZQBHh08vqWoWPv-Uk-7bh0qvGwXOZu1XQbiuNBZOGYpZ4MCDsYvr275K8ZYohVxpllF0W5PWJMN3TfPP0aWQIfze97652-FCf9JN44jSnnS-qyafhxZXxQS-S9fDN8AxUsD-5j97UdbC0Xg5pttknz8qLZMILg9t73C-w2bMumptwJvWxlcAjfO8NNySaBhnehpGjjKo2mF9_apR4FxVhwf4qRpMMQjP2tSIrCkpdtbuRsETLafUJO9ulfSoRbu1XQb0DPoRsOLh63I-y91DaAA89dUiVdGk5rwA6RN-wNLg1vul0-WooxH0ibjVnjGqC-J7_i7_tJ1A-BbBgFZGhPN6vNzX3td5biQDecyoTSgymHfRfTLsaS5QOZRSm0p9rNrrkbzqKz_ql-DtlDtLWqAlLEvhJH0Zq2yKhqvxC_A3T2k9HDAUOxh0fnfnFcE4HLqaKyPEEpMz8vfR-eCQcLKFSxbnXmlS0BMOZCreIwSRW0TtEvt1mC07IEDon7DJvXIweebGeYJajUNcL3ZPfgrDhAnm4_20rEden7gWEXRrIOVycWG11TC63FkHANXu_0hKGd5cXowHLfDc3ve0jIpnpYbH8SD34brr2V8L6st2sWNRH2Ef1WHjC2ei56cowcfCvpzrmsCvcQdTzKwmg-O5Y42TJCApzOR_5NG38GQrFcB0wD9ENtzoJC4yGIT0O8Sx2JVe-EAujxo9kMJaMQ3A9zLo3aSgHHCuxcMWlTimMfJF3xd5bcgvKTVFmKD3x8wI-IFGDJUJyy0aOKDjq4U_X88GtVQGgnCrNEBaW_ilxSe8apEehjbhW2u9ws_iexdFK2QPjV6lc8gsTJdFL9iS7NmvFFjYlOtntDnPHd6tTsczIDu8oHDca9ZkH4Gj1czGxznQAt23xZh-klatU78fkAgjlH9hUwmhtYKqdCpqp4BQ5UInuwgeDjh-qw7PiaQIpDytPHAoYf3KTbr3MbMH15rqatJhGWSKl0MASakX8WmXuePp2WejSKgNc5C65c2bQ7f7FoAQv5LCbOs80YrZ80whjpMVP8cmdk65DUX0wHd0Iv-PHUcEqG7b7-1PMqTvjl4m0Uagps79Ww9XSmRWSYwRc5Cxc3QkolQOJ6vHQQpOI8VVQR4nNMqG48V-HaLtOy4VneUrNfGYK5j1-Jw4aHXH6TSleFraxf0YYJe6gOiJihZIADC8l1KNIk6q4WdbGqGQVFR2aOcTpXfzUAN9_AIqNYo7Hw56lWgfmfeViWMQN8ALMf2ZWt7DoKPLiMs9eM1SE839bIwv4dxGJtqPGoWXBqEO257jQB7XPyngnrZUms8n6FfhmuDbzkdTBcE7quyWJgfU98IhZwc0phEZ2NSZvMi1RD9K4mNKv-SPc1ejoNFbD-03Us_kilninYd-jJN4lQnyX_VVckoVFuiflOAxDepvOBBJ3XaKdTPJKe58PI7o3GNRh5ssQpV0PF3HREZwnGmjPO5onEyCE6Y_kR4w3rqVADOXbZk2W_kqG4wWA-9kG59naoSzQmFshK-WujGWahizXNv3PLJGGOFTWKSlR1CXzNQ7usW3_-fj_lLHpndA_ETP0IUC7jXR6fPbU1mC8UCA5ghnmuHyauWfsAaDRxwU2xIIihPWMdTEWrfPLPPYKBSJVacfIrhgsAqfQBpwa9NzqsgVfdcI1cjeolimEdjy8rjkn2RFifvkuijknLzDCSDZXpk-R8QIXYiil4ufxMfyAD_A_3svHFBanKnolWlKU36sCRVd9AVCokj3nxehzxZWKuXf-KMoIIdo1FqhyjDGfNQyITESxCo68eDKxB8mo_2I6TqZL1b1MwtjU6g6IFGkSs9dxZSobnJmmMaWUJZXqTmTFTmmrI6Yxcl3-4xb84luD81N6zEeJ3p_CsM3nvkpY0jORs8qEyPZ-OzZIHUnSjmnP_sh4ZA3ww5g5ID9Fpp5OFt2_C9YCHMrGPNmMgqMmzRONQToHo2i_7SmSIz5voVfCxhr26iCBUbbrQpVAQVUP-gK-aRAqVCDdEmWgskCojH3B4dViJnlnAHXF8Ztm2MdjMr-noBr64s8aqWh5ydysM6K1w2qn47xD992TK9kL2N8RCFLhKX0Vhn89C425PU5B--Ng93JfAaa6eZye2oa8zmOBTbM7h8H5l-McjvSh83g3-9LSVgaro4d-MoHvdbl3aC8slPsoaDyd9a6jEITCgGX2KyMFPmwaUx168Z_4xdzdkiMT1HwD0umkUUpV_WPYY-BjGmTpcROZ4hTK-DMU8fgYdy8Snj3Vbrml8W1R4K9UMViH0skrPJSx7f3Je6yWALq5BDXpFhmwkpAIU57BPrGIdKdGbWCdV95IBw44lJ79O8wH4zinfSUh1A2MN_MC48TCym1G5QDMsY717IwB67oU_RKN3i1_ZkG5pQSHsXeaVHUoP5hs4Y1UnxAZ3KIliTGDL9rJSrll7dWCj5SSoXTn598uhJ6I2I1el0fC1zVgzbUjD5bgHS_-L0p-mOy_2h2s1aVRqryNtRgfHWjpzhIaGar0U99SIFYJMTtAEjBotP3aatFCI9kIVUuXMUa09guJH3ZLpYlPPylUIbhzfsxELCOxz_XIkYzoRPqlAKzzmcRviy6IxZYkn_lk60-XWpE4AV1iwxbku8syS1gncKjELYugn1Shm4eaYI-_7zLC5e-fHYMsVUmjWXhxmnjcnh4zykmqIVcosIzBUqOzkwknF2anCyHaFoqHisEvcdzJ6A1qEZWlN3cUDQPz32kEWBXv1c4UdT-ROp3V_wX9JyFS1h8D_Jm9CEmaAQNZJ_pMgM5lUNHCZozxU_fHngFusHL_3zMrSKwQwsAJX8gUJIr-fSjFrXs813WRVdUPiUrwDmxEysuEixJHEP9RbTFdmvrnxyBScrpaVEHe4QKDiKcFDxBPNEQlVoJBymu2zILj2cVjQXR8g&cid=CAASFeRoVyxiJXd_jcURlVbSR971wMFjqg&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:10:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 205
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:10:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame F630 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9da31cabd7ad9f32c9a2c18ce1838a6eaeeca9fbf55995a3e5a2abb2aface6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9343
x-xss-protection: 0
server: cafe
etag: 12459758733850244510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:06:31 GMT

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 7F61 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-Bm6hEWWBHlXhKWAcNZCGsrSFHoDIZHVY5tF8-SG9z_FeggvN1sJK4w8z2j4DVh8juBKbVbQTwqyJiryNJML6VuWfFuXUIGhXfE-zKVKZMkionhA_MP_jB8ACBUmrTCMy9ZF7ynXsGSjxFcW__EnH0avllvFQ&cry=1&dbm_d=AKAmf-DKn2VF2Yl1CrF_Hf9RbkNIy9OkgR8gj1mmAfg5Oahe7fJyDcAQBmiJBk7CN0qbxPxopNSzq5E0PrbuDTSZS2O-SNlSb2fKQnToEjZeKmOq2kv4EEXER2eaGr_sa0km7P0IhvuykIKohH1UdnW_ynEymTrqQCJrSco7bQTjPlwZHMvcwEAUTPbDFEENBTyPRFEiy0Tn96oeMgtIZjLEsc-JxEU-pGyEB7F-ITLinAprwNzQLeNDkOMUo6qpTtlrEVwRihRtz7zglzOwUBy7ITFB_kb_Dk0XjFf3NaXudySI7-BQCBdezwYc_vlLhrs1u5g34wNFFzW668ObUA5qaEw6kciQVOFYdZupkneuD6oqrN0sLMwGZidCldWzwnldc7hNWbQR86PY1AP0UYTfM-V7k0rGhD0dSn6oiyPimJYESe6dPPUNOA-A03kFRQ6Zd6FEjmY8eXrk7qyc-RW00sk2to5IRJ0f6v_hIq2VIUUQnjjTHOXPXCDKcFonr-50DpCEy8HNA_E5Z8Ca_Ud5OFrpdvloqqyhOHY6JYWpjplbQsjJdioHDbPPvrJWXeU6uatHEpdYtt_yZ4iKZswoLhOVQ6raKzQ3w7qUY9e89tPAJdnRVvlIt6mFOwgkZ4Y_Xu4HGqMchNT0tZbszjAO-pF3Qnbtwn_e-D4aRByhL4_Sw-0EOL8GzhpEz2naLWFxsXP3FTwrifbSb66rv90c2ZMGMIkeKUasKD3gWQUMtk1ASjnmFvFU_DHPSNJ77bD7VEDAW9SqD0d9x5hb1HY0IlZwu9Md6XtDJZwYN2Pe3rrnm5VD4wBI7aANnJgsbjMERMbF8lIMBRPlpSAT1QZpTGo3NC6K0WCeDafBRaqVTDoblt2Z8xnQWD1gch5tS_1tLsiIt2JQfPCzfVTJ0PCURmW8OjaRUQ2yhjt4PCTOqvFsf_iES_ZdiErtb6MDXhpyQ2M8GPoTCVzU8ZrhGQ2PlK1lxxYRzheZQefY_E2JPl-J1anzteYUVGT-2_N4cJa2uPiZSWJwS4QhACxq2scILckzhmRE6amyRoTvzQsiFv8ZZmp9wK6qJZcnxJYVjLA5CmEAzSPk2DSd0pdP9NinUIlgQ5QUGdE5ilU-0IlOPioAXWmZZgy-p05HBLOcFqARil6d6Jaexx0Kj8lETppKe9twND2MY_4CI5GEKL2GwnJW19z6pf-XADMqClD8p8MGnSL8CaSbq-0FrN3appNsRmozNz0WXXG9x4GiQjJqkzv_4lNND9n7n7v956neMeKYFXXdyifWtoWNlRP-qSrnlqg7Rt9lMa5xzFFHZV79mBCaBsg8eGpf6chrf2Bdmafrou9ZdzQiioyPfST5-m3lEqFOQ3BvAvAcZamG4EWFZOFtQIbhX3oQHvFTpuejT-mHMk1HZUi4YvqjCFJ0zufDjBr1uSdfpqi1ebLv8waxLk0jxtI-JjAv_a3_K5EOd_8_SPXl_wjTYIYQMMzcMNel7AHTYzwNbuen62A5pAc32pIzIiWkNUUzyuXj-fy_lHyDxTnOwrq-e5XZ5bHXja_-CNYoynAEJgofmWXn5hURZBZS7MJaOEahrDlrGVmctbPiYLfZ-mN1pBKvKTGXT-uQydaN8MzBPYkRLVzbUPCcwHYNHR2A8igmdG7m_wkO2apS0tSshv2vD_s1ZZQvMdOlKO0hY-JsI1rcp0pFxt3fe-UVFus-91DLM0FYoJuvwHBNzTl1aSN64PmKRIbIT7508Y9yyyEvKDL69XK3YI1jgWjEoGPrIdhQtVLGAN6Eknq3pdJxngfHWewEAfS9bUWqmxOVJ40tTrliSfXzMWLfEobPFyGksD3zP-BfwSCDAa9Eckp8KZS5vypaJg8huF6KE7wOlwyVLYsKTne-czUsfB8xvT_Q4yiUGv8Kf84fU9epbk6QA113VZ6PwQ6339p6MD4IAdkxAvXNDreeOZE_S6F4plq3c_3syi-A9d3o34hZla1KBoQgEwHakTwDFrc51b8qVMNY6qzibIxw8s8WuelMFt1eBCgEFraOWz3ym1M00cBtnN7AN84wzAqH_vjU7Wsy_WgsX8RHdGxJ1uZ77nO5UGaXacZ33KXjbFc2ce3V_G7q9TQ-DwBVW_Cnex4VFnHABUp48QbuXAsM5LOuYjFSLt5Tav5pec4-4GQF71tnn34MICaDMLkEmDLl8AQYyBFQhL3wM3P8vb7led7rEwMO2jEvgao5Gp2aV1B2kqEHzBeJibbK2o-uMy0QPt3aZ3kFrwY-yyKzKksCItm7VMQxFk3xuiK5gZOFwAMwntZ3OskeBvUJM8CHjuQfTKuaP7PcR-60g_3jMQFI1dQvk18IyRBoNxyPN-52ywGcXnp9ppuFV91LtKuiY5X-xIMjR9nwM7AQPUIdMKZBKIesv1JBTVEIJzkTn8XQKLwd6CNEzc4zlcMzweiH5W_d5OV69Z0wWjEsCGjbNotUNYDoqYEQ6nD4VQtJaSKje9joKKV3651pbozRFKrOv0QpJI2kN_l9mUnDjrh9GQ-ZoGCvBhUC0W4t3bOzdDClyZpbVBqOtvC5aOEprkYYzGJqrHtj_5iFpeptwKrGY4noMYhQc3q3EYQugN1rq72ZfaWljpC7B3JofyecOGd3X_kaS8LSeSM_V2AmAgUxooDinEiECt3uGuADAhDNNUtzGhCR_0lCTn1mvvLxIP0hf1Ac3xPtNoiDxgvajv3r9MVVBG_5-PJ7BhAwhHZrDDD2iaOykKwdx7MX7KHq33uUfaJzeE5w6OZFryMAgsow2X2_7X5B4sfRKBDL03HXfgee6YMmy6Q0RSqOL5pAaTcu5Hmy_mCcqN2jVyLfADAHY91EH9N_XRw_zd-tAuOM2veK2GlPdjs7yzSTz1Y6RtT_G08QQv9uCQEcZLJOiO9z8_hm6ik_CKltHpxWJmJkWLHqEmJZJL_aeQwBNL5d38EhqoOMwuHkldKgJWrLXnfZELwmDqJ2HG3SNcFUDjVB3V1F0F8GNygivbZn1MlJcBb9kCT3ducBpSf65oKQF8Rgoqm-vD_YFy1We5y_o3wKQuSehS1UZmAsl6p_P3B8DJ2-z6WyRel_VgzQHCMTlkbI8rENhS4SgIbtbkv3ZuCvaNAlM-TH3qi1VDZPF6Xl&cid=CAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9da31cabd7ad9f32c9a2c18ce1838a6eaeeca9fbf55995a3e5a2abb2aface6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9343
x-xss-protection: 0
server: cafe
etag: 12459758733850244510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:06:31 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 7F61 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 16:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 16:47:21 GMT

GET
H2 200 html_inpage_rendering_lib_200_273.js Show response
s0.2mdn.net/879366/ Frame E4B5 169 KB
59 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:828::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:59:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 29638
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 59842
x-xss-protection: 0
last-modified: Wed, 30 Jun 2021 20:54:49 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:59:58 GMT

GET
H2 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/elements/html/ Frame E4B5 8 KB
3 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-CVGhDVaI7G0vhOVeumQgeO3_I06VyfWoMLLOgKAbNiGwQHQfrgzNCJWSeRtQeNuZRKRUDn29ql4572HdbmjdZoU88clSIV2x5fVlDueXhRNOi9g-tRdNbC2GHhMw8QFAQg6MNNn5kyAhZnVGMcIIxhEOCmSA&dbm_d=AKAmf-Bxm9BuoluefLblw9LQl3S1fRIkjJl91km6xiKqXU6hWpLVEViOs_xkkDW5GC-RvlAbyqIrZ7qpHs_HfIIFrlloG1CCNItq9rmf2jKVUYciKACl1bZoP9gCZz0bfXQtl4mkf1uMGyLOm1cUZCfH7vkaNgM0S_xvVVpmIuxrWyHdlQ6Qi7v0GaUnjfu_-UNi5jwB55yfz5S12AO-f1JyGVZ7eN6eGCPyiUdr_3egRiIOeUav_-FB-V_0dHGR85PWhDQCRxI2QOnW7ZzjGL42VYlc6OCY-mwMhfUeJbILvP1DtBwNy_QZry6cq4YFAWJx7cC2Ow2jx5LxvoWYUhvyb4AKS0nHv0aoxY0kdsr9OOZF10Sf-P7BnrWMZEKraCqdRz3wciH6fHv8rZ9zRf6rwzlMrARHR30tx5qYPW6_DlDsrX91zrCCRyRrJIDqvSIAQR2i2H9GXA3cIYpxUrPJPq8sHfxqw-k8QrSw4ie-1Wo9qIpM_2fl_2HFFuehhxj1kWbhHqNUkZjLKzTGMUuAgjPAv087N_MF72UDLeItBKfEkWX7NbcMAWPfNPxLjcHxgzD3fVviK4Qo2mPOuR8CUdxTxaQIyzzavWrUQWcDDdm7-5y0xlMneE6kLfV4O9serZoQWjlfj5e0mqmtwGHQe7Zn1Ub0xTQDIodr-h28uSVQYu92RD2W7j8xkXS1xxJJEul0cYhPA6NeB1ifF-hv0Nnv-Bljn6GMxBY0Bllxvygs-W8IF8jbH7XEhKSB7qUwq6adklst-0mXiWDl1Z25cOnnJWy5q4gkpMkDaScjLLoG4frrwwyvzE-YZTdyssz3AfQvBILjLh7ASwy-GPvkTt1sOGmQW62vAP9x05sq7DRx04wNi7xkNfsuo-tZm8x3EmhPOA5ZnSivN1cZ-VopoG4a2lNk68tCcA-WBUIoTObUSB15jZsBE33YuHxrya_9WBBG4RjFOKjLlzE-z4TVP9w-yed1DwdpSMgswu_2uXcLHFLAi4Mgj7ZqTGBHDTqIXvAWykvPYiJOcug-iUv476ucHDv-pwurJimvVBc0B-zd4Pz6PYifS6Y4WB8jruNGYeE6q0_Zm51ju9l_b-BBYQQk16br45RsiosWvkCiTrJxebLlKsGtGN9BtEh7XCLMO7ctgWBbpLCkCN4mbrDWRJAJfNaAMEiEnzPu9rX-ATd4EPh3gv1KQTzrdPL5WPHT3vAdD10wArDjHBlZtZgtyXkB7P7l_BEyR39KiqCwVNEC0_sobxqkeZ4r8YJY-8g2k3Imm3GaBgpxTKSrEiGZXLydIGRRH70Vh-yB5nr5XW3M0QDPLXLboLU_8NiAfkEAIEd7rTPCrnhTdmvS63hAmz29RyuQUrKtt4o3uj_QKz8sSpQsbCTh1y8w0ylur08dH4y1qoYXvTD8IngKOoAzRoraPmAepE_3ucEnc6k0P5qiJJqNdXC0pSNJPblvtlMf3yOPPhk44ARXaq5ck234Najxv0LyST6Y2s6rAnCXglWb77vMb-H2HSkW7WmWuco80DdDTcolh-U4B_90lb4o8kLiEZ6PEIcV2i-ybHN7uU1lq1WfJi_MjLaB68iZS9MxxVfeil808bCbdkT9lKAnNtIPCh-jwY1dtFzjrRrFcIFYJJnjwWsB7aWAcK4NaqxpWqfnkntz1xp96EbeQtQ8KCxBqEANNi_Ot9QJB3MCRITEy0-I8eAlm5L_if8FqNALcQbzIwivKs1ed-mWlxGUuHNb1T-2sr8Ww649-TxtFDKJTXEd5GXnwN_e2Rl0JkglHfMhNvgl_vK33xShgTz7YOzIhFUdsFfxgqaNHIuRjUHr3l2D6crOEez1FmMTC5iTa80wlBW2Lv59tG1c_hOoz226MC_vvQGOAq4bNxywBhjJhFvUZrTsW53ITAV2DHsGHauBlKXlksM4VZ65MawVNv6L0aLiSoa0yEQQidOTcAy1zeqQI7-ES-Pz6SpQM58qxY-bGF-tLpHwk1vygHoUWgo-C9fxXvASQOgMFVsfkbdLkV9Xd8SZEHxIqChhUGANgkWyo1pw_Pr-kAW6LLzwIvKttDOPiuygEUt9YA_212T5686esRpF1XhbwUHLi4odP45zFodw3ZpE0cba90lqdAiRFKquDAf4x2mSzXj3R3_lBYvCucwUYMYHS1RWKGvS7TlC-awNDPm6Yj385DyD3GXPD_u-W9rRl-oF4ciNHTLZ5gEYTkBzvwmBW-N0pOZUaCR_0zhxekBEFJ6r6xixN_khlvWqhg4En6TZbQUFx49nStoJy0QeO5Vgjcp8eTcynQh-sSjf7IabY2FVhNlyhYYCIwfI44viPZ9m0D2RKtcdvETm2PCAXkDj4T8cvI1Qc6SqTkzDW15txMU8bVkx__Lz10IIbnBsWd-cxROlcHEqyLVo11TQbmEsr0HJdmEKfDqHmFjysde6tSTreXd0TMIjRjpwTQZjZw87wtD5GgKJb7KCdL-hKNHHrNnvZ5G0ztrKHNU32vY6KEgfFQFP3n0bTBTRC4C0k4KH9nSI78Ih1luykpsS4OQKiO5VAJaVJ_mRT56EkIXwTUSC1J7K0CxFcd6_5pVFF_kJlO5RsP3wnrTiXia43Tzz8y54GUQ2qQiKHfpLaKPaehgM14HWjZyNDtebqNCU19vjIvVj7-MZCH1czr1OQ-mM1C0o8e32HwG5pN1BqR-HbO-uQgRU7PlVLsTrQFC9VC-ewH1X-THD8bNBArGk4MQOALaP8ACi4wclNhvFnDNu01d-g6ttpAbw1su4W0GkjdMUVHaM3bWyi31ZO63-U2oldS50mUWGwAboMUse4vfD7DQdKmX2Zycx5-UkTLKOnAiPnRlBzivYsCewPFbuVZZBQPn42qqDXuvnnivv3W7ClcGvealbLH_VEdfuciEg-wklcY1qke2JbvLwUhFcSF3L-bqETErJKkIITYuGBfH4s9MW_jusMQTp5VSlx4p9vZrfnQHLHxP5pxRqWr4iGXGBWHJP21l1kgDIaeo0IIDa9jgP7oZgAZrpAHxWXBI8fJxsufQS11pER2bmd2RIZWPB4ZD1cKKdUA7o55GEZ28wGYMPCgvTwO9t-Yw0bDjPgeOwRD4qy6zt3_lLZiSFeysktwBxrlocOLLff3P6_6X8QcxOJGM8CS2BJcNQww&cid=CAASFeRo7ZsnIv1exoQqVhlHKEIkaOGt9g&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 411
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3124
x-xss-protection: 0
server: cafe
etag: 4537136162986801320
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:05 GMT

GET
H2 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame E4B5 24 KB
9 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9da31cabd7ad9f32c9a2c18ce1838a6eaeeca9fbf55995a3e5a2abb2aface6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9343
x-xss-protection: 0
server: cafe
etag: 12459758733850244510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:06:31 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2A20
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm=&google_dbm=&google_tc=
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEVBNsm-4N91k_LYhb1r02I&google_cver=1

43 B
1014 B

32ms
12ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEVBNsm-4N91k_LYhb1r02I&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJHu6K0BMAE&v=APEucNVs4cvfmzL9-ZXTx3UoyuBhTLwqcSxcIzq360xWN0BueqCEA8Uh96GD54O17feQxWWFVOtOSa1daMbN0aFhzC4-gicYjJ1axPcniwnuLTrLLppnNkWoxg-Lp2je4rEKdgR-qtaMK6CtpsjeGyZBZZpxwke-LGg8tq3Db0g_OIjh_ojznAA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 11 Aug 2021 21:13:56 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEEVBNsm-4N91k_LYhb1r02I&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2A20
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YRQ9lI7lvuWt51e6.AlqDAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa5RFv9ybei7GefJALUVqU&google_cver=1&google_hm=2

43 B
894 B

13ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa5RFv9ybei7GefJALUVqU&google_cver=1&google_hm=2
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJHu6K0BMAE&v=APEucNVs4cvfmzL9-ZXTx3UoyuBhTLwqcSxcIzq360xWN0BueqCEA8Uh96GD54O17feQxWWFVOtOSa1daMbN0aFhzC4-gicYjJ1axPcniwnuLTrLLppnNkWoxg-Lp2je4rEKdgR-qtaMK6CtpsjeGyZBZZpxwke-LGg8tq3Db0g_OIjh_ojznAA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Wed, 11 Aug 2021 21:13:56 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEIa5RFv9ybei7GefJALUVqU&google_cver=1&google_hm=2
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 329
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 2A20
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm=&google_dbm=&google_tc=
https://ib.adnxs.com/setuid?entity=101&code=CAESEGdZEYPMEvN4QjCLWf3a07g&google_cver=1

43 B
1006 B

55ms
29ms

Image
image/gif

185.33.220.243
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEGdZEYPMEvN4QjCLWf3a07g&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGJHu6K0BMAE&v=APEucNVs4cvfmzL9-ZXTx3UoyuBhTLwqcSxcIzq360xWN0BueqCEA8Uh96GD54O17feQxWWFVOtOSa1daMbN0aFhzC4-gicYjJ1axPcniwnuLTrLLppnNkWoxg-Lp2je4rEKdgR-qtaMK6CtpsjeGyZBZZpxwke-LGg8tq3Db0g_OIjh_ojznAA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.243 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

722.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 248e2615-9f7f-4ec8-b402-26c67796d7f3
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEGdZEYPMEvN4QjCLWf3a07g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 2A20
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMxOTgxNDY4MDI2NDYwMDQ4Nw%3D%3D

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMxOTgxNDY4MDI2NDYwMDQ4Nw%3D%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
X-Proxy-Origin: 195.181.174.89; 195.181.174.89; 722.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 47a550b2-9fc6-4e76-abe1-036caf0e1d84
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzMxOTgxNDY4MDI2NDYwMDQ4Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/ Frame 4A59
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm=&google_dbm=&google_tc=
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK8hpYMshcPNi7JoueIWp4g&google_cver=1

43 B
172 B

18ms
18ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK8hpYMshcPNi7JoueIWp4g&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/16.213.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
via: 1.1 google
server: OXGW/16.213.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEK8hpYMshcPNi7JoueIWp4g&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 295
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 4A59
Redirect Chain

https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://us-u.openx.net/w/1.0/cm?cc=1&id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODE3MDU4OGQtZDRlMy0yZTZlLWY3ZTEtNmZmNWU5M2E1NmZk

170 B
188 B

26ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODE3MDU4OGQtZDRlMy0yZTZlLWY3ZTEtNmZmNWU5M2E1NmZk

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
server: OXGW/16.213.0
vary: Accept, Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://cm.g.doubleclick.net/pixel?google_nid=openx&google_hm=ODE3MDU4OGQtZDRlMy0yZTZlLWY3ZTEtNmZmNWU5M2E1NmZk
content-type: image/gif
alt-svc: clear
content-length: 0
via: 1.1 google

GET
H2

200

um
sync.teads.tv/ Frame 4A59
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm=&google_dbm=&google_tc=
https://sync.teads.tv/um?eid=3&uid=CAESEDwqbJup58s4o7Hba7O_mt0&google_cver=1

23 B
172 B

35ms
34ms

Image
image/gif

104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=CAESEDwqbJup58s4o7Hba7O_mt0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 11 Aug 2021 21:13:56 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.teads.tv/um?eid=3&uid=CAESEDwqbJup58s4o7Hba7O_mt0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 281
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 um
sync.teads.tv/ Frame 4A59 23 B
172 B 58ms
34ms Image
image/gif 104.111.242.245
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNVN2SGx7c40pdh9nBhZWcgzfpu7s8dfCIPKYPDc7VHBZH-nFVzkx4YuQg0fPA_QXYEC2BjdnpoiDXXWfRtu1KuiZbi2-NeqQHSzOFdQJQv-V_dT69uLW8vUre_X13S2ZD2MZT1a0PQPT27LzGLS7-AxRnjSJRbTgl610r9ZEeANF1_Bad8
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-111-242-245.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.3 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
cache-control: max-age=0, no-cache, no-store
expires: Wed, 11 Aug 2021 21:13:56 GMT
server: akka-http/10.2.3
content-length: 23
content-type: image/gif

GET
H3-29 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 3EF0 24 KB
9 KB 9ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DaHb6VFCRfe9iRy50zM8Ox1ap876MqUSIXhAChyrUMyylW-2XmlnIzkg7O4AGsSvf8XZcnqNuWVCGrLmK6CAvjsWKTUQaqB4rp8X1Y6pjHC4yku9in9D6J22reQMz9q7iw3xnfINV87uUhNsFKP9tSgo5IJg&cry=1&dbm_d=AKAmf-AYljfNTeRLWF5_vpUvK1FAfZyfchIQ9pUVqkMjWn5e7UTCML9kqOpz12_gn8V8wy87OSsIkenfGGhCRQyQazZIAv8HN1-qmHe5uSnN3z_n2MteeFAa1P7lNjFOehJAa4jDCvOs2E9shUEOCSIjzEIXrtxY4wy2IKh6jKwxVY2uZsO-34qTkrPlSlGICMs4S9KNNozkXj4IYzMZj75ZCmiCbYIEE-bs2oKHUugDRHS8G1ecb21nYBkp7CzgfARElDhVM49Kszu6wXRJI5bfbW1UU5nR_ud44RXInqMXS9XLw03NaeVMRH1M2PpIts7v9x-9eufPZWGINqpf6iiCdARMygMiEDjCM0nUqYaKLsdA-RdXNk5F00htHoZMeyUX_JqcuM4Po5QVlVcHuHf-hDkrBztDPEwNmtfyZ99ezNCCwf5FJXzCVfcL_3y6cTJrxcbGxz0llW7FyPxxpFcnGSImZwpoGML93SoZ0F8LbIFzQQHGpJ9pCyvmDa9s3obRDDAW2zwYLDNMdFNssJ4wlZdT6_JFTxl-ZCjStpXAE53cMLAlbtzn1Ype1RoGodgba31xgdaZ4xiBO7qFnF9v2R4teCgyXifUaotuwgFhClpiuCj0xocFEU8DpujzOcDttXqw5mQf8ruC8ZcfPfgmBrSqxpZrn1gGDtnXbvMit6Qefpp7bOpfMvsh5QdtOiiXDK-tid5Ho-EuOkCCS6hQ3qsJmYYDfdf8P6e4JxJr0RSCfePEDHYjliPLARmAKksc-Af9QMLGl1qE67xcLyjj9tp4wI4v6AI1qO_zi-wMFy8bWOgVpv_5VN_XSL-7kF2Br2dUT_qNBpydM8b3r2y9AGc9TppRVeOPqP5YdfhMbTPXKJGPbHgUvn_55byW8dfEFu-EvsZ9iVJQ522YSV6plNfDD5-V_Hahy3ayMQPVtM2RiWfSIN0d5fIdECNM1Up-1ItAZMEVA3vtg0SRX2ZafnvlpA8D_JK59lBc3ndDeKglvHJ6pO_ZsdjItv3gUxmef-34iwxJ_UAdky6hOj3bh_5WhQDUCVKacvULQ750fUXeehjbbVRyQyk8GXVOgMfjIKZaPcIzMsQSn9ZZaI_F72-1JEPEdMHkbpEKA_1xWRjCsLrtY9kCdpdMpsmDAVuD5AnC8H1amFVW6sMKPWNAAK3tgucxxxS0GN6vRjaltjAJNYvMZKT3kxCCe-2p96mD67O--k4mk_sfzbueTBI-40oOtt5dPeslbHYv7a42XRpUd6df2tZxmMd-dqLSKJMFObwABQTqQs1Fm6AIzjampzfA2kNuV8SxepZIMK6m_sDUrgLWTC_x0pSJDURmwbM8NYsIb40XV1jdRjbGeXgN6yUVOvh7ReoL7SvAuLD312exC-12XaAYDTTXX3PzzxEMRCUAldxk_sumypi_ZxgOH5Dmheq1NeC3cXMGp9UbtN7NJxTOqvutepsPQLP-M0HjnGq9dniOq5NPLLH9e_Rwrlv0V_7aLQZdd8QWLvTNGu5smpo8-9Ps8v-Pn8DjHQVXJmUcAhrq54LaRd6UzcnnTId8ZHWsawj941VI0BY-7zycuFTGJJD8gWSApwRMJZu5moREBM11pF5vjr0cORYrvAT9cItAt2kAGK9wm82Xm6xcZKkpP8dMyqAiEmByUSNAX-kuzw5Tnenh2onQYbFKWLybEqftGyKHuX3MFa2k-7liVnutdTJQi-GWo1hQ8BAppfAgSwKk6bY7v0rg45fAQGvWP9XFrDvJDIN0OIfRVp8KNE-bghwTkGc0OuBBzIRBvPx4bV5-HIQs_E6zKGGptTk1uXDjTCczNqwyfAXnrWJWtoKTaJIJqu4yuckI48fYi2nygrHdu_EAtBMOWDFlkTtDkvt8ufCyYMg8E2mhCFS84KyVZkBuF6Yy370Pq3SofYtjooUS0olXUWMfkVhs0X8iznbPNx6pogd4zuITpUxZ8r6pxxwV7iTtX1mdG83TL4bi3Paw6ycfTsaqnM-RjxJFQmqYMniuCDfCPzuz2kBNK0AZBue1mUnwaVJsgtxXJ98R7I4zcFBloV51QqaKpO5q_B154MUbD53mH1ADM6IharJDC1LzfZjQZmxg7_9tGSHTsx5n3VoPv5MES4T-4EwkbABm9cm5INo6ORYZcmsNfdjnyvgev5en34yK-LIfVi6w--QTj6sMnsHF1b_jRsqUvgtVpCzH6MzwER1E7Irjeuyhp1Yw4pSlf2Ju_O5rli9NBC6tQA7awtihQBGNeNb415hDolMYw95Hnxwvb_aVKhDFvznIxUPO56bXtxUGdyRHcR5Eurb34YsMkcl7FCSopzhEu_uVo5bOKA3_s7xxhzu1LM8LNd6Ooy-DHm42Gr7XotIUADIzx63qCyjKQHNl04RToP6W_seKyDbFHZtggFDnMi9tQW7rChPL8_wO80_I6DwNlHsIdmT9IQppGt0U-eK9MVr_F2RNMF-oH_mX9_nTXoNbhGbSs5o7KFy_OUq6MGeaCcdB7Nn1v1xcxIsq3Yk33wVVQW0xhhE09AlXhUAsk0pocHx4phup8oBKreMzjwHzuu2QRtjNXu2Oa8UkXmosWNkXB9kuUSWS63gjxKSHHUqnSjGzOnSCLjttcILwyV8IJJliAVmNT7vSA-NmRhtrvGqYjrrvHlaoFRQlaaYiev5Fg_KdaG7sLWjkFgrw6nh2f2lmMuMel-w_-7O_lsYPO0BsYODLLr-4ZmaDOik1i5w9oJLuWXPSGVzpCO6FI7IlxR1FK1QVxxLikl-Y7dDOEb9qyO0aoKl2R7FV_CQ5l2LHoKPJeR2HnXDnqWbPCqtTT-WL8UE3gw6fKel3iKGyWLUm9THpbNP3sOpTGd5_-gm50eWVeiDYm3wypdfc4j8Repaq2r3aYNLqwh3Df7HPQfp_c0EdqVfa0pK0L9oZkIseZc9xbF1oWWNiYwhEb954BMkaM5fRzQ0DT4FSY6yTfawo_IMfgvBSXde3bIu_pbusUnsYv64xQR1b9uaF8HasZ48--rUW-Cmplym9-l5whpZiS6gkbvaFqhajoBXBL-R2cz3JCGA6sVqPInbtsPreFCVpYrMjOCZ-mG6QwhUdEbwGujEVxTqDozcnahA9q998bdQRz2rncZ1_8JyVR5yRLNEfXj66UUJwTq4dnGhwjg&cid=CAASFeRovG9NzbmqqX0hLO31G7uGl0duQw&rfl=1%2Chttps%253A%252F%252Fwww.opovo.com.br%252F%240

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f9da31cabd7ad9f32c9a2c18ce1838a6eaeeca9fbf55995a3e5a2abb2aface6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:06:31 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 445
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9343
x-xss-protection: 0
server: cafe
etag: 12459758733850244510
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:06:31 GMT

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 3EF0 41 KB
15 KB 9ms
5ms Script
text/javascript 2a00:1450:4001:811::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 16:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 16:47:21 GMT

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 0F2A
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm=&google_dbm=&google_tc=
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1

43 B
548 B

14ms
14ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYnMXFlQEwAQ&v=APEucNUYJ19k2z7OvDidWcvgapS00LxiWLgJj-OQkawp28ggjgsilBA-S9SCkFgWwbXeX3SwcFPWCC7G0a7lr70F0-FtP1w-rWoI_33bKWF2V2e0Pdu1CU-adRtUEgZHUZUm115eYoQ1ApO537BLCKkIRD83K6FBHGBU0PvVb-U0Z0LzVD79qFw
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 14
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 0F2A
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYnMXFlQEwAQ&v=APEucNUYJ19k2z7OvDidWcvgapS00LxiWLgJj-OQkawp28ggjgsilBA-S9SCkFgWwbXeX3SwcFPWCC7G0a7lr70F0-FtP1w-rWoI_33bKWF2V2e0Pdu1CU-adRtUEgZHUZUm115eYoQ1ApO537BLCKkIRD83K6FBHGBU0PvVb-U0Z0LzVD79qFw

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 82
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 0F2A 0
447 B 39ms
8ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1

200

partner
sync.search.spotxchange.com/ Frame 81F7
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm&google_dbm
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_cm=&google_dbm=&google_tc=
https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1

43 B
548 B

14ms
14ms

Image
image/gif

185.94.180.126
SPOTX-AMS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNUlsXa10rnEgYcqGms9K2Wb2sGtqM7Y8Yr_fyovkpcGykFA-EeD9_1Is_ZcRIuNsKjoFfrU0saZwzgyoVP63nXDWgY7kiEgUGfSIa1gHF5rzb0jiXrp65FVRux952Wq6rpve_sf81oe_cSUCNZlvguU53ursDwhyPuEBJQMlbNd_zaRyuI
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.94.180.126 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: nginx
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 63
Connection: keep-alive
Content-Length: 43

Redirect headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://sync.search.spotxchange.com/partner?adv_id=7025&uid=CAESEGeEc5U2wJehOuSrKJUBx2c&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 306
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame 81F7
Redirect Chain

https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID
https://sync.search.spotxchange.com/partner?adv_id=7025&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dspotxchange_dbm%26google_hm%3D%24SPOTX_BASE64_USER_ID&__user_check__=1&sync_i...
https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=COWiHhDhjN4CGI3u6K0BMAE&v=APEucNUlsXa10rnEgYcqGms9K2Wb2sGtqM7Y8Yr_fyovkpcGykFA-EeD9_1Is_ZcRIuNsKjoFfrU0saZwzgyoVP63nXDWgY7kiEgUGfSIa1gHF5rzb0jiXrp65FVRux952Wq6rpve_sf81oe_cSUCNZlvguU53ursDwhyPuEBJQMlbNd_zaRyuI

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: nginx
Location: https://cm.g.doubleclick.net/pixel?google_nid=spotxchange_dbm&google_hm=MDllOTQ5MGYtZmFlOS0xMWViLTkwZjMtMWFiMGFkOGQwNTA2
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/plain
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Access-Control-Allow-Credentials: false
X-fe: 122
Connection: keep-alive
Content-Length: 0

GET
H2 204 v1
ads.yahoo.com/cms/ Frame 81F7 0
270 B 19ms
8ms Image
text/plain 2a00:1288:80:800::7000
YAHOO-DEB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~b04e41039133c73fafd60e0ed8cb49a70ecfb061&nwid=10000483131&sigv=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:800::7000 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

GET
H/1.1

204
No Content

sync
ups.analytics.yahoo.com/ups/55946/ Frame A4D0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_cm&google_dbm&_origin=1
https://pixel.advertising.com/ups/55946/sync?uid=CAESELj-8B8LH1asuNIUW3fytYo&_origin=1&google_cver=1
https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELj-8B8LH1asuNIUW3fytYo&_origin=1&google_cver=1&apid=UP09e5a1f7-fae9-11eb-99fb-069fb351cf48

0
1 KB

17ms
10ms

Image
text/plain

3.126.56.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELj-8B8LH1asuNIUW3fytYo&_origin=1&google_cver=1&apid=UP09e5a1f7-fae9-11eb-99fb-069fb351cf48

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CN-KGhCn9EsYtKK9lQEwAQ&v=APEucNU2p0OYf0ZumUWnpHjr-G7SfofhRYk0Fftvhr9pm8lsCz8GIJ-4vkIa67iDcejlJwdIB0D7FAXoe9PlyCoEpYEx7CYaP0w-obJOHhkNCc3tjyVROFTxros6rQ8L8PwMu4FShL_3KjZ5ipGN7xgBq3N84XpWnkKWRXa2d8poPz_vIVap1jw

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.126.56.137 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

Software

ATS/7.1.2.128 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: ATS/7.1.2.128
Connection: keep-alive
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55946/sync?uid=CAESELj-8B8LH1asuNIUW3fytYo&_origin=1&google_cver=1&apid=UP09e5a1f7-fae9-11eb-99fb-069fb351cf48
date: Wed, 11 Aug 2021 21:13:56 GMT
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A4D0
Redirect Chain

https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true
https://pixel.advertising.com/ups/55946/sync?_origin=1&redir=true&verify=true
https://ups.analytics.yahoo.com/ups/55946/sync?_origin=1&redir=true&apid=UP09e5a1f7-fae9-11eb-99fb-069fb351cf48
https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAwOWU1YTFmNy1mYWU5LTExZWItOTlmYi0wNjlmYjM1MWNmNDg%3D

170 B
188 B

26ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAwOWU1YTFmNy1mYWU5LTExZWItOTlmYi0wNjlmYjM1MWNmNDg%3D

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=adtech_dbm&google_hm=VVAwOWU1YTFmNy1mYWU5LTExZWItOTlmYi0wNjlmYjM1MWNmNDg%3D
Connection: keep-alive
Content-Length: 0

GET
H3-29

200

pixel
cm.g.doubleclick.net/ Frame A4D0
Redirect Chain

https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true
https://ups.analytics.yahoo.com/ups/58269/sync?_origin=1&redir=true&verify=true
https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0xYm9RUjhWRTJ1R3RJNERGOHhHUktQcElENkhWTkhLUX5B

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0xYm9RUjhWRTJ1R3RJNERGOHhHUktQcElENkhWTkhLUX5B

Requested by

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:56 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: ATS/7.1.2.128
Age: 0
Strict-Transport-Security: max-age=31536000
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: https://cm.g.doubleclick.net/pixel?google_nid=oath_dbm&google_hm=eS0xYm9RUjhWRTJ1R3RJNERGOHhHUktQcElENkhWTkhLUX5B
Connection: keep-alive
Content-Length: 0

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/ Frame 42DC 36 KB
6 KB 22ms
21ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5e2718b4b437edd86140d80891cf912e88267f780c14656e84f27a38b10f48b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5641
date: Wed, 11 Aug 2021 21:13:56 GMT
expires: Thu, 12 Aug 2021 21:13:56 GMT
cache-control: public, max-age=86400
last-modified: Fri, 11 Sep 2020 17:03:37 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2EC4 0
583 B 83ms
42ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvhVNo3V-k0H4_5SLkheuLEi9KtWtR7lXANlN5LRYCIV8cD3aGPFU9syY82pC_ojwsVexYx_okrHhLGBwjXT3SIqDkGH152OqBC1Zqu3MLtgF9Q512Gs3DaWUm185L1AZkesavQlv8ziczi6g6hof_RBiVvJ7xUCWa1aAbWMQRvOfpip2bSPQ1swwe2TPZCxr3tSTy9FXaPwznJw7BdetMHK1LSp4NYO4-S2Li8kIg6TMX6v2E2zr_YhfxKt9laJd_GXewRWd908TE62dA0fNioVX1-iayGBBJGVGraXqWQjsHwhlJgciPo0cUhXlZBHW2aZo_FNccgs4mN-NQGWSQZQkfCLagMhYN-YSPKXTxm1aC3g9g1e67_K4N56UR_3QP1Bl8hnvdACJGPbQi4fpX-AQe_HbFwB44aqMNldEuZmdlqXgq1925bIuykXsZNy-RV26UGAMljqrlZnBIuNgZMcWdU8zXhwo29BlDP7ps0rAT6j2zrX8WYC-NP2Gqr7_NnBQJnfpHfpwpaZb-R3SJZGlu_re4JjexKGqR8Yy2n4VB1PklWfIaeMJoEXVAaaIaBE-CsCDRtszH8bRvt2IuP5C_dhJpo2BfNkT2zwDE6cLpKv8aSBJLdQ_wA_rwO3uycSjQ0tO0O4T-LRxdmR-5-hb5RpSyRDyWM__RlI8vFXCzIVg8_TSrG2vyzmkQpXeFom92y82pSAoYXQWXT7r8YSKpeXqsVTCcWP0nyQU2VN1pSRL2djtAP-r-KRBx_kKCK4O9V8axuNNbWi9NwvRfmJ2uSsl_7lFp6VbVt2-DYAEGnJyDPqjScIF0mR8l3sQrIuZBgUMiJ0KXYRjlF4Sx4tKSOjg6aSkLfxaX1ifj_9eiHI0txWItn3b3ImYRC1KjQzFO9iN3009eqRHKXXLQ7SJSPlONKSpGAjwfO2BpRgc5rsxrJbT4aN7n_arJkAeKd89sx3p6GpXo8hdTQjeT7_GACN5nuUnLfk2c1Qh0JGMUx4rDQnKUv26JJ-TzDr2BCr68b9U5LaArAuniamras08DdTKlsvvBU-ydGm_us10Biim0N9QDwe-1kJ-_a_fgQkEgEJCA3Gh3XexLu_PYHTN7Kuuf34ZCKkDOBYpLDgfoHTPypmJWJPjIr3_9vS36nxlIepJoSjlS8_PkljsQ-z1Ddnws4S2lgfkC3hrndmbA&sai=AMfl-YSNfYU_7G-2V_u0EzRBqIuRCL94GgaS8B-4mXOHXBdByijn6m6vpKUvJq6hV-74PlWLHQMRgI5r32042J4SVPvpytd6vH6tZzHdEr0y_F8LhMlxTAZhA_CAsCGwm695ggX-2lRmkLcxxHiIXeoibMuDz2-98BkBWhFLdWE&sig=Cg0ArKJSzNDrDvmq1LxqEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=108&cbvp=1&cstd=102&cisv=r20210809.26529&adurl=

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 11 Aug 2021 21:13:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
skydeutschland.demdex.net/ Frame 2EC4
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=306717470&d_campaign=26006000&d_bust=1887967491&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=306717470&d_campaign=26006000&d_bust=1887967491&gdpr=&gdp...

42 B
978 B

86ms
36ms

Image
image/gif

54.171.163.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=306717470&d_campaign=26006000&d_bust=1887967491&gdpr=&gdpr_consent=

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.163.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-01c85cc94.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: pcXtksZ4Tpw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v012-0eecf40e0.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Jr/xHrRWRy4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=131961474&d_placement=306717470&d_campaign=26006000&d_bust=1887967491&gdpr=&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame 2EC4 43 B
1 KB 54ms
21ms Image
image/gif 85.14.248.72
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=21213705&extPm=364525329&extCr=53131072&gdpr=&gdpr_consent=&rnd=1887967491

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.72 Bottrop, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Mi, 11 Aug 2021 09:13:56 GMT
Server: Microsoft-IIS/8.5
Date: Wed, 11 Aug 2021 21:13:56 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 914F 2 KB
627 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 19:35:36 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 load_preloaded_resource_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 914F 1 KB
857 B 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/load_preloaded_resource_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 41
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 830
x-xss-protection: 0
server: cafe
etag: 3558876194914413708
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:13:15 GMT

GET
H2 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 914F 0
0 37ms
37ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=Cq9tIkz0UYeHBLrHL7_UP6MOF4AG_kaWrZN6xwa2AC4TIkoyuGhABINzX-yJglYKAgJgHoAHMj_fTA8gBCakC2quXnXu1sz7gAgCoAwHIA5sEqgTWAU_QJpSlOaU_ejd-HmabAzUWQYSQ4jm4jyLAtB7SE7AmbGUsriHpmdpSnUmXz09gzVj8Rbp8KOAAYYahkXatRg12zCfHZaJyZIOJGWmbspnmjjMduPQPVl1tQKIDRjROO-k19GIr3Y4anv7O1EyMNPLy2EoTRaZXyepdVdU0hB3IwOJlftAWZmBoYWRQf2nojqUHopORp7hcso0F12memcn5vAO0AkMCzN_4Pn0yZbqEDd0ySxhP8UnnHD3pyJLFx-FaZdNulxT7ZWUDMQjxWFMvaQr1NQXABKzt998-4AQBkgUECAQYAZIFBAgFGASSBQQIBRgYkgUFCAUYqAGgBi6AB5zwiCyoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-6WsQKoB6a-G6gH7NUb2AcA8gcEEOOgCtIICQiI4YAQEAEYHYAKA8gLAdgTDYgUBdAVAZgWAYAXAbIXHgocCAASFHB1Yi01Mzc3NTAwMjk0NzEwNDA3GLyKEQ&sigh=cwAB-X_B-Fg&template_id=494
Requested by: Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H3-29 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/ Frame 914F 18 KB
7 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/abg_lite_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:12:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 100
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7614
x-xss-protection: 0
server: cafe
etag: 9899176843389144697
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:12:16 GMT

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 914F 2 KB
1 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 914F 124 KB
38 KB 589ms
588ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:57 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 914F 14 KB
6 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 914F 0
0 14ms
13ms Image
text/html 2a00:1450:4001:813::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaQlLfwqHy4BGxGxXhnUyrMCS8TuyB9lYrrZjzzTBy8HH-9eGRoDAb4xyG64v9gzfNQXU8fPrtQktplu6wkx8v_mLX6Kzg
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 b0784018e1fbf9b21026a03ef4bd1046.js Show response
www.gstatic.com/mysidia/ Frame 914F 26 KB
11 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/mysidia/b0784018e1fbf9b21026a03ef4bd1046.js?tag=mysidia_one_click_handler_one_afma_2019

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

357839b656a38b688c109822362a471abf0cfa1c50b94f913e8c141fba7f59bf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 08:10:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 47022
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10788
x-xss-protection: 0
last-modified: Thu, 05 Aug 2021 15:52:42 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7776000
accept-ranges: bytes
expires: Tue, 09 Nov 2021 08:10:14 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame B22D 22 KB
8 KB 8ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 11 Aug 2021 00:07:07 GMT
expires: Thu, 11 Aug 2022 00:07:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 76009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 shopping
encrypted-tbn0.gstatic.com/ Frame 914F 44 KB
44 KB 29ms
7ms Image
image/jpeg 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn0.gstatic.com/shopping?q=tbn:ANd9GcQRN9rYJUlM8RzxpwwrEWoImk3VeVLhvMdx2FfQ8YOyU6kUPjRaZ2ETd7NaXQ&usqp=CAI

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

872ebbe8a094cbe91d4df8aa23ec3d9c364733f37e62b6d8fb3d1bd2c8c56ba9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 17:50:47 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Oct 2020 10:16:01 GMT
server: sffe
age: 184989
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44933
x-xss-protection: 0
expires: Tue, 09 Aug 2022 17:50:47 GMT

GET
H2 200 shopping
encrypted-tbn3.gstatic.com/ Frame 914F 5 KB
6 KB 28ms
6ms Image
image/jpeg 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn3.gstatic.com/shopping?q=tbn:ANd9GcStqrPJlV5KpOadRHlIClGzWtmYiwqlD1TmY-UjDBr4OiEyqgc&usqp=CAI

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62d94d92171945a5b5277736044df5abe5b497ec96541fba2fd64a4642877d36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 14:47:52 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Mar 2021 08:28:17 GMT
server: sffe
age: 109564
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5597
x-xss-protection: 0
expires: Wed, 10 Aug 2022 14:47:52 GMT

GET
H2 200 shopping
encrypted-tbn1.gstatic.com/ Frame 914F 40 KB
40 KB 29ms
7ms Image
image/jpeg 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://encrypted-tbn1.gstatic.com/shopping?q=tbn:ANd9GcRHBO_e9hcO7QRXh3kn7-MNs31jlYgM0BMi4RpC9O4XB_OBuu1xtp1pMAGxjQ&usqp=CAI

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2c9e67bb91ac1a22d5c655ed5f9aaed86ee2974e68da1255a259fe49309f4a60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 10:26:56 GMT
x-content-type-options: nosniff
last-modified: Thu, 29 Oct 2020 07:26:12 GMT
server: sffe
age: 125220
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/images-tbn
content-type: image/jpeg
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40760
x-xss-protection: 0
expires: Wed, 10 Aug 2022 10:26:56 GMT

GET
H3-29

200

16718395175647122093
tpc.googlesyndication.com/simgad/ Frame 914F
Redirect Chain

https://tpc.googlesyndication.com/pageadimg/imgad?id=CICAgKDLtpTtQBDeAhjeAjII0goevw9MXWY
https://tpc.googlesyndication.com/simgad/16718395175647122093

32 KB
32 KB

7ms
6ms

Image
image/png

2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/simgad/16718395175647122093

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b96b92f6bdbe9e386407a0f6fd461a40593a4c9d786b2a7fcec8f69049c508ee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 03:10:08 GMT
x-content-type-options: nosniff
age: 151428
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33124
x-xss-protection: 0
last-modified: Wed, 27 Feb 2019 07:50:26 GMT
server: sffe
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 03:10:08 GMT

Redirect headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 06:25:31 GMT
x-content-type-options: nosniff
server: cafe
age: 53305
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://tpc.googlesyndication.com/simgad/16718395175647122093
cache-control: public, max-age=2592000
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 10 Sep 2021 06:25:31 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 2EC4 41 KB
15 KB 7ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 16:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 16:47:21 GMT

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/ Frame 0466 36 KB
6 KB 18ms
14ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5616
date: Wed, 11 Aug 2021 21:13:56 GMT
expires: Thu, 12 Aug 2021 21:13:56 GMT
cache-control: public, max-age=86400
last-modified: Fri, 11 Sep 2020 18:40:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame F630 0
61 B 35ms
34ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst2g8hF455XZzeSzlSyzN5uncvVJIQmvDzdTJSGlSJwiLNq8C1A-xZSgIbU_nrhbDinLoS7JoGRYOCPziiT29U3D8Ge1Qd7dM1IWoe5lMca6d8E8ajW1-N5Bn8iubtUQLZA7oaG5V92Nu1-WCopS9wmt1ruZCsBm5_TZyE4PjuGiw8U9cDt8OjiqaQJD_R3IhhwNOisdHSso-56oNDAVroXfSMJwUSV5QsnsBr2DKO0RdZVeuZeYWv2QZKw-BGR1Ubyz2tVafvHcX25LmfJzFe-n_eZcWtw8eyN7l3Ln4y6Y8teawLvLAx1pUXArkIfd6YkCNabHmWFdCax4NjquXH6EPR92xuqzFR4DQGqGsCzU_8oEuun5oxtUU2VC5DsX4sVGPEFxAib1w2XJg-3DQzq27HI7SKk8rpryLj-jy6QuRvFWfNppuFP31F-EZcr9cS2XLG3mTNjHdOcQ54zpEDmSNc4YwzDK_74xaokmXiOWfkUM9g7lEIVkeZVahH-tPfDxeFoNtKQ26qDYVAyWL0Eq4HcmjmRD-J1-xQsisDF4GYQo-K7Es01Z3jQ3U2cim-YG7VgrfbZMHEpRZbIV6W-ojPYQXofSbwz-AvygxGs_-h1Ao0Z2sJ_4ndw2EQ6fhfx_BPAc1FB2Q7YcQ-i0wHEJ5cbhRRGMnes8iWYPoEfmH66CvCIxD82q_xeHpxj_Hy0uT1H3VX-Jhz4_CnNElweepvFbN4RA8ixXcs1a2SgN8QZCYWU7hRmpPwGHYuM8HnwtpcIyDAsPlO-saorulw9V3GTfwEjuz50BCytTrzOQoUjj9rutxFcBxWAlUT4Ee7QpfH_JESP-P634H6TEp6gI1tYypBPhwByjNXYI9RUIAUpwYIYbV3iqZmMVG0eliyqQesAXmpK55m27p2PaqagAmoTEJBecxCY9hnKQTQ8cNxEgLa4iyj-T6non0QPO_ycRclpNV-ynnnxUzpUnyS2wVr6niM0bcKu0JunMIXjojzRnFEoK-PJ8NvU2CB4lsNY0aht_3iXaXYOpH9qzXfDxdWBYedb7t_GIYk-ojHXTH4vc9YrT4QrXxKQ1Ib5jvsEbNXexD0fP9cnhvTv-j0K9D7IfQj_EoFxTH1pksy77qjBO-bA8n3-6GmGB35MHrJK7CF4vvSAJhWEhUAw14tCF_UMA42QjAlDMVH9xdSrsw&sai=AMfl-YR2VOburtuOHdjxgrIjY9iK7hBTgcFDbBr8QPlItN9IzsTa6CgBRQm2UWWhGw1gdxhvmCwJAKgmgWZZ7c34KVJt8vrHH1cPSPimRVWGpLq1ig9x1gJXByZe3qzLF0GF1EPehbFYHytvzUNVJ7oBHvJaRcahYo6876KvXyA&sig=Cg0ArKJSzPDoMy7TL4rwEAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=141&cbvp=1&cstd=137&cisv=r20210809.80867&adurl=

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 11 Aug 2021 21:13:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
skydeutschland.demdex.net/ Frame F630
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=706555163&gdpr=&gdpr_cons...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=706555163&gdpr=&gdpr...

42 B
978 B

36ms
35ms

Image
image/gif

54.171.163.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=706555163&gdpr=&gdpr_consent=

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.163.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-1-v012-012f73cb5.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: kzOLhcmuTts=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v012-0eecf40e0.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: ntibr7ipSLs=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=706555163&gdpr=&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame F630 43 B
1 KB 65ms
21ms Image
image/gif 85.14.248.72
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=21213704&extPm=364525325&extCr=53131065&gdpr=&gdpr_consent=&rnd=706555163

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.72 Bottrop, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Mi, 11 Aug 2021 09:13:56 GMT
Server: Microsoft-IIS/8.5
Date: Wed, 11 Aug 2021 21:13:56 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame F630 41 KB
15 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 16:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 16:47:21 GMT

GET
H/1.1 200
OK j7guwu45m6py Show response
hal9000.redintelligence.net/zone/ Frame 7F61 11 KB
4 KB 44ms
13ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/j7guwu45m6py?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 02469720a7cba20616fc253ccd8d871aee3ca1cea1e398e3fd3054b226f0eac3

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3872
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 index.html Show response
s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/ Frame 4BDC 36 KB
6 KB 16ms
14ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_273.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: s0.2mdn.net
:scheme: https
:path: /ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 5616
date: Wed, 11 Aug 2021 21:13:56 GMT
expires: Thu, 12 Aug 2021 21:13:56 GMT
cache-control: public, max-age=86400
last-modified: Fri, 11 Sep 2020 18:40:52 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame E4B5 0
24 B 59ms
34ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss3_xzfYZxTk686On-HfeVKvwFE4554gMLa7f4T6nSQhqSFptTfB9wxsSXZ6Q5kE5ucAbnKgeKTyAYfDqDg7iOV5bcqUV4kU0UgFN8YeLxEf0M4qwYwKLy4eyxFE5A-NdGI2vzWEhSeK6As6wdRlvOEGiwswhPZd3ZoSpBSvdZMVucmGM5kTdEAKOJ1yzrMFrFBnqpcH7SvcA3otjYLDvQgJw1Nnv0s8Cu2hnPc3ohavr4zxfRzPE41o85_Lp4EwEYuVv4H4PX-Nu4wNMPs0mA9XUrvkLfSMmEgTQOsWIFftjnCvMU3RjPxs2-I9St1ed6zRwkV2BEx7YVEWqnxaWHKnqz5dosYp_adb8em7EE725aQ5xAclg49jTiKM9GzDN_K2yogiFGo5i-4daLAdiOPfATU43lRFFfV745jmma9CQR6VJbBMgGSTEW2ioImloqxm6QGDYY0EFjGFdBL5ypsRAlenjKVpNvLiRo8QdUYNhs4F1qvdK90JC3W4tl9Iz6bhvsWMze-GYWU8WQQC6-XOq0TXPOEGEFa0wBdDAYDIKI0U7uZLl-hFr4JHw0RtueCU5dosx86-bHC5UxaJxJJ-3iG2-vh7KRNxesblhx51OG13Ksg4VxIm0I25Vq2qhKMlP7-sSbLP3t8koXTz56F5TlCZ60VNHFYkEYdKv8SE-gi0gZd15DQCghaOF2nj2CesumLzByA7ctw_mkQ9VuVqgkZa-pNR4rzvK-4zW8depns1d0DNvNLFpli0OX1F5A1XtY9GLywO6PF3fG5F9YPSFJvKgL1tTOSgzz1E9SplZr7nc_15Khc59H_fAgOppbBLGf7QaC7XZXnM5jSE2Wzf9Hy014F7AatOC3Zhw3lExXGGoMO3Ke1GFRqmAH10x8fhsxP4a8R_L0lYOfvzNZQo5p3GKjT1Xxn_6jtevlNuFI-uYodyiZcg1JbFlr11K7NA3asg33MCJVG9bQpzmFeEp70_aMnzTtkFUfoSGUpisoxFtsXIt65dgmqTYRNchVa6lkEIcr6upEc5jtAyRbHXQ2xtQzk9ZMdJBr7lVP-jPAa0uQRho4YF--spoFX4dufw9FnJngDA_ylXYLiY0jD-E9Z6EVSN2IK1N98ZUEskdXWD6hBEK-4uWv__3xPOdnUohhbdaSQ6HO8MTKAmHNe5VZHTnDyPKrNU-dKi8r2EpruXyc&sai=AMfl-YRFuCvRvlAWdRN0Y0qRq1j-XKxQJPU51egp-VKsGjvkkCxSHqlrtm7q2qZi2ZrlYUWIflF2T8FqRvbWQZ3bV200nxKwu83W1pxogsm9kp7N2qA8OKX4bQ2rAqhnLZCIRFUvugUz5xZkFScPKCA0T5m7t4M_u-Bwkg0PLRo&sig=Cg0ArKJSzE7tV33dA7z9EAE&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=154&cbvp=1&cstd=142&cisv=r20210809.62176&adurl=

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Wed, 11 Aug 2021 21:13:56 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

firstevent
skydeutschland.demdex.net/ Frame E4B5
Redirect Chain

https://skydeutschland.demdex.net/event?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=1511790481&gdpr=&gdpr_con...
https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=1511790481&gdpr=&gdp...

42 B
978 B

38ms
37ms

Image
image/gif

54.171.163.246
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.171.163.246 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-171-163-246.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v012-01a7a837a.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: gbcbn6xzS1o=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v012-04fbb91e2.edge-irl1.demdex.com 6.3.1.20210623115127
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: sF8JwoSER6w=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://skydeutschland.demdex.net/firstevent?d_event=imp&d_bu=9532313&d_site=5842564&d_src=158980&d_adsrc=&d_creative=132133369&d_placement=306796677&d_campaign=26005997&d_bust=1511790481&gdpr=&gdpr_consent=
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1 200
OK ai.aspx
m.exactag.com/ Frame E4B5 43 B
946 B 48ms
16ms Image
image/gif 85.14.248.72
MYLOC-AS IP Backb...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://m.exactag.com/ai.aspx?extProvApi=sky-dv360&extProvId=300&extPu=sky-dv360&extLi=21213704&extPm=364525325&extCr=53131065&gdpr=&gdpr_consent=&rnd=1511790481

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

85.14.248.72 Bottrop, Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
P3P: policyref="https://m.exactag.com/w3c/p3p.xml", CP="NOI NID STP STA CUR OUR"
Connection: close
X-ET-Monitoring: 1
Content-Length: 43
Pragma: no-cache
X-ET-Code: 0
Last-Modified: Mi, 11 Aug 2021 09:13:56 GMT
Server: Microsoft-IIS/8.5
Date: Wed, 11 Aug 2021 21:13:56 GMT
Access-Control-Max-Age: 1000
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Cache-Control: private
Access-Control-Allow-Credentials: true
X-ET-Camp: 923
Access-Control-Allow-Headers: *
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 03EF 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 11 Aug 2021 00:07:07 GMT
expires: Thu, 11 Aug 2022 00:07:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 76009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E4B5 41 KB
15 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 16:47:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 102395
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 16:47:21 GMT

GET
H2 200 container.html Show response
20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 19C8 6 KB
3 KB 6ms
6ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
:scheme: https
:path: /safeframe/1-0-38/html/container.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 3108
date: Wed, 11 Aug 2021 21:13:55 GMT
expires: Thu, 11 Aug 2022 21:13:55 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK npoee1nv94vs Show response
hal9000.redintelligence.net/zone/ Frame 3EF0 11 KB
4 KB 37ms
13ms Script
text/html 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal9000.redintelligence.net/zone/npoee1nv94vs?subid=&gdpr=-1&gdpr_consent=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: a5eab91a9543953d01395510d46a0669f4c6a0d50e2ac5ffec8ac27b616f613e

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:56 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 3874
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame FEC5 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 11 Aug 2021 00:07:07 GMT
expires: Thu, 11 Aug 2022 00:07:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 76009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1

200
OK

request.php Show response
hal900029.redintelligence.net/ Frame 7F61
Redirect Chain

https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

128ms
105ms

Script
application/x-javascript

88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: d4d3fc80cdc9e1cf7ef25e1f3615b716575f8dc9f939665bb6d9225c5efe8c1b

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 23721000158626301084702011683029
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1309
Expires: Wed, 11 Aug 2021 22:13:56 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 11 Aug 2021 22:13:56 +0200

GET
H3-29 200 style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/ Frame 42DC 6 KB
2 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

97f6f81b224c70cf2431f07287d287446129697370b4419a9b82838be0ea0174

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 13:48:46 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 26710
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1656
x-xss-protection: 0
last-modified: Fri, 11 Sep 2020 17:03:37 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 13:48:46 GMT

GET
H3-29 200 Enabler_01_244.js Show response
s0.2mdn.net/879366/ Frame 42DC 109 KB
37 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_244.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31935
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38072
x-xss-protection: 0
last-modified: Tue, 07 Jul 2020 18:35:15 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:21:41 GMT

GET
H2 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/ Frame 42DC 59 KB
22 KB 15ms
14ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167902
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21678
timing-allow-origin: *
last-modified: Tue, 21 Jul 2020 23:12:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f177643-eca3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ElotJzT%2BhYGEprA3FO%2F9ZahphdhNC4aJl2iAJX5RAinfT4UfiBGo7ExQXQL2TaUg1JG8RvyVn2cwrAsWyHMf7GLi5%2F%2Bj7k74uL8kDyShzQFaz8rlGBTmeMu13ocLdfoNqR%2Ftx0Jw0Klrtk3kVGEK%2BDbj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67d4788118b3061c-FRA
expires: Mon, 01 Aug 2022 21:13:56 GMT

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame BC44 22 KB
8 KB 7ms
5ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 11 Aug 2021 00:07:07 GMT
expires: Thu, 11 Aug 2022 00:07:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 76009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 0901 22 KB
8 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/Enqz_20U.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 8395
date: Wed, 11 Aug 2021 00:07:07 GMT
expires: Thu, 11 Aug 2022 00:07:07 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 76009
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/ Frame 0466 6 KB
2 KB 9ms
8ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 14:02:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1741
x-xss-protection: 0
last-modified: Fri, 11 Sep 2020 18:40:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 14:02:53 GMT

GET
H3-29 200 Enabler_01_244.js Show response
s0.2mdn.net/879366/ Frame 0466 109 KB
37 KB 7ms
7ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_244.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31935
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38072
x-xss-protection: 0
last-modified: Tue, 07 Jul 2020 18:35:15 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:21:41 GMT

GET
H3-29 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/ Frame 0466 59 KB
22 KB 15ms
14ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167902
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21678
timing-allow-origin: *
last-modified: Tue, 21 Jul 2020 23:12:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f177643-eca3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7HPh3gY5VFUOoSFminpmoXDdewJ0Qq8hw2MAoCnGpxeQBDP616MnnLJxbTIbli6dVN%2Byf5E5BybaSfB7TvMjCi4IDyo9biJVzxDqxCd5gNKj4C%2BkGUMkpUOK2gyQ2GYDKwsoEKLQowuYep1z3DvjzROT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67d478813f742b1e-FRA
expires: Mon, 01 Aug 2022 21:13:56 GMT

GET
H3-29 200 style.css
s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/ Frame 4BDC 6 KB
2 KB 7ms
6ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 14:02:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 25863
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1741
x-xss-protection: 0
last-modified: Fri, 11 Sep 2020 18:40:52 GMT
server: sffe
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 14:02:53 GMT

GET
H3-29 200 Enabler_01_244.js Show response
s0.2mdn.net/879366/ Frame 4BDC 109 KB
37 KB 8ms
6ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_244.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:21:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 31935
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38072
x-xss-protection: 0
last-modified: Tue, 07 Jul 2020 18:35:15 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:21:41 GMT

GET
H3-29 200 gsap.min.js Show response
cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/ Frame 4BDC 59 KB
22 KB 31ms
29ms Script
application/javascript 2606:4700::6810:135e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/gsap/3.4.2/gsap.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2606:4700::6810:135e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 167902
cross-origin-resource-policy: cross-origin
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length: 21678
timing-allow-origin: *
last-modified: Tue, 21 Jul 2020 23:12:03 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5f177643-eca3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Du9fOz4vkx7R0weJgq5kWpzXdhCMx84AJoVcWDBAUEaae4EdQB1mAILdQZWEUxroHDPz9RDLGjfOC1dLDFONL1PoUv%2BK4rVjgClvE6g7r3TehrKxlcFbsUtTH%2FnU0hELvvhvk5dFcu2S2J3TwaNGYuN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 67d478814f8d2b1e-FRA
expires: Mon, 01 Aug 2022 21:13:56 GMT

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame B22D 35 KB
13 KB 8ms
7ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 4376 223 KB
37 KB 13ms
8ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sadbundle/$csp%3Der3$/17626451119355985920/index.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
date: Wed, 11 Aug 2021 19:09:32 GMT
expires: Thu, 11 Aug 2022 19:09:32 GMT
last-modified: Mon, 03 May 2021 14:21:52 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
content-length: 38330
age: 7464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 19C8 0
0 30ms
26ms Fetch
text/html 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=C_v58lD0UYeWpCrGilQfMioLoBfPE9Pxj_8r3gfYN29keEAEg3Nf7ImCVgoCAmAegAZXP6PEDyAEJqQLaq5ede7WzPuACAKgDAcgDAqoE1gFP0Omv0A2656JHH2MWHHy13BT1XIkjx0Swq2HBPXoAX08WLYeU3qFXrj78Xkvu7qvKRaAp-fDzXKtPukafOOIUJZ7XzZ2WSTX4EF9MOO5smTCpdjPMVAu_LpM5nwkKLkF6fVjvKBOQUsmMU-hOlhCKlNI41e_JGrZMV-LUWVONBxi4aCE9M2MF5B-iKZtmU9haYqwaAEBYX3f-MVe7qw-sdVvI_3yPwn7-0I5iirpgENtamPphWfF9SvqPZMjOPVP5en53tf1Saet902_SyRfyyB-AHUl4wATarIXYywPgBAGSBQQIBBgBkgUECAUYBJIFBAgFGBiSBQUIBRioAaAGXYAH07CXDqgH1ckbqAfw2RuoB_LZG6gHjs4bqAeT2BuoB7oGqAfulrECqAemvhuoB-zVG9gHAfIHBBDizQLSCAkIiOGAEBABGB2ACgPICwHYEw2IFAHQFQGYFgGAFwGyFx4KHAgAEhRwdWItNTM3NzUwMDI5NDcxMDQwNxi8ihE&sigh=t0pnVx6-TgE
Requested by: Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 142.250.186.130 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H2 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EC07 143 B
245 B 8ms
6ms Document
text/html 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/s?v=r20120211
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnw_b2t1mPa6DCWzwjNGPKpexGe7KZZgqUbZNyrZD7eWnYRbw1VqhCwN98-Vzs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Wed, 11 Aug 2021 20:42:57 GMT
server: safe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 1859
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 19C8 2 KB
1 KB 9ms
7ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/window_focus_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:11:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 137
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1339
x-xss-protection: 0
server: cafe
etag: 2275704724217174249
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:11:39 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 19C8 124 KB
37 KB 411ms
409ms Script
text/javascript 2a00:1450:4001:813::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:57 GMT
content-encoding: gzip
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
server: sffe
etag: "1628508775336984"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
x-content-type-options: nosniff
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38212
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H3-29 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/ Frame 19C8 14 KB
6 KB 7ms
5ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20210809/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:07:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6204
x-xss-protection: 0
server: cafe
etag: 11055049251678278959
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Wed, 25 Aug 2021 21:07:02 GMT

GET
H3-29 204 l
www.google.com/ads/measurement/ Frame 19C8 0
0 15ms
14ms Image
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRLwLR0mqVrfBO9Fs70_DNLTEl18TaOSxBMyY7oCSDtqNQDCTumYtmo6bDEPDjhX1V9MGBRx-q_NYwRy78nzwLlPIfsbA
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3-29
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

GET
H/1.1

200
OK

request.php Show response
hal900030.redintelligence.net/ Frame 3EF0
Redirect Chain

https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...
https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&cl...

4 KB
2 KB

94ms
70ms

Script
application/x-javascript

136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 0a10aa22450f54557dfce7dba7ec199d37132f442e2b157ff327f79d5ca7b842

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
Content-Encoding: gzip
Server: Apache
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
X-NEORY-SubId: 68719600175274700710616011683030
Connection: close
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 1318
Expires: Wed, 11 Aug 2021 22:13:56 +0200

Redirect headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:56 GMT
Server: Apache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Location: request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0&uidRedirect=1
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Expires: Wed, 11 Aug 2021 22:13:56 +0200

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame 2EC4 0
23 B 29ms
29ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame 03EF 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame F630 0
23 B 28ms
28ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3-29 200 view
googleads4.g.doubleclick.net/pcs/ Frame E4B5 0
23 B 29ms
28ms Ping
image/gif 142.250.186.162
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s08-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:56 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame FEC5 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame BC44 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 4376 2 KB
498 B 14ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

379587f0cc0fe0137ff92ac3ee3671dd1f90119e17e269e26a807a9a668642a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 19:36:04 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:56 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 42DC 6 KB
4 KB 24ms
23ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_244&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

af3f252591eb99c9c714c0ec97bc15bccacb1d121f4fb61a97ea942698391322

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4467
x-xss-protection: 0

GET
H3-29 200 blank.png_1621952551211_blank.png
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 42DC 95 B
118 B 8ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/blank.png_1621952551211_blank.png

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 23:26:42 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:22:33 GMT
server: sffe
age: 164834
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
expires: Tue, 09 Aug 2022 23:26:42 GMT

GET
H3-29 200 DCO_Residential_970x250_Formel1_Sender_V1_1.jpg_1627383057598_DCO_Residential_970x250_Formel1_Sender_V1_1.jpg
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 42DC 65 KB
65 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/DCO_Residential_970x250_Formel1_Sender_V1_1.jpg_1627383057598_DCO_Residential_970x250_Formel1_Sender_V1_1.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9a2c51bb4f513905c22e5aa58fd3fefd299c5c6176e3d843e4c46d5a504fe30f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 15:41:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Jul 2021 10:51:13 GMT
server: sffe
age: 19925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 66722
x-xss-protection: 0
expires: Thu, 11 Aug 2022 15:41:51 GMT

GET
H3-29 200 DCO_Residential_970x250_Formel1_Sender_V1_1750_2.jpg_1627383057598_DCO_Residential_970x250_Formel1_Sender_V1_1750_2.jpg
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 42DC 26 KB
26 KB 9ms
9ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/DCO_Residential_970x250_Formel1_Sender_V1_1750_2.jpg_1627383057598_DCO_Residential_970x250_Formel1_Sender_V1_1750_2.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c38ffa43053e8a0903c19e4de1077ce958984488012358c67db76c568e3029dd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 15:41:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Jul 2021 10:51:03 GMT
server: sffe
age: 19925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 26333
x-xss-protection: 0
expires: Thu, 11 Aug 2022 15:41:51 GMT

GET
H3-29 200 DCO_Residential_970x250_Formel1_Sender_V1_1750_3.jpg_1627383057598_DCO_Residential_970x250_Formel1_Sender_V1_1750_3.jpg
s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/ Frame 42DC 23 KB
23 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812389/s0.2mdn.net/creatives/assets/3690075/DCO_Residential_970x250_Formel1_Sender_V1_1750_3.jpg_1627383057598_DCO_Residential_970x250_Formel1_Sender_V1_1750_3.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce98100c3936bba679df02a3ca94d32a15e6913ae4cec24c35b160a7af0c7b79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/index.html?e=69&leftOffset=0&topOffset=0&c=a9zmnuUnHv&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 15:41:51 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Jul 2021 10:51:19 GMT
server: sffe
age: 19925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23508
x-xss-protection: 0
expires: Thu, 11 Aug 2022 15:41:51 GMT

GET
H3-29 200 Enabler.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4376 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/Enabler.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 18:13:47 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 10809
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5866
x-xss-protection: 0
server: cafe
etag: 544157900006238945
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 12 Aug 2021 18:13:47 GMT

GET
H3-29 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame 4376 26 KB
10 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/index.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 12:37:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 30983
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Thu, 12 Aug 2021 12:37:33 GMT

GET
H3-29 200 sky_medium.woff
s0.2mdn.net/creatives/assets/3668815/ Frame 42DC 27 KB
27 KB 6ms
6ms Font
font/woff 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3668815/sky_medium.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/style.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:08:08 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Feb 2020 12:38:21 GMT
server: sffe
age: 348
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27952
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:23:08 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 4BDC 6 KB
4 KB 17ms
16ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_244&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

98f268d1d377b74fc8884dac14d9a2584d6fa3f34f97e969a9b92af4bc3cca06

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4416
x-xss-protection: 0

GET
H3-29 200 blank.png_1621952972643_blank.png
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 4BDC 95 B
118 B 8ms
7ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/blank.png_1621952972643_blank.png

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 05:38:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:47 GMT
server: sffe
age: 142551
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
expires: Wed, 10 Aug 2022 05:38:05 GMT

GET
H3-29 200 SkyTicket_Sport_300x250_F1_Generic_1.jpg_1621952972643_SkyTicket_Sport_300x250_F1_Generic_1.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 4BDC 88 KB
88 KB 10ms
10ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/SkyTicket_Sport_300x250_F1_Generic_1.jpg_1621952972643_SkyTicket_Sport_300x250_F1_Generic_1.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6c44f914035b2e802131430b0eb46eb6fc752e888d108d422fb80b8e8027ad8d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 05:00:45 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:41 GMT
server: sffe
age: 144791
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 90344
x-xss-protection: 0
expires: Wed, 10 Aug 2022 05:00:45 GMT

GET
H3-29 200 SkyTicket_Sport_300x250_F1_Generic_2.jpg_1621952972643_SkyTicket_Sport_300x250_F1_Generic_2.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 4BDC 76 KB
76 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/SkyTicket_Sport_300x250_F1_Generic_2.jpg_1621952972643_SkyTicket_Sport_300x250_F1_Generic_2.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6575f0cf2715f805306e1f78104a0658a73caa90a523ff01c7d30f9ee202138d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 07:31:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:40 GMT
server: sffe
age: 135768
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 77462
x-xss-protection: 0
expires: Wed, 10 Aug 2022 07:31:08 GMT

GET
H3-29 200 SkyTicket_Sport_300x250_F1_Generic_3.jpg_1621952972643_SkyTicket_Sport_300x250_F1_Generic_3.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 4BDC 64 KB
64 KB 11ms
10ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/SkyTicket_Sport_300x250_F1_Generic_3.jpg_1621952972643_SkyTicket_Sport_300x250_F1_Generic_3.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

27f23d423972a484a8859aaf6ed6f06b8049e2d3601f6fef704253533d75ff1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=McnU1h083l&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Sat, 07 Aug 2021 16:15:15 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:53 GMT
server: sffe
age: 363521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 65495
x-xss-protection: 0
expires: Sun, 07 Aug 2022 16:15:15 GMT

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame 0901 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99959
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 42DC 17 KB
6 KB 39ms
37ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 blank.png_1621952972643_blank.png
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 0466 95 B
118 B 6ms
6ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/blank.png_1621952972643_blank.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 05:38:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:47 GMT
server: sffe
age: 142551
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 95
x-xss-protection: 0
expires: Wed, 10 Aug 2022 05:38:05 GMT

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0466 6 KB
4 KB 16ms
15ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_244&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

abd939286969354845508b802e22a8758e4d0326a15a8db0f8ff5a7039655ea5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4456
x-xss-protection: 0

GET
H3-29 200 SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_1.jpg_1621952972643_SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_1.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 0466 46 KB
46 KB 7ms
6ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_1.jpg_1621952972643_SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_1.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6b8e6866c0bd6940892a862809cb167358a648d5ff08fac8e005a5bfacd8664e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 07:43:40 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:44 GMT
server: sffe
age: 135016
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 47409
x-xss-protection: 0
expires: Wed, 10 Aug 2022 07:43:40 GMT

GET
H3-29 200 SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2A.jpg_1621952972643_SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2A.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 0466 80 KB
80 KB 8ms
7ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2A.jpg_1621952972643_SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2A.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e774d16aae4abd20126ec970c217dab5622004c7587f42708dd1274c8a347403

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 05:01:03 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:51 GMT
server: sffe
age: 231173
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 82250
x-xss-protection: 0
expires: Tue, 09 Aug 2022 05:01:03 GMT

GET
H3-29 200 SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2B.jpg_1621952972643_SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2B.jpg
s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/ Frame 0466 86 KB
86 KB 9ms
8ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dynamic/2/10812395/s0.2mdn.net/creatives/assets/3690075/SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2B.jpg_1621952972643_SkyTicket_ENT_0103_300x250_Comedy_Parks_Recreation_2B.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f31b9ff7335d0fa093957a86997fae3fab28387b0eb13336c71fb27da3be99a5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/index.html?e=69&leftOffset=0&topOffset=0&c=tmpSdHNfSJ&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 05:01:16 GMT
x-content-type-options: nosniff
last-modified: Tue, 25 May 2021 14:29:50 GMT
server: sffe
age: 144760
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-programmable
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 87561
x-xss-protection: 0
expires: Wed, 10 Aug 2022 05:01:16 GMT

GET
H3-29

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame EC07
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si

0
16 B

14ms
14ms

Document
text/html

2a00:1450:4001:82a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

safe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: googleads.g.doubleclick.net
:scheme: https
:path: /pagead/drt/si
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://googleads.g.doubleclick.net/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnw_b2t1mPa6DCWzwjNGPKpexGe7KZZgqUbZNyrZD7eWnYRbw1VqhCwN98-Vzs
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 11 Aug 2021 21:13:56 GMT
server: safe
content-length: 0
x-xss-protection: 0
set-cookie: DSID=NO_DATA; expires=Wed, 11-Aug-2021 22:13:56 GMT; path=/; domain=.doubleclick.net; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Wed, 11 Aug 2021 21:13:56 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 11 Aug 2021 21:13:56 GMT
server: safe
content-length: 246
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v20/ Frame 4376 23 KB
23 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:29:49 GMT
x-content-type-options: nosniff
age: 161047
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23484
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:19:01 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:29:49 GMT

GET
H2 200 N0bU2SZBIuF2PU_0DXR1.woff2
fonts.gstatic.com/s/bungee/v6/ Frame 4376 17 KB
17 KB 9ms
8ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/bungee/v6/N0bU2SZBIuF2PU_0DXR1.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 02:33:34 GMT
x-content-type-options: nosniff
age: 153622
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 17268
x-xss-protection: 0
last-modified: Tue, 01 Sep 2020 03:47:49 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 02:33:34 GMT

GET
H2 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v20/ Frame 4376 22 KB
23 KB 9ms
9ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v20/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:regular,700|Bungee:regular

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: null
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 00:29:48 GMT
x-content-type-options: nosniff
age: 161048
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22992
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:18:57 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 00:29:48 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 4BDC 17 KB
6 KB 21ms
21ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:56 GMT

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0466 17 KB
6 KB 35ms
34ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_244.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame 3129
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873830a7df8deda4aa6?subid=23721000158626301084702011683029&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=23721000158626301084702011683029&actionid=731824&produktid=businessgiro&dt_url=

0
606 B

71ms
36ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=23721000158626301084702011683029&actionid=731824&produktid=businessgiro&dt_url=

Requested by

Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Bad Schwalbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pb.media01.eu
:scheme: https
:path: /view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=23721000158626301084702011683029&actionid=731824&produktid=businessgiro&dt_url=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 11 Aug 2021 11:13:57 GMT
server: Microsoft-IIS/10.0
set-cookie: ASP.NET_SessionId=u01zg14opeqircnzlfhfzflh; path=/; secure; HttpOnly DTU=8FB4C79732A693831C7D278B48066A4E; expires=Fri, 11-Aug-2023 21:13:57 GMT; path=/; SameSite=None; secure; HttpOnly
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 11 Aug 2021 21:13:56 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Wed, 11 Aug 2021 21:13:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Set-Cookie: trscj=MTYyODcxNjQzN3xMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRNekJoTjJSbU9HUmxaR0UwWVdFMlAzTjFZbWxrUFRJek56SXhNREF3TVRVNE5qSTJNekF4TURnME56QXlNREV4Tmpnek1ESTVKblE5YUhSc2NBPT18YUhSMGNITTZMeTh5TUdSa05XWTBPR1V5WldVM01qSmpORGxqTURJMFpXSmpZbVkwWkRKak1DNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D; expires=Thu, 11-Aug-2022 21:13:57 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure SERVERID177589=1|YRQ9m|YRQ9m; path=/; HttpOnly
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=23721000158626301084702011683029&actionid=731824&produktid=businessgiro&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: C3B5AE59:2260_91EFC182:01BB_61143D95_56E7DF1:12831
X-IPLB-Instance: 40027
Cache-control: private

GET
H2 200 / Show response
adv.office-partner.de/ Frame 432D 930 B
1 KB 25ms
6ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

:method: GET
:authority: adv.office-partner.de
:scheme: https
:path: /?utm_source=webgains&utm_campaign=webgains
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

server: keycdn-engine
date: Wed, 11 Aug 2021 21:13:57 GMT
content-type: text/html
content-length: 930
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16ba8ac4"
expires: Wed, 18 Aug 2021 21:13:57 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 7F61 12 KB
12 KB 130ms
92ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=23721000158626301084702011683029&nw=1
Requested by: Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 747a840bad45aa020a2f68fffa8160bcf1f1af1d9c3f29d650713a7b51320203

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:57 GMT
Last-Modified: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29

200

activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735 Show response
5994599.fls.doubleclick.net/ Frame 215B
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735?

391 B
346 B

66ms
65ms

Document
text/html

216.58.212.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735?

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f166.1e100.net

Software

cafe /

Resource Hash

4277498281e4d5d4f23a45156ed4463789da5b23f46bc44b56a3addd020ad932

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnw_b2t1mPa6DCWzwjNGPKpexGe7KZZgqUbZNyrZD7eWnYRbw1VqhCwN98-Vzs; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 11 Aug 2021 21:13:57 GMT
expires: Wed, 11 Aug 2021 21:13:57 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 323
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 11 Aug 2021 21:13:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900029.redintelligence.net/ Frame 7889 7 KB
2 KB 38ms
14ms Document
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request.php?zone=j7guwu45m6py&nw=20&renderingType=javascript&namespace=86e2df9ff8&subid=&uid=0da20a6b82657dd1&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=336x280&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCdj65kz0UYbOsHfHZ7_UPiNOeuAu1zfmDV8zPuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTPAU_Qi6Lpt9zAniZm5FJCGwfIYGKEoHH0kAiK4wX3jR31-bYwSHMlPoFOBSqI7iLkiUgw5eBH81G-GyMgW1Q3ruMJ1FKPJDuNXtudCZHem9qjMhQsFHxCP3YO6128k_cbZq3dptIqea-rPzd_GdmlnVgnhJ-e7R4HdsrP7bap8GM-dwKj1wy0xY7GR7LNVNLDO6QNSAR3J3bt8qfqTjulp_caTOn948yRxOp9JbS-CeN51oFDoE_drhHyjcculq2y8vdH3nkRH_z65jmnerg038AEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRoUPIAMSZE7IeuWqcyBLcAzjW8yQ%26sig%3DAOD64_2gwM1t3-pK7ublFOP6YOYCJ8e26g%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-CnLrP-FBEwpA1hYWP16B3HkDNXis0rSQ9E2FmkxR30MbPYDzD0n12wWEmGdG5zDcbveAez-SLbDcde_00jYAzp0p_XFNpKODw-XaK2sIN2p_-wcla-PIOfotAggAUhgyRWUxwXd_nLaGApY0JHIhiOAMUeuA%26cry%3D1%26dbm_d%3DAKAmf-BXbhkOuDXYTdD8ogpUlvyTboopCb5cwl3AMoksxeODiDDJO_5kJlJPanhE9rLhjDSJVwQd1TB7ldQMtN-uaGtAGQ_dCjISxhFGilWHY3-3P4B7yiWoFuR7mEFil6oaJgSA7f7YY0yV7n-h3N0s-0tWhJ9YvUIf-_qzoJh-H2kpkMJPwp3L_mWBi9oaHrEiGsGCuuX3tq4dv5VHJA_f1kwlRGHp5xN5Ub3Pz3Gqp-njl4mwZyMpDyR2gsvN6f3cURs3fvT1CREondZkW83xL0xIhO4s29sutBeGF85bwmQPuEosn4EpOPfzMhpIiuSI3tD_m0GJKz27Wq2-Vl_u9QikBEwdeOQtRpZ4ywqitye3tCNAC121NspPG1XVVaSwdCj-vk_CdnqRZ7Ocw8Y9AqZWo2HO3WkWOuJjGHobwU_RlNfhMDHFaVI_DRCsNhSh9tdrcdyr%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=8080434800252&isIframe=1&container=&adPos=0x0&adPosCheck=1x1&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: 5fe8339073019358c5929817d72108f77d84e0b7d433c889b721e8c1c67e8c4c

Request headers

Host: hal900029.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=6fde2124cf828d1a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 11 Aug 2021 22:13:57 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2128
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 7F61
Redirect Chain

https://pv.medialead.de/trck/eview/e99aace94e6e5873830a7df8deda4aa6?subid=23721000158626301084702011683029
https://ad-server.eu/wm/pb/native.png

68 B
312 B

182ms
29ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:16:45 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: C3B5AE59:226C_91EFC182:01BB_61143D95_56DA1BB:AE76
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 7F61 43 B
705 B 30ms
14ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=23721000158626301084702011683029&pv=1

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:57 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H2

200

view.aspx Show response
pb.media01.eu/ Frame B650
Redirect Chain

https://pv.medialead.de/trck/epv/e99aace94e6e5873881d3400993e1e7e?subid=68719600175274700710616011683030&t=htlp
https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68719600175274700710616011683030&actionid=879111&produktid=ratenkredit&dt_url=

0
178 B

70ms
38ms

Document
text/html

88.198.250.30
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68719600175274700710616011683030&actionid=879111&produktid=ratenkredit&dt_url=

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

88.198.250.30 Bad Schwalbach, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.88-198-250-30.clients.your-server.de

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: pb.media01.eu
:scheme: https
:path: /view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68719600175274700710616011683030&actionid=879111&produktid=ratenkredit&dt_url=
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
content-type: text/html; charset=UTF-8
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Wed, 11 Aug 2021 11:13:57 GMT
server: Microsoft-IIS/10.0
set-cookie: ASP.NET_SessionId=zzitv21bc55n2v4od5h05lem; path=/; secure; HttpOnly DTU=0A5B281DFE71935C3018B9B8D28CACF0; expires=Fri, 11-Aug-2023 21:13:57 GMT; path=/; SameSite=None; secure; HttpOnly
p3p: policyref="https://pb.media01.eu/pb.media01.eu/p3p.xml", CP="NOI NID PSA OUR BUS NAV STA"
access-control-allow-origin: *
access-control-allow-credentials: true
x-xss-protection: 1; mode=block
access-control-allow-methods: GET,POST
access-control-allow-headers: Content-Type, Content-Range, Content-Disposition, Content-Description, X-XSRF-TOKEN, X-Location
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
date: Wed, 11 Aug 2021 21:13:56 GMT
content-length: 0

Redirect headers

Server: nginx/1.17.5
Date: Wed, 11 Aug 2021 21:13:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Keep-Alive: timeout=20
X-Powered-By: PHP/7.2.21
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Range, Content-Disposition, Content-Type, Authorization
Access-Control-Allow-Credentials: true
Set-Cookie: trscj=MTYyODcxNjQzN3xMM1J5WTJzdlpYQjJMMlU1T1dGaFkyVTVOR1UyWlRVNE56TTRPREZrTXpRd01EazVNMlV4WlRkbFAzTjFZbWxrUFRZNE56RTVOakF3TVRjMU1qYzBOekF3TnpFd05qRTJNREV4Tmpnek1ETXdKblE5YUhSc2NBPT18YUhSMGNITTZMeTh5TUdSa05XWTBPR1V5WldVM01qSmpORGxqTURJMFpXSmpZbVkwWkRKak1DNXpZV1psWm5KaGJXVXVaMjl2WjJ4bGMzbHVaR2xqWVhScGIyNHVZMjl0THc9PQ%3D%3D; expires=Thu, 11-Aug-2022 21:13:57 GMT; Max-Age=31536000; path=/; samesite=none; domain=.medialead.de; secure SERVERID177589=1|YRQ9m|YRQ9m; path=/; HttpOnly
Location: https://pb.media01.eu/view.aspx?trackid=529D4F146E3238B0FD87AE72E1190AD4&dt_subid1=52180&dt_subid2=68719600175274700710616011683030&actionid=879111&produktid=ratenkredit&dt_url=
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload max-age=15768000
X-IPLB-Request-ID: C3B5AE59:2264_91EFC182:01BB_61143D95_56E4EC7:AE75
X-IPLB-Instance: 40028
Cache-control: private

GET
H2 200 / Show response
adv.office-partner.de/ Frame D4C8 930 B
1 KB 7ms
5ms Document
text/html 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software: keycdn-engine /
Resource Hash: 384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7

Request headers

:method: GET
:authority: adv.office-partner.de
:scheme: https
:path: /?utm_source=webgains&utm_campaign=webgains
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

server: keycdn-engine
date: Wed, 11 Aug 2021 21:13:57 GMT
content-type: text/html
content-length: 930
last-modified: Thu, 06 May 2021 15:37:28 GMT
etag: "3a2-5c1ab16ba8ac4"
expires: Wed, 18 Aug 2021 21:13:57 GMT
cache-control: max-age=604800
link: <http://adv-srv.office-partner.de/?utm_source=webgains&utm_campaign=webgains>; rel="canonical"
x-cache: HIT
x-edge-location: defr
access-control-allow-origin: *
accept-ranges: bytes

GET
H/1.1 200
OK link.html Show response
track.webgains.com/ Frame 3EF0 12 KB
12 KB 137ms
99ms Script
text/html 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=68719600175274700710616011683030&nw=1
Requested by: Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: bfc452d9f3bedeaf767796c812477b5cae148e196f69376ab252e33180cd26e4

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:57 GMT
Last-Modified: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Transfer-Encoding: chunked
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: text/html;charset=utf-8
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29

200

activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01 Show response
5994599.fls.doubleclick.net/ Frame 4F29
Redirect Chain

https://5994599.fls.doubleclick.net/activityi;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01?
https://5994599.fls.doubleclick.net/activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01?

390 B
341 B

40ms
39ms

Document
text/html

216.58.212.166
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://5994599.fls.doubleclick.net/activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01?

Requested by

Host: www.opovo.com.br.admin-us2.cas.ms
URL: https://www.opovo.com.br.admin-us2.cas.ms/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

216.58.212.166 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f166.1e100.net

Software

cafe /

Resource Hash

9b05a11101e907dcc74a4f399e1e67ac4d6bf45e11a59748099d1aee86e1989b

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: 5994599.fls.doubleclick.net
:scheme: https
:path: /activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01?
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: IDE=AHWqTUnw_b2t1mPa6DCWzwjNGPKpexGe7KZZgqUbZNyrZD7eWnYRbw1VqhCwN98-Vzs; DSID=NO_DATA
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 11 Aug 2021 21:13:57 GMT
expires: Wed, 11 Aug 2021 21:13:57 GMT
cache-control: private, max-age=0
strict-transport-security: max-age=21600
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 318
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 11 Aug 2021 21:13:57 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
follow-only-when-prerender-shown: 1
strict-transport-security: max-age=21600
location: https://5994599.fls.doubleclick.net/activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01?
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H/1.1 200
OK request_content.php Show response
hal900030.redintelligence.net/ Frame D6B8 7 KB
2 KB 39ms
15ms Document
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request.php?zone=npoee1nv94vs&nw=20&renderingType=javascript&namespace=c6788b4a23&subid=&uid=d0e7e33911ac42bb&screenSize=1600x1200&screenSizeAvail=1600x1200&clientSize=0x0&scrollPos=0x0&extData[]=&envData=&gdpr=-1&gdpr_consent=&ud=&redirectClick=https%3A%2F%2Fgoogleads.g.doubleclick.net%2Fdbm%2Fclk%3Fsa%3DL%26ai%3DCz6iMkz0UYbasHfHZ7_UPiNOeuAu1zfmDV8zeuavlDPAuEAEg3Nf7ImCVgoCAmAfIAQmpAtqrl517tbM-qAMBqgTSAU_QlBBO1sZmsrLNJbwRXMkKvFpYFnHm6RNn1Gd3IIeU2hJtwhc22R6YlzrB1ABCk2KHkJOFn0JfMeaTVW--Q754H_8KftUY9FptGRFUVDe_FZsdXTmXV2bBokSpx-MfFZbDPxe9yawzBuvbcBqXlemqq9-_kYP6lOI5wh4nIWQNTcoTTDT_a3pGqE6EGXO4XRRoGOzdbhsxSp6oDJQHD5XHCnZuNTbvoAfCG8AYuyljPF2b6LQwklsha3bPCqouygKY9uObA5CAaTFmTfOAVYINesAEqp38vs8B4AQDkAYBoAZNgAfr5-heqAfVyRuoB_DZG6gH8tkbqAeOzhuoB5PYG6gHugaoB-zVG6gH7paxAqgHpr4bqAfs1RuoB_PRG6gHltgbqAeqm7EC2AcA0ggJCIjhgBAQARgdgAoDmAsByAsBgAwBsBPCmtoK0BMA2BMD2BQB0BUBgBcB%26ae%3D1%26num%3D1%26cid%3DCAASFeRovG9NzbmqqX0hLO31G7uGl0duQw%26sig%3DAOD64_26NdfQooCNeY7lbK2KCfdiuVdrNQ%26client%3Dca-pub-5377500294710407%26dbm_c%3DAKAmf-ATS8vpb8yNYPigUeX5RtzSCYEnT_FItYkawaeVoCE2CBI6oFaQlJjaEhY1YDhdwBpZFzakaQbHuQn7e5rdTOW1rN-JVSygIS04o3g1lcBE0Bx373eLTdQ3gTGrkOQP1Gd1rB8JE56C6jW_yfLfBUxU-nCOqQ%26cry%3D1%26dbm_d%3DAKAmf-D8tJx67Bh2mBk2TDyOjUkFxMMI7oES3DCp8iixVZkG98fuCiwclHi4bze-i0Wk-90N9JB8t20Om4CZtSk43LV7vy8PafOxm3aFb_DfvjWjOua9xGms4nN-nPRn1xkfbQwAKPNQonlI6Y9anMzRoXkN56dyUhQ4verc7AGz_j2JEbPnaoWmbX9oiUfj9Ms7r2Dl0-01cXPDTtBGarEAZFsTIuo80tpDgB7YIyyY4jvPqa5Tb-pmb54dWH-ejEYNaNQJbsKvivByjcLUZNVoR7bnBoFbHmeVrGwucXa55UYrqFxrEgpRI3Ob2AcAyN78IChCh2XtH8qTK3Wl4Co9c256TyW3JjvhJYso0RE4ULZY_dLe7d114aIbZFDaHFMXhlu6iq1C0ChhVi0gET9K24t1JsdgoA1RuiK8p0hD2U08qKJScfEbX2Q9t-NPoH7n0CiZTUv4%26adurl%3D&documentReferer=https%3A%2F%2Fwww.opovo.com.br%2F&ancestorOrigins=https%3A%2F%2Fwww.opovo.com.br&random=7041233432420&isIframe=1&container=&adPos=0x0&adPosCheck=0x0&adtagId=0
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: 1509f6d1114fa0ad3c3258128cbac300fdfc4def9bcc1690e7bab94ea85fdc23

Request headers

Host: hal900030.redintelligence.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: 8lcfmzhxc8d6_uid=6fde2124cf828d1a
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Wed, 11 Aug 2021 22:13:57 +0200
Pragma: no-cache
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2049
Connection: close
Content-Type: text/html; charset=utf-8

GET
H/1.1

200
OK

native.png
ad-server.eu/wm/pb/ Frame 3EF0
Redirect Chain

https://medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68719600175274700710616011683030
https://pv.medialead.de/trck/eview/e99aace94e6e5873881d3400993e1e7e?subid=68719600175274700710616011683030
https://ad-server.eu/wm/pb/native.png

68 B
312 B

114ms
28ms

Image
image/png

54.76.176.197
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ad-server.eu/wm/pb/native.png
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.76.176.197 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-76-176-197.eu-west-1.compute.amazonaws.com
Software: nginx/1.4.6 (Ubuntu) /
Resource Hash: 93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:16:45 GMT
Last-Modified: Sat, 21 Dec 2019 23:06:59 GMT
Server: nginx/1.4.6 (Ubuntu)
ETag: "5dfea593-44"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68

Redirect headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: nginx/1.19.7
X-IPLB-Request-ID: C3B5AE59:2264_91EFC182:01BB_61143D95_56E4ED1:AE75
X-Powered-By: PHP/7.2.34
X-IPLB-Instance: 40028
Strict-Transport-Security: max-age=63072000;includeSubdomains;preload, max-age=15768000
Content-Type: text/html; charset=UTF-8
Location: https://ad-server.eu/wm/pb/native.png
Cache-control: private
Transfer-Encoding: chunked
Keep-Alive: timeout=20

GET
H/1.1 200
OK cshow.php
www.awin1.com/ Frame 3EF0 43 B
705 B 20ms
14ms Image
image/gif 104.111.239.217
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.awin1.com/cshow.php?s=2519595&v=14098&q=379097&r=296283&pref1=68719600175274700710616011683030&pv=1

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

104.111.239.217 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a104-111-239-217.deploy.static.akamaitechnologies.com

Software

Resource Hash

2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:57 GMT
Strict-Transport-Security: max-age=86400
P3P: policyref="http://www.awin1.com/w3c/p3p.xml", CP="NOI NID CURa ADMa PSAa HISa OUR IND UNI PUR COM NAV"
Cache-Control: no-store, no-cache, max-age=0, must-revalidate
Awin-Akamai-Rule-Set: default
Node: Helix
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame A8BE 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99960
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame 8E61 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99960
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame 94B3 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99960
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
DATA 200
OK truncated
/ Frame 914F 219 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5c5a77f9800815c3c6e5aeb1b0607d3b77ac7372a9804cd5775e61dc02a1b019

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2
fonts.gstatic.com/s/googlesansdisplay/v15/ Frame 914F 20 KB
20 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/googlesansdisplay/v15/ea8FacM9Wef3EJPWRrHjgE4B6CnlZxHVDv79oQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Google%20Sans%20Display%3A400

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 07:30:47 GMT
x-content-type-options: nosniff
age: 135790
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20900
x-xss-protection: 0
last-modified: Mon, 19 Apr 2021 22:53:16 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 07:30:47 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 432D 90 KB
35 KB 15ms
14ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

90d5239db1aaa33c8c9c7645a27c5f805e4a1dc614dba32358a213ad1137549c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36116
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame D4C8 90 KB
35 KB 22ms
22ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TBMT2SF

Requested by

Host: adv.office-partner.de
URL: https://adv.office-partner.de/?utm_source=webgains&utm_campaign=webgains

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

82ddb41786c5dbc18c39ba71edf3dff78aa5d8cc8f4ba8da018d5f3cb678e145

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://adv.office-partner.de/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:13:57 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 36118
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H3-29 200 css
fonts.googleapis.com/ Frame 7889 4 KB
648 B 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 19:32:42 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7889 15 KB
15 KB 36ms
13ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/laptop_1200x627.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 78c0f75a6623c51b457ab4c9cb029f9a126ea6e4c91cf7a4ef068f6ab5e4b6f9

Request headers

Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 15250
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7889 16 KB
16 KB 35ms
12ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: ffc8cae87ca06c2f9622b6ecf8880d1e25525ee1445724c1fbdb10ae12cc4cc7

Request headers

Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16529
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame 7889 17 KB
17 KB 285ms
13ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 5a762079bc40b1cf7de00f77a397f83b5168d21eef19a51845e24fd50b874642

Request headers

Referer: https://hal900029.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16858
Vary: Accept-Encoding
Content-Type: image/png

GET
H3-29 200 css
fonts.googleapis.com/ Frame D6B8 4 KB
648 B 15ms
14ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Requested by

Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 11 Aug 2021 19:32:58 GMT
server: ESF
date: Wed, 11 Aug 2021 21:13:57 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 11 Aug 2021 21:13:57 GMT

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D6B8 16 KB
16 KB 1050ms
13ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/6383/creativesup/postbank_pool_privatkredit_1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 8db455f33493a19689b104d3c13901e6c3ddc6dbbff3a96f6c54177c55c643d7

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16248
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D6B8 16 KB
16 KB 1049ms
13ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/30229/creativesup/1200x627_Office-Partner.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: ffc8cae87ca06c2f9622b6ecf8880d1e25525ee1445724c1fbdb10ae12cc4cc7

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16529
Vary: Accept-Encoding
Content-Type: image/png

GET
H/1.1 200
OK /
hal9000.redintelligence.net/scale/ Frame D6B8 17 KB
17 KB 1050ms
13ms Image
image/png 178.63.52.121
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://hal9000.redintelligence.net/scale/?nw=20&mode=bb&width=120&height=60&url=https://cdn.contentspread.net/24i/advertiser/3839/creativesup/father_daughter_1200x627.jpg
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 178.63.52.121 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.121.52.63.178.clients.your-server.de
Software: Apache /
Resource Hash: 5a762079bc40b1cf7de00f77a397f83b5168d21eef19a51845e24fd50b874642

Request headers

Referer: https://hal900030.redintelligence.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:58 GMT
Content-Encoding: gzip
Server: Apache
Connection: close
Content-Length: 16858
Vary: Accept-Encoding
Content-Type: image/png

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 7F61 60 KB
61 KB 1127ms
33ms Script
application/javascript 54.192.219.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=23721000158626301084702011683029&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.219.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-219-70.mrs52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 056581eb31e79e98718114a4bd8c104cb64eec86bc5a996a28e61220f3aad189

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: zmpZOOhCPWgwSGI0KhEOhezEiMOIyjV9
via: 1.1 65276759ad449c7bd056011d5cc53b7e.cloudfront.net (CloudFront)
last-modified: Wed, 28 Jul 2021 09:15:25 GMT
server: AmazonS3
age: 137264
etag: "a36c650003d82cecddad8f5c37f2cc75"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Wed, 11 Aug 2021 03:59:04 GMT
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
content-length: 61522
x-amz-cf-id: 0ID7ZCVbbZVOKHZ0LOJQYt2_qhznmaPPlcFUbOvC52j28GVn7vl36Q==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 7F61 79 B
374 B 105ms
32ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=Vta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeWbIYIwEMXiR_Jec6hJWJ6_MJety5Red2an_EyIxjAKnEIssuTTOUTyShJmVqZtpBSKxUC56MnGWpwoNSUC550ial.rIN90MLJc.d_1Jpmr.S9RdPQSzOy_Aw7UTlf_01kKHoNvWjV.lV9dYeRJdmcK4rTJfweMtdUTlfe2Rc7L1eWNNW5BNlYiMfTjV.6qM&wgcookie=%7B%22wgifp7121%22%3A%5B%2299582%22%2C%227121%22%2C%22498343%22%2C%22%22%2C%221628716437%22%2C%22https%253A%252F%252F20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com%252F%22%2C%22%22%2C%22%22%2C%221636492437%22%2C%2223721000158626301084702011683029%22%5D%7D&wgchecksum=19d71a38a1216253546a752371821b66&userIP=195.181.174.89&doAffectv=1&wgtime=1628716437
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=23721000158626301084702011683029&nw=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Epsom, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 7F61 85 B
541 B 1067ms
23ms Image
image/gif 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=19507300177422400710612011683001&wglinkid=498343
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:58 GMT
Last-Modified: Wed, 11 Aug 2021 21:13:58 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Content-Length: 85
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01
adservice.google.com/ddm/fls/z/ Frame 4F29 42 B
262 B 16ms
16ms Image
image/gif 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CK28rsXxqfICFY0f0wod6FcI6Q;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5901485148558.01?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 null-leasing-logo-final_white_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 4376 2 KB
2 KB 7ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/null-leasing-logo-final_white_1.png

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 153270
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1738
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 10 Aug 2021 02:39:27 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 02:39:27 GMT

GET
H3-29 200 autos_licht_1.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 4376 6 KB
6 KB 8ms
7ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos_licht_1.png

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 81437
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 5867
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 10 Aug 2021 22:36:40 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 22:36:40 GMT

GET
H3-29 200 autos.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 4376 48 KB
48 KB 9ms
8ms Image
image/png 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/autos.png

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 120710
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 49113
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 10 Aug 2021 11:42:07 GMT
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 11:42:07 GMT

GET
H3-29 200 hintergrund_plain.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/ Frame 4376 30 KB
30 KB 10ms
9ms Image
image/jpeg 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/17626451119355985920/hintergrund_plain.jpg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 118612
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30604
x-xss-protection: 0
last-modified: Mon, 03 May 2021 14:21:52 GMT
server: sffe
date: Tue, 10 Aug 2021 12:17:05 GMT
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 10 Aug 2022 12:17:05 GMT

GET
H2 200 pvClk.min.js Show response
analytics.webgains.io/ Frame 3EF0 60 KB
61 KB 1104ms
48ms Script
application/javascript 54.192.219.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.webgains.io/pvClk.min.js
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=68719600175274700710616011683030&nw=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.192.219.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-192-219-70.mrs52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 056581eb31e79e98718114a4bd8c104cb64eec86bc5a996a28e61220f3aad189

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-amz-version-id: zmpZOOhCPWgwSGI0KhEOhezEiMOIyjV9
via: 1.1 65276759ad449c7bd056011d5cc53b7e.cloudfront.net (CloudFront)
last-modified: Wed, 28 Jul 2021 09:15:25 GMT
server: AmazonS3
age: 137264
etag: "a36c650003d82cecddad8f5c37f2cc75"
x-cache: Hit from cloudfront
content-type: application/javascript
date: Wed, 11 Aug 2021 03:59:04 GMT
x-amz-cf-pop: MRS52-P2
accept-ranges: bytes
content-length: 61522
x-amz-cf-id: WVbcOeITxNVbb_pzbJMOZ-4lMtED-qFlbrhHb1vq-zzv5WwFOMLL4A==

GET
H/1.1 200
OK hit Show response
diapi.webgains.com/2.0/ Frame 3EF0 79 B
374 B 1042ms
33ms Script
text/javascript 81.29.72.47
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://diapi.webgains.com/2.0/hit?callback=hitCallback&wgpayload=Fta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeWbIYIwEMXiR_Jec6hJWJ6_MJety5Red2an_EyIxjAKnEIssuTTOUTyShJmVqZtpBSKxUC56MnGWpwoNSUC550ial.rIN90MLJc.d_1Nhmr.S9RdPQSzOy_Aw7UTlf_01kKHoNv_jV.lV9dYeRJdmcK4rTJfweMtdUTlfe2Rc7L1eWNNW5BNlYilMk.1TM&wgcookie=%7B%22wgifp7121%22%3A%5B%2299582%22%2C%227121%22%2C%22498343%22%2C%22%22%2C%221628716437%22%2C%22https%253A%252F%252F20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com%252F%22%2C%22%22%2C%22%22%2C%221636492437%22%2C%2268719600175274700710616011683030%22%5D%7D&wgchecksum=62fa757104bcda436aa9755169569a9f&userIP=195.181.174.89&doAffectv=1&wgtime=1628716437
Requested by: Host: track.webgains.com
URL: https://track.webgains.com/link.html?wglinkid=498343&wgcampaignid=99582&js=1&viewref=68719600175274700710616011683030&nw=1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 81.29.72.47 Epsom, United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 81-29-72-47.servers.dedipower.net
Software: Apache /
Resource Hash: 0071fa71bc6cb76506dfe6863764423ec9e264f8c1c5dce0c440c0a40d8628b4

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Aug 2021 21:13:58 GMT
Server: Apache
Connection: close
Content-Length: 79
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK link.html
track.webgains.com/ Frame 3EF0 85 B
541 B 1066ms
25ms Image
image/gif 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://track.webgains.com/link.html?wgcampaignid=99582&viewref=69923100168569501084712011683017&wglinkid=498343
Requested by: Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 11 Aug 2021 21:13:58 GMT
Last-Modified: Wed, 11 Aug 2021 21:13:58 GMT
Server: Apache
P3P: policyref="http://www.webgains.com/w3c/p3p.xml", CP="NON DSP COR NID ADM DEV CURi OUR NOR COM NAV"
X-WG-cache: hit
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Content-Type: image/gif
Content-Length: 85
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H3-29 200 dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735
adservice.google.com/ddm/fls/z/ Frame 215B 42 B
63 B 44ms
44ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735

Requested by

Host: 5994599.fls.doubleclick.net
URL: https://5994599.fls.doubleclick.net/activityi;dc_pre=CMamrsXxqfICFYvO3godkGMA_A;src=5994599;type=invmedia;cat=g2slskko;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=5024516879220.735?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://5994599.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 19C8 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1319746730175dd9fc742218d66aa93d8a443bbf763a793cd20af4dbc74b3a19

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK viewability Show response
hal900029.redintelligence.net/ Frame 7889 0
150 B 41ms
17ms Script
text/html 88.99.219.174
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900029.redintelligence.net/viewability?s=23721000158626301084702011683029&a=7a13a718&vb=m
Requested by: Host: hal900029.redintelligence.net
URL: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 88.99.219.174 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.174.219.99.88.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900029.redintelligence.net/request_content.php?s=23721000158626301084702011683029&a=9fff3e9b
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 200 6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame 7889 16 KB
16 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900029.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 21:40:42 GMT
x-content-type-options: nosniff
age: 171195
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15948
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:32 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 21:40:42 GMT

GET
H3-29 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
fonts.gstatic.com/s/sourcesanspro/v14/ Frame 7889 16 KB
16 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v14/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Source+Sans+Pro:400,600

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://hal900029.redintelligence.net
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Mon, 09 Aug 2021 21:40:42 GMT
x-content-type-options: nosniff
age: 171195
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16112
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:10:09 GMT
server: sffe
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 09 Aug 2022 21:40:42 GMT

GET
H/1.1 200
OK viewability Show response
hal900030.redintelligence.net/ Frame D6B8 0
150 B 37ms
14ms Script
text/html 136.243.149.243
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://hal900030.redintelligence.net/viewability?s=68719600175274700710616011683030&a=650183a3&vb=m
Requested by: Host: hal900030.redintelligence.net
URL: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 136.243.149.243 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.243.149.243.136.clients.your-server.de
Software: Apache /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://hal900030.redintelligence.net/request_content.php?s=68719600175274700710616011683030&a=d7a93c4e
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Wed, 11 Aug 2021 21:13:57 GMT
Server: Apache
Connection: close
Content-Length: 0
Content-Type: text/html; charset=UTF-8

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B22D 0
20 B 45ms
45ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWQtzlD0UYd3WDZX2gAf_n5ugDQAAAAA4AeAEAg&bg=!ERKlElbNAAbOj6irzo87ACkAdvg8Wq2Q9VTAlhChF3sD0XF8bShwRD2aFhZRFqhIytS_wrlCAOq8nAIAAALGUgAAALVoAQcKAMVQJMmxeiNRtjvC68ChXnM-OMxNfvVWx2SpzdnCdsxDWscGEj4O4Y7ZdJNg94KwRe4lkQAcnmNdOC23NrD-j3EcUNkRmhty-G-kZBqFN6HrRaV6NxTzF7Yrl9JH9jCwAQIm-nJcZlt3iajTerkjR0hW7Ubswa6XlPcCEFan_go0TzZOdC4XqleMqqIZOyjTCL9JMwPoO3nDL1gFuGv-A3EYKyTs9qb85nRblESo7mRmmGF9o_MGgouHH8ycn30HisacKZoxkJkCyTMVXs7CdD1hpqASGGQg4bD5psflVB3jFmyPQID3z6bHisKI1En4kqaeNUAWD5qqWHro5Sr9AnCm_k4-HWB9iKUfGA9E6BoXyWHuuppic2ob4nQ-LvfShv_v39i7aR8PH5f4mpQHbN20eRyRQuO7ni0zcYSIeKgmCNLACmbU9ws5MZjAqGLMslxlmgD8JNrhfwoct-CZF6G7DUGAwJdNA6BKeVXW6H5cRT-F-F0cxLm46NZdecxXnMTc0lxR70j-OLbUHOC1lZRgYbnEpGNiqLAw_1RWHZ4lwOJX0ENeuoubRfnFzJO5o1wHR5OtOTOTELsd5dZp1byRxsv2DGX9bbTQQX88h9bzotDGCaDmeQ8uhBjJuujrVqqkQdtkRjYcWibaxmiyAwDqfNBiesL0MyKCUiZmpK7hRjIpQiQsFbC7mVN6FfPBKpkQ6Xul5fs82pmAUIlMoO0N2Q23WJHYYfFpSown8W-dIwiMf0rhGTzFltdt_1f6DTrlZWTRo1P3UfRtbnY74ZXcLH-p5lK6aczrqPAGQIjUgQmKLSjI7WiG8ZbLhpRQBxrcvi37ycs5LpPg2Uncfh2xZ2jNu8K3kbCMA4Tl7ZkSMIP4SAZ8FV0paI6b7kK5e-MDGW2rGhYtponPIYU4f-SpQNcL8x_DR6Xe-vd-6iqPskc-Mz8ZFQPs0LVCNW4RxrqtdG8tDipa2ckxOZTjPbHPCB41FcdiT-NPOSjJXdBnTo8hKCIdZLlXzFk-ygNFyhKibhV-4FzWFp8f96PFMnY1i5aep80q1KKkCzonuxhi7oh5byZJocP2rTixSJ74diZw1pvU9qrXImLaFmQDiZuxW_nL7T1HZceVQG-dg0aNyUis1BWoIyNBW8UAd-bwxXwJOU6_gAN3QYCPbD8IDR6MCmfCaygGJfWsRPdBlahPF9o5LThyCuepXKuZdOoblfL_

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 03EF 0
20 B 43ms
43ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BWZ16lD0UYZruEKTH3gO5-5PADQAAAAA4AeAEAg&bg=!zc6lzorNAAbOj6irzo87ACkAdvg8WtKxSjEViKESxVi0ZegRGBOxhVgjxAz9bCtV1HgaPh9HSRpGIgIAAANGUgAAAFxoAQeZAsKGkPEh-QWhIvB1oJ_CNGEb3LP8CA0gpG2OrJeMsgTjikah5QzcJqImCKlSHvtBe7tIboSvFl5TmMqPNhH7pU2v6QDWFhcMYb3p9apESFAs5reqIqXwtTa5XEbUJ8TdF8uk-fwyYFjUQU6zcQDuHqSX9Akrf2LcqP1swj20i7d2pXyTeOvujOBIGBvdU3EFEnFG89ZDgbG0X2_6mc9ZWYGuPv0NiGzHrTxrXEWX5kp2vTrUKMX0OFfWoKAy_xKfMsz4kvbq_0HXggolBpONpnaExsqIcfVxvKSh4QMaIZzUGalnDeWv3LHS-WG7eb9xqS_K-MK3Ijff_SX2goK19A0E5j5R1NBfScqBIwL56l0UfA8Bc0mz3wyByDwv6eb0qDw_mxSi7J_L9sFw2T2mgoBnNyw4H8AVYGYjWnHjEJ44z0vQzs4unmwyQhU2KVwr6vq3Fc8XR48hPjkaoPPFNPjfpSHoYzzV1zo8gYEftauxZxG8XBIOxt09dBDO0HnWjQ8EqBJQYb4vh-gQhEgX0Hop5UEY01x00czPlrJhuFz-F1o-cDSPq2_bdhSJLQFMJB0N5dLyvCHlJ3oWQiwj9XhwEKIcDBMKlbj8sHupzQ7_UWx3tR4-lSwUKGZzbs7g7MHII1_2Dk_MoMP2vlpMOnsXFIPubUO7pQqYDgDT4ua3KT5MfRdnUeJXo5_tEjXvhXZB8849xNbOM6gGCaBN1RiU94HeeUBf9VOrnWw8q_6uJpMAD6B7Y0k5x852K0EsfDfTwLURiPOA9HZi3kgdvNnV9jt89wEsIaRKXw73dppjpK7-blMycrZB97EJrfMyYbcf0pHoKtWF0hCipxYaT2uApvVM4XtFmZCYMNehVDUK1s5s69_7ukCbmn6nFwK4pRuyHIw3sOkT3nFchYBxCt7jw5DlxpBOCFycLf09h4frBvx-

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame BC44 0
20 B 44ms
44ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BqrJdlD0UYbqgC73Lx_AP7IeemAEAAAAAOAHgBAI&bg=!CAulC0_NAAbOj6irzo87ACkAdvg8WvPk9L41mo8JoLEhKeF8poNpjNJSWh0gHfHEv9Gy32jhMkvlcgIAAAMTUgAAAGJoAQeZAsLjN5D7URo7Isrf8Q1ADv72Bzs3kMabJZX4Rt3ZUNE3nzsHL_Tz54QA8tUPpSj3q_HXqelhr4UXQihombc0DdVF3gbyuQKDKLWShr_isyQUfkxTJ3AtDnntsCc_Vt7kBK4B02Oi9yauyCygXC51iT92LblTwE37I977LjkFdS9-Qd5aLveZK5148FEqyV2fwUxDDEZWG9Z0aaf81Gmx7v7dhngP1UrVHfwA5MI7A2YS5fG9ZpYPH2FW76PL78N_0UU7mHCgAxn88Pndku7KD0PRR3JVwrf_LvYf2lA81qVs8pYS2FlAeqy80ylcQTiV1U0ylUkMNQcs_qXD7ZPbcAfsn8RkhGvYacC8omcHwm-mj_O3-Y3rlBsfNgmjUfidCzpeOUGSgRsrPyCmH5vaUx9qgbe2Vzu9yCwRRjiE4gYBexekwkAaeDbB-y3mmzLWVrs-6RVBtW-dwRdMaPKbCL8zul2MdxQU0YeWen4iXbVECRD0bHXEL-SsmlPyFmg0HauaSHjtObRIIAK7fdMmukAu49Exn6-ijGk-O-sHmldEvvg3qmiQreTUgpkOwtEw9fcqfQJrlTDCjn8ZV0sXlNkxaUOal-Jlz1FJsHFN7iOAtyCruj4hx3UwUhPUKsH397dn_sKWUViQ_CK7nQ7RXBF6ohI4OUv84IIwlP0YfinR_wHVXocRHVAb32X7faNMoYHrOdrddGF85039YWJhPeSbJUkJhrZAQX62VpwAs4N9Us6Mbw5fICCtR_u41TnL6A4uLvi9_tUR2IuRH5IR-maa76W41Md7Q8OHQBRLEr1CQGpAysraSA48gpZKTJnmjEz4cqpuuvqs6qqcgP-hFvEd2edSspWWw_MjxIAoAqyXj5DsbblbSwNFCOaXO9eC4IiZnq8Mx6M2we7D802ZSaGwBF-WhRCk3LKPO01Zy51E0icg

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame FEC5 0
20 B 42ms
41ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYXIllD0UYfOCC62P7_UPrdew6AUAAAAAOAHgBAI&bg=!4OOl46fNAAbOj6irzo87ACkAdvg8WgTh-OFwvf5x4v3xyJdSUoN4_YL8rRao3cleCYMTZn4AGsf_xAIAAAN7UgAAAENoAQcKAK2_2XvdNCTMhx85posy7WZhA4kD93xQBz7FrYTGzGzr_Z8fNJOa9b5vBldO4O5tkOBNyPQ6EMytGt_Y7OyIXLR4qKP1cIPu9TF67D0n4Ssd_Wtuv3ebvqPxRKeXf1eKO99KfPDVzFWi-H1GckQaBPpmmJHBzKu5IQYXGCSGogFbuabGNkUtKGcL-ZhXPXG1zWiDLu6GtkH2km5uW9sSKgSskcw1k_cTxxeaxJcf4JkC0nQGFQAuR-4cBLN9BgKB6Htat3w-if2j3VSAOM5kAYg_-8OzV8v6LRBtkIZtVuDlq5Dhr9qR-WFOXgy8iYgwQLsfBJhQLVKK2YPdcTfe4WEh2aNKDRb6E3TfKSsmpyjMgPrDkyCucupe4vESnHMBiUS6E2Dqx45X_NVNi5kFo8-EDsEYyDSSG4f8284fPBgEpRZTh-OGb4MwF1qnRtbGj558O0JANCVVolTiyrc6Mji5S8WXrf-B4XoNMR6RZuYfJj0GJQzQypoUR1g9wsaizcaZqEDrRAO7g5Th9ZcWP1duxA_OL11JJunmJJsBkKUfTAITivHW2qVTVHdQB33rg8I90rQyDW1doKsoMLLvNhr1SmgIbcmbFXY2j2GiRggDHFJclTRTCy3lrARWIFYPU8tu4xxsRuvUO3hI_JxWoLvRIXltgdaNLCdeNhwbBic584YDhokULvGqK8X-qiTKPVl-g6NQFUONVDQUN4HUdujjUfh2Z4KP-N0z9-eakkbIxbs6_I-scZC5SnZcLfOrAT3X6m5kJssOw2pL8dEghkMWnyR4dOGbF1hmQVw1PmR68QN8RbxcLSrIKk6bupQzuoOZJDs5JqS4DtURZwNepPULH7I-tMnSKfZ_jn3_DDatGMms9rVPxTSVidefN1kEoJ7rcLJGihyy0uV89N2qjU5Opq6bstd_SnrWU5djCFvs20plOmyVSPVwaotL-QpM7FEnEvftW8wmr2W3J7SLZfkusHIP_EgpECdcLCEP7El8pRU5iFt6nopHfp-BfvOHso0YEO0Dc1I6e6ydxnaXL8l8-Rx6m3eWpxmrH1PkJKHrmLEIJOy5bmOcYMc4hJrwnN-21DkNlpz7wOecLPADg6_5kfEpgPYOJBDDswa5E5k-HD95LFTJomfcWe_sh1Vq6mzeU7er3JBdP9eU0bPx92mVeoaVHdIoAbGhLjLQGGQaHZ6v

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 0901 0
20 B 49ms
48ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B7kC8lD0UYcuBDq2M3gOemKTYCgAAAAA4AeAEAg&bg=!FRalFlLNAAbOj6irzo87ACkAdvg8WhMQ_TBrSfvK-F3RV8uvqEVqKxsywpA7oi5HvHgG8Ic02upz6AIAAAMLUgAAACNoAQcKAKSrU2Q7fKlx3G47_GVsnfgqV8myzoV4mmiAt7rgieAYD8c6NDASe072XZUl-8no6cKssQMjz7KVNKFIpN4s8vBtAtNOH1g6CjhJpd5A8IkUR20YQvB0vsbq8rvoADN0xHnE78GxPHBiiyqxIm_3k-CIctHyN-ZxYA2TQARrbWPPspMcdMK2Pml7yPTtnugFQWmsc1h5laCqMTkjk8e7BL0ANpo3RZkCzN4X9X0clVrYDV554Qovb7npJQqll8GChw34M539qekQG7cXzsau_BrdggacDARc5wcKKSJ6WFxUm-SGEHrx5QY0VSrJg9_51XWlS5kPLwo7eJKdQMOGB61N_mWju2-MW0VPJv2bTuWnuJ8in7T3ziGJnjWDdM_c9REiGOIe_MuNLf5G56yhJRbKbdKmNKNvvgX3VH53j8vV9ybHOsCLARX_Sjsm-N-et8RrjKFvMjaQnJNO-ZeOpBK1waeize7NPJFWnsIPwsy8IrXFPanvqIG3uwcd6OjEnPLVtEVVB0aqmwcpJHTz1Q3mgriFd5UKTzNWYXzAmSED_3giWYhywOvQX7mkc1nSxobo5fOsfG4gr43HB3SVVuwvK0g17lJ4engRSH7dvi_zD_h1og78b-U3D3VxhSABXZb_UT_BN5lI9IcfyM7oxVvJvxjy5y5Az7yrhKhX_xZch2WN08FHLUPGD5u-BMcHsyLW2O1G5Flt9rQh4KWgcezNyKgpH8G8mHmEDHAr3HiCRcMK1gTWDnGpewC_uwmH2iqHH5Q9b52j5_2OercIeFR5FtA8W1hKr1-_F2NABnJPudnWmjkt_54Wtn4Ccdy9f7sSTuzRkctCbuWHX5sZZvAb9s7JTJzTX4--3JiHPFV6zircuoBgrC7Nsf7AE1o5AjY1E8lzYOxfdjojjsakox_lwGqc3nV7WgOyPVCkUsrXAfSjR2JEJBx3GRJJNKtIuVGMz3DTeq45QddJ4c9TKbgeDrr3Yy7wRpp4w-U-4CmyTvJyDqHOi3odE5a9UUjDEq2Dg3pYIUMLWfrS_9QEfrJgk3AYy6p0Z_6bKtUIGeRRyCa0p44y0YzspN0tkrlciDMvx6_6bAWdcnS93JCwbrb9htCFWfaXiox97jFRhjfsjpyyrfnAPv8OannwAaXd-pszc-gpHEb7Rto_qs7LexL2B1LV

Requested by

Host: 20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
URL: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:13:57 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 log_event Show response
www.youtube.com/youtubei/v1/ Frame 9B66 28 B
299 B 18ms
18ms XHR
application/json 2a00:1450:4001:830::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/youtubei/v1/log_event?alt=json&key=AIzaSyAO_FJ2SlqU8Q4STEHLGCilw_Y9_11qcW8

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/s/player/4224c673/www-embed-player.vflset/www-embed-player.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json
X-YouTube-Utc-Offset: 120
X-YouTube-Client-Name: 56
Referer: https://www.youtube.com/embed/RShXiDjJIIA?enablejsapi=1&origin=https%3A%2F%2Fwww.opovo.com.br
X-YouTube-Client-Version: 1.20210808.0.0
X-YouTube-Time-Zone: Europe/Berlin
X-Goog-Visitor-Id: CgstSTJqTmQ1N1M2byiT-9CIBg%3D%3D
X-YouTube-Ad-Signals: dt=1628716435868&flash=0&frm=2&u_tz=120&u_his=3&u_java&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_nplug&u_nmime&bc=31&bih=-12245933&biw=-12245933&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C610%2C343&vis=1&wgl=true&ca_type=image&bid=ANyPxKqxuBAy0v-CBUBsePtS6_OM5K-NGfJKq0uQUoQjBBQUxaMolouLIgu-EMdjkN_yvY8hakhf2LfRERXEZVH0Dk51xMjQwQ

Response headers

date: Wed, 11 Aug 2021 21:13:58 GMT
content-encoding: br
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
vary: Origin, X-Origin, Referer
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cache-control: private
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:13:58 GMT

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 7F61 63 B
270 B 73ms
36ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=Vta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeWbIYIwEMXiR_Jec6hJWJ6_MJety5Red2an_EyIxjAKnEIssuTTOUTyShJmVqZtpBSKxUC56MnGWpwoNSUC550ial.rIN90MLJc.duaCqiLs2dI_AIQjvEodUW2vqCRc7L1eLY6Rhw.5B0KBSIX_DK1civm_U_HzCpxv5icCmVWN9e4WX3NlY5DtThuy.2m2
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Aug 2021 21:13:58 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

GET
H/1.1 200
OK fp_decode.html Show response
track.webgains.com/ Frame 3EF0 63 B
270 B 313ms
36ms Fetch
application/json 46.236.13.147
DEDIPOWER

General

Check archive.org

Show headers Download Go to

Full URL: https://track.webgains.com/fp_decode.html?wgpayload=7ta44iFBBNlY5Du4UXuKrnZ2CI9XkPrwVL6tqAhbrmQmkqlE4Ww.GEFF0Yz3ccbbJYMLgiPFU77qZoOSix5ezdstlYysrhsui6STpjB9TjQDKMhO3f9p_nH1u_eH3BhxUC550ialT0iakiEocEcEJ1w.CxUC541jlS7spjt.gEngMQEjZr_WhXTA2s.XTVV26y8GGEDd5ihORoVyFGh8cmvSuCKzIlnY6xljQlpRDuxfTNJxTqRejPm8LKfAaZ4ySy.aPjftckeWbIYIwEMXiR_Jec6hJWJ6_MJety5Red2an_EyIxjAKnEIssuTTOUTyShJmVqZtpBSKxUC56MnGWpwoNSUC550ial.rIN90MLJc.dua0qiLs2dI_AIQjvEodUW2vqCRc7L1eLY6SY.0Y.KI6JsdI_FeAiwdMtJjnSUTlfe2Rc7L1eWNNW5BNlYilMk.5.h
Requested by: Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_128_CBC
Server: 46.236.13.147 , United Kingdom, ASN24931 (DEDIPOWER, GB),
Reverse DNS: 46-236-13-147.servers.dedipower.net
Software: Apache /
Resource Hash: 84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e

Request headers

Accept: application/json
Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 11 Aug 2021 21:13:58 GMT
Server: Apache
Connection: close
Keep-Alive: timeout=1, max=100
Content-Length: 63
Content-Type: application/json

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 7F61 16 B
232 B 82ms
82ms Fetch
application/json 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-101-139.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.21

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 11 Aug 2021 21:13:59 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.21
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 95ms
29ms Preflight 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-101-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 11 Aug 2021 21:13:59 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 tracking-event Show response
api.webgains.io/ Frame 3EF0 16 B
232 B 90ms
90ms Fetch
application/json 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.webgains.io/tracking-event

Requested by

Host: analytics.webgains.io
URL: https://analytics.webgains.io/pvClk.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-215-101-139.eu-west-1.compute.amazonaws.com

Software

nginx / PHP/7.4.21

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: application/json

Response headers

date: Wed, 11 Aug 2021 21:13:59 GMT
x-content-type-options: nosniff
server: nginx
x-powered-by: PHP/7.4.21
x-frame-options: SAMEORIGIN
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, private
x-xss-protection: 1; mode=block

OPTIONS
H2 204 tracking-event
api.webgains.io/ Frame 0
0 83ms
29ms Preflight 52.215.101.139
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.webgains.io/tracking-event
Protocol: H2
Server: 52.215.101.139 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-215-101-139.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

date: Wed, 11 Aug 2021 21:13:59 GMT
server: nginx
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS

POST
H2 200 collect Show response
www.google-analytics.com/j/ 2 B
67 B 13ms
13ms XHR
text/plain 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j92&a=1279857775&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.opovo.com.br%2F&dr=https%3A%2F%2Fwww.opovo.com.br.admin-us2.cas.ms%2F&ul=en-us&de=UTF-8&dt=O%20POVO%20%7C%20%C3%9Altimas%20not%C3%ADcias%20de%20Fortaleza%2C%20Cear%C3%A1%2C%20Brasil&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=RD%20Forms&ea=Viewed&el=escolha-de-newsletter-d40ab0d6a7038b3a503f&_u=aDhAAEABAAAAAC~&jid=1055730626&gjid=2043957938&cid=1658683163.1628716435&tid=UA-23310373-1&_gid=1714665948.1628716436&_r=1&gtm=2wg891WBWHQHX&z=1045366624

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:01 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 14ms
14ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j92&tid=UA-23310373-1&cid=1658683163.1628716435&jid=1055730626&gjid=2043957938&_gid=1714665948.1628716436&_u=aDhAAEABAAAAAC~&z=925160672

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Wed, 11 Aug 2021 21:14:01 GMT
content-type: text/plain
access-control-allow-origin: https://www.opovo.com.br
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 ga-audiences
www.google.com/ads/ 42 B
63 B 18ms
18ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-23310373-1&cid=1658683163.1628716435&jid=1055730626&_u=aDhAAEABAAAAAC~&z=247402881

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 17ms
16ms Image
image/gif 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j92&tid=UA-23310373-1&cid=1658683163.1628716435&jid=1055730626&_u=aDhAAEABAAAAAC~&z=247402881

Requested by

Host: www.opovo.com.br
URL: https://www.opovo.com.br/?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 sky_regular.woff
s0.2mdn.net/creatives/assets/3668815/ Frame 42DC 33 KB
33 KB 7ms
6ms Font
font/woff 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3668815/sky_regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/style.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f738547bbcdbef189de47347ad84fc0bb0c15164980f51a0214706fa5c94a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61460724/20200911100337694/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:03:13 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Feb 2020 12:38:24 GMT
server: sffe
age: 648
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33980
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:18:13 GMT

GET
H3-29 200 sky_regular.woff
s0.2mdn.net/creatives/assets/3668815/ Frame 0466 33 KB
33 KB 6ms
6ms Font
font/woff 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/3668815/sky_regular.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/style.css

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2f738547bbcdbef189de47347ad84fc0bb0c15164980f51a0214706fa5c94a73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://s0.2mdn.net
Referer: https://s0.2mdn.net/ads/richmedia/studio/pv2/61453748/20200911114052183/style.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:03:13 GMT
x-content-type-options: nosniff
last-modified: Thu, 20 Feb 2020 12:38:24 GMT
server: sffe
age: 648
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 33980
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:18:13 GMT

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 9DFC 0
0 34ms
33ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsuxPRJX0Juj3NYalF-jrgkIMz8pNhhk9e3gEnbykV_k2QZ86ajUKYr-LRwIPDD9TpTgH57Y9wcfnPV_dGdBa3bPQAeJ-7qS4f_jWOhAuoPqJ9sAK7-McBAzjPtxoIGrZnMiYawkRGcXe0A1PhDrGUUa1E3jhx59s5LBlxPJ2s2gslj-nFV2hF8NiAasvbwYeiA2RCEAQ2uFe5BwIeiAdkFbWuiU6cFrVSp08w6wV9hGUnDTdrIMGOvAF3ZPfLQggEtZPMhRIdNE14Xfeod486iJKqDOHqpY8XdMR08BM7U65v88mgGNCmi5iXjsgsgbELu8fb08Vw&sai=AMfl-YRfrsgaIS9-VTLcC8N05Hkz2ceir6yI4M1CqJ_-WrzT0UzEgUzRSvKsg7cWN1Aym35dHcgNjSMS9b189L5N4Gge26xNhO6lThaNPDiPh1YGlWVIS6QA6FLl0zzddhM&sig=Cg0ArKJSzP2MJTUlqDSXEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
DATA 200
OK truncated
/ Frame 9DFC 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94d7b69fb7e7650f35431ef09583d547ec990997d617cef32357525f7811ed96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 7F61 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 97393a112daec37c07950204785734138594145ebc9a7ca627327e6959571d65

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 view
securepubads.g.doubleclick.net/pcs/ Frame 54AD 0
0 26ms
25ms Fetch
image/gif 142.250.186.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsthaz3Hj6SrYiGS9FiV8OJvTK8U-NDJYHkJA-bPh2mwebHWh1LnuxPvLgwAr2W0e-Oosn1nUiEM3J7yMDqEWrjaKNH-lfef2_7eUXjZpAQyT0CQG2TvGsHd7EZq_P252v_0X0Qc-khyVUGNi6FecL8pcZCH__GYtUZ-VRnRnyhDvlVNexm5GarjppBTixtzFz8mfKZZYhC0_nlD4h6LlZIO7GR9trgN5cwr7Q97ROBADXXqGRfGGVSlVNnjDz2vpSn4m_6dH49aGTxrzH2oHrIs-QM10UMP3wNCDHSQLbaedQMoBxITpy9mukFoeITK-EoK&sai=AMfl-YSWGp2oJBkn6HpxTlsUTBFQqtWxM2itrOtAi7mZ9yndIY7E3Pp5SUjXJPgWkVh6BnEL_gEcdS_vh4Ek0w6KOQ9eqFkIhv-bSgG_ecIq-TzCalFg79es0JiQmdqnorI&sig=Cg0ArKJSzGOpdQOM7c0VEAE&adurl=

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

142.250.186.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s07-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:14:02 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
DATA 200
OK truncated
/ Frame F630 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bc0bf498e9001e3b48b9c62401bd9b1abeabe273ea0daa06a7bcaf28b43f648b

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2EC4 215 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91d0e4ecb3ea604c246525ebbeeb5bf06f2f9968ce52ceebcbac89a593033f37

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/png

GET
H3-29 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 18ms
18ms XHR
application/json 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021080501&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f0db6195e48e8eaa4269aed7b4accd79741ac69c251c9b468fb1114ef63a24c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

timing-allow-origin: *
date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8558
x-xss-protection: 0

GET
H3-29 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 34ms
34ms Script
text/javascript 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021080501.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Wed, 11 Aug 2021 21:14:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1624308425655142"
vary: Accept-Encoding
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6467
x-xss-protection: 0
expires: Wed, 11 Aug 2021 21:14:02 GMT

GET
H3-29 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/224/ Frame AF84 12 KB
5 KB 6ms
6ms Document
text/html 2a00:1450:4001:80e::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80e::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: tpc.googlesyndication.com
:scheme: https
:path: /sodar/sodar2/224/runner.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
content-length: 5029
date: Wed, 11 Aug 2021 20:01:27 GMT
expires: Thu, 11 Aug 2022 20:01:27 GMT
last-modified: Wed, 02 Jun 2021 17:09:45 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 4355
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 aframe Show response
www.google.com/recaptcha/api2/ Frame A8C3 783 B
532 B 41ms
40ms Document
text/html 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

a315211ce0ff1a546557ea0467ee97aa7d9329a0771bfdcf2611f6a940e44114

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-eCNjqAjO43YAyNwuAoym+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.google.com
:scheme: https
:path: /recaptcha/api2/aframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.opovo.com.br/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://www.opovo.com.br/

Response headers

expires: Wed, 11 Aug 2021 21:14:02 GMT
date: Wed, 11 Aug 2021 21:14:02 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-eCNjqAjO43YAyNwuAoym+Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3-29 200 O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js Show response
pagead2.googlesyndication.com/bg/ Frame AF84 35 KB
13 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/O2l1W4tcrMlErSQCfrpxGkyfOY9pZOaE8-TKtI4Qkek.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/224/runner.html

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 10 Aug 2021 17:27:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 99965
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13203
x-xss-protection: 0
last-modified: Tue, 03 Aug 2021 09:38:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 10 Aug 2022 17:27:57 GMT

GET
H3-29 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 42ms
42ms Image
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=224&t=2&li=gpt_2021080501&jk=2257128310838884&bg=!cHOlczfNAAbOj6irzo87ACkAdvg8WoBpQB393qy0nBcwKasJCXnAN1ZaZ8HW5CuudlLwqYNVmOtBjgIAAACKUgAAAA1oAQcKAIlzm803wsD5uj0ok-sRz4SZhmxf15FVUDRN8PF4QVWw6FRfUAPBN1p004yf_DReqvGIk1ygk4fOnOhd-ETgv6PqEOdlxddSJKfW7bLKCB7Pb13lLG1T0IAJ3OCcVcLHh5Y1E4Fyh7Srn52caKd6kpJ428lfwwXmXi_DmUwMChk2Li34gQJHyGL6qpkCbuEVuQ4MUoHB9RNhNxLKY4-NSfWEGg6y3uSOffc92anuavsX66X5RKC4B4Ygrzf5ucxAh-_pNlHlIdyWdBs9-BcN2hSfRGqZzheGee73SHUwlXP2j53cnRJh5kIkVTfOWoNRXT9o-sASkyZ3vM4YTqxqLkJWggeWEcHVn2u0fzKIShmbsdtVnLYFV-EY3gDlTkQyQ3PbNSapLoESXdR7pIfoFKg27zhiMFTyxlsg5hg-5RlfBI3VcCqn_3AqMWZqzZnYQrEZMosDjmX6hsq0sibJDG8qFC3WNEYTBwmn9w6iiP00K8Z8uPX1a13G_2IEZpVOGpJp1UlfsOHK7yZWyU_oLOAhoEY0FcRohofQCEyYRClE_yTcdO30Vf4kZX-6N5U0OQgIpq8_7ux-yJbovcVayfGLuB9VisMe2eXZrLZaSfI2_Bz-0kxLRAZlV0OZFgKpvLVqS1GpTAsmiQu1-6FXD5ryhqtSdUNRu2_eDhGVpUgj2_AfL2InZ2TqeQhR8AqPOf-tU_PMF-UeplMaE8kLnoPTjwgFOZu6KrlVEhqzMW58t-WKoQkddlbInYyS-fjM-4oHNWDYHT_fD9PX6h7Vf51BNuh77CaHiHeXaCJ42PN8rOxNGbxr5LCObPnx7azYzvViLdN2FyIy9DMmpTTYF492Tv1z_yfn26ntCIoEiQYmmw0b1OLn-ZOcjSM67dWTWZxR3I2N22OhQmHqsN3tQALGFQnm6v_4f-3KpO-CwTW4pbH2x1yZPQmfODn-cZTV0FvRmbMZ5zOfGMgwsvFSOexlemwGuCulE_WM611fPCsEr4JosUL93zkb3XQ

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:02 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 9DFC 42 B
64 B 42ms
42ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvY0I5oQ8keAFH1IVc7iWdBSiSr4Ce85a4teu1_04x4sMUTGA4qulEbe_LKw6aNj1vt2Q7EQ3iMZ9ursOvkT_hdQ-YpeURvCUaYo8FC6L3JFVQgCHCW&sig=Cg0ArKJSzDzDCvV3YVlSEAE&id=lidar2&mcvt=1000&p=1140,640,1200,1108&asp=1140,640,1200,1108&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20210809&bin=7&avms=nio&bs=1600,1200&mc=1&app=0&itpl=3&adk=765604454&rs=4&met=mue&la=0&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628716435837&rpt=6240&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.opovo.com.br/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3-29 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 2EC4 42 B
64 B 45ms
44ms Fetch
image/gif 2a00:1450:4001:801::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstKrgD2NAqzxbdZIwx2CeA4_Yj0xysnhjP67OzWuMqjBeTOTimXJAbPdHLkQ3IIekaqsprje4mumx8HeqqdKB44Sdfjv6_ikCXPggrnPb2C0uISYYchsKdGU5J7YQ&sai=AMfl-YSzn4Mn3TCWM9vtN8CI-hL7O6qlOdNyp5v7Z1Mg_FKYhuEp7uEokFMeG_XdQQfZU4xaZB7DQ7e2eSzBQvPYnweUlQ_tYuLgcSAOE2ZLHJXPSkameMzNCzGg_dP-t0M&sig=Cg0ArKJSzDS5lTf6n-KqEAE&cid=CAASFeRoWEDypxjlotQtklx0-pLXukW7gg&id=lidar2&mcvt=1000&p=300,315,568,1285&asp=300,315,568,1285&mtos=0,1000,1000,1000,1000&tos=0,1000,0,0,0&v=20210809&bin=7&avms=nio&bs=0,0&mc=0.93&if=1&app=0&itpl=20&adk=2160817647&rs=4&met=mue&la=1&cr=0&osd=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCxudWxsXQ%3D%3D&vs=4&eosm=0&rst=1628716435848&dlt=134&rpt=6412&isd=0&lsd=0&msd=0&r=v&speed=1

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:03 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMI85z5xPGp8gIVrce7CB2tKwxdEAAYACCCpfY-QhMI7sHOxPGp8gIV8ey7CB2IqQe3;met=1;&timestamp=1628716446889;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame 2EC4 42 B
515 B 92ms
55ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMI85z5xPGp8gIVrce7CB2tKwxdEAAYACCCpfY-QhMI7sHOxPGp8gIV8ey7CB2IqQe3;met=1;&timestamp=1628716446889;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIy5v8xPGp8gIVLYZ3Ch0eDAmrEAAYACD544A_QhMI9MHOxPGp8gIV8ey7CB2IqQe3;met=1;&timestamp=1628716446937;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame E4B5 42 B
107 B 50ms
50ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIy5v8xPGp8gIVLYZ3Ch0eDAmrEAAYACD544A_QhMI9MHOxPGp8gIV8ey7CB2IqQe3;met=1;&timestamp=1628716446937;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIurr5xPGp8gIVveURCB3sgwcTEAAYACD544A_QhMI8sHOxPGp8gIV8ey7CB2IqQe3;met=1;&timestamp=1628716446953;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;
ade.googlesyndication.com/ddm/activity/ Frame F630 42 B
107 B 49ms
49ms Image
image/gif 142.250.185.162
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIurr5xPGp8gIVveURCB3sgwcTEAAYACD544A_QhMI8sHOxPGp8gIV8ey7CB2IqQe3;met=1;&timestamp=1628716446953;eid1=871060;ecn1=1;etm1=0;eid2=2;ecn2=1;etm2=10;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.162 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s51-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 11 Aug 2021 21:14:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

100 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.redintelligence.net/	1970-01-19 22:34:52	Name: 8lcfmzhxc8d6_uid Value: 6fde2124cf828d1a
.office-partner.de/	1970-01-20 20:25:16	Name: source Value: {"webgains_webgains":{"timestamp":1628716437731,"clickCookie":false}}
.doubleclick.net/	1970-01-20 05:46:52	Name: IDE Value: AHWqTUnw_b2t1mPa6DCWzwjNGPKpexGe7KZZgqUbZNyrZD7eWnYRbw1VqhCwN98-Vzs
pb.media01.eu/	1970-01-20 13:56:28	Name: DTU Value: 0A5B281DFE71935C3018B9B8D28CACF0
.opovo.com.br/	1970-01-19 20:25:16	Name: _gat_UA-23310373-1 Value: 1
.doubleclick.net/	1970-01-19 20:25:20	Name: DSID Value: NO_DATA
.opovo.com.br/	1970-01-20 05:46:52	Name: __gads Value: ID=c66a65ccf8826f1f-22164a4f9dc80028:T=1628716435:S=ALNI_MYBcyIBdgtpsMKFxKX_GgtnnatgUg

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://code.jquery.com/jquery-3.6.0.min.js(Line 2) Message: jQuery.Deferred exception: $(...).fancybox is not a function TypeError: $(...).fancybox is not a function at HTMLDocument.<anonymous> (https://www.opovo.com.br/reboot/includes/assets/js/main.js:4:1576) at e (https://code.jquery.com/jquery-3.6.0.min.js:2:30038) at t (https://code.jquery.com/jquery-3.6.0.min.js:2:30340) undefined
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://analytics.webgains.io/pvClk.min.js(Line 1) Message: Webgains [object Object]
console-api	log	URL: https://www.opovo.com.br/?(Line 743) Message: Service worker registered. https://www.opovo.com.br/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20dd5f48e2ee722c49c024ebcbf4d2c0.safeframe.googlesyndication.com
5994599.fls.doubleclick.net
ad-server.eu
ade.googlesyndication.com
ads.yahoo.com
adservice.google.com
adservice.google.de
adv.office-partner.de
analytics.webgains.io
api.webgains.io
cdnjs.cloudflare.com
cm.g.doubleclick.net
code.jquery.com
connect.facebook.net
d335luupugsy2.cloudfront.net
diapi.webgains.com
dsum-sec.casalemedia.com
embed.radiopublic.com
encrypted-tbn0.gstatic.com
encrypted-tbn1.gstatic.com
encrypted-tbn3.gstatic.com
fonts.googleapis.com
fonts.gstatic.com
forms.rdstation.com.br
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
hal9000.redintelligence.net
hal900029.redintelligence.net
hal900030.redintelligence.net
i.ytimg.com
ib.adnxs.com
m.exactag.com
mais.opovo.com.br
maxcdn.bootstrapcdn.com
mcasproxy.azureedge.net
medialead.de
pagead2.googlesyndication.com
pb.media01.eu
pixel.adsafeprotected.com
pixel.advertising.com
player.transmissaodigital.com
pv.medialead.de
s0.2mdn.net
script.hotjar.com
securepubads.g.doubleclick.net
skydeutschland.demdex.net
static.adsafeprotected.com
static.doubleclick.net
static.hotjar.com
stats.g.doubleclick.net
sync.search.spotxchange.com
sync.teads.tv
tpc.googlesyndication.com
track.webgains.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
www.awin1.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
www.opovo.com.br
www.opovo.com.br.admin-us2.cas.ms
www.youtube.com
yt3.ggpht.com
104.111.239.217
104.111.242.245
13.224.89.106
136.243.149.243
142.250.184.194
142.250.185.162
142.250.186.130
142.250.186.162
143.204.98.26
145.239.193.130
178.63.52.121
18.184.201.8
185.33.220.243
185.94.180.126
2.18.234.21
200.194.101.94
2001:4de0:ac18::1:a:3b
216.58.212.166
2600:9000:2175:a200:8:48e:53c0:93a1
2606:4700:3033::ac43:c0c1
2606:4700:3037::6815:3403
2606:4700::6810:135e
2606:4700::6812:acf
2606:4700::6812:bcf
2a00:1288:80:800::7000
2a00:1450:4001:801::2002
2a00:1450:4001:801::200e
2a00:1450:4001:808::2003
2a00:1450:4001:808::2006
2a00:1450:4001:809::2001
2a00:1450:4001:809::2016
2a00:1450:4001:80e::2001
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::200e
2a00:1450:4001:810::2003
2a00:1450:4001:810::200e
2a00:1450:4001:811::2001
2a00:1450:4001:812::2003
2a00:1450:4001:813::2002
2a00:1450:4001:813::2004
2a00:1450:4001:828::2002
2a00:1450:4001:828::2004
2a00:1450:4001:828::2006
2a00:1450:4001:828::2008
2a00:1450:4001:82a::2002
2a00:1450:4001:82a::200e
2a00:1450:4001:82b::2001
2a00:1450:4001:82b::2002
2a00:1450:4001:82b::2008
2a00:1450:4001:830::2006
2a00:1450:4001:830::200e
2a00:1450:4001:831::2002
2a00:1450:4001:831::2003
2a00:1450:4001:831::200a
2a00:1450:400c:c0c::9a
2a02:26f0:1700:d::1737:6e8f
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a0b:4d07:101::1
3.126.56.137
34.68.90.188
34.98.64.218
46.236.13.147
51.79.78.239
52.155.166.50
52.213.249.25
52.215.101.139
52.84.45.59
54.171.163.246
54.192.219.70
54.192.219.81
54.192.219.92
54.76.176.197
81.29.72.47
85.14.248.72
88.198.250.30
88.99.219.174
94.23.99.218
0071fa71bc6cb76506dfe6863764423ec9e264f8c1c5dce0c440c0a40d8628b4
01926c1dc655b802e2f4e5f9501684064f48e6ac9bd9ec900968937fe44dea1a
02469720a7cba20616fc253ccd8d871aee3ca1cea1e398e3fd3054b226f0eac3
02b42891008d9664f81c4d4a49510e55a943f863a79b711ef820ee778cf1c46f
039a425d15fb3b11e7cff30eac2c2bc63be9013a7d04d59e4b17c6a5e787f3cd
056581eb31e79e98718114a4bd8c104cb64eec86bc5a996a28e61220f3aad189
08409d08d8d118c6c6d1c375e079bfce656ac367ff4d1dd9551fff110033c185
0a10aa22450f54557dfce7dba7ec199d37132f442e2b157ff327f79d5ca7b842
0ad109632376588f52247123a1faf794c8611b3b420c46386d00427733623a3d
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0f2759813c496e3e16910b64efe9471f26296a311003c8b01f2c056eccc515ff
10ad0fbca352f0d3867dcbf157d2995634564a7f1d648e3599af809ac5d8c8e4
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11dc66a366c3952a0dbed2205d6d5c48c26200befa3a4ccb6112be49ab774878
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
1319746730175dd9fc742218d66aa93d8a443bbf763a793cd20af4dbc74b3a19
1509f6d1114fa0ad3c3258128cbac300fdfc4def9bcc1690e7bab94ea85fdc23
17a7e110fe75abb6ae45bdb59eb36815371f0dcbf3a2a8b1296dccef40cc487b
17b47a1ed2cd2e1ec86f4735497e2956eb34be0a66fc20b427148f65c6ebaca5
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
19b7fbb7d2c2b44d319cbd02d4a37289b73fb75fa20a350a055fc84b0b96d7d0
1c3bd00be556bf95f92a2ab1119b8b26544a1997ab0c09f86490bc32339ad32e
1c45bfa2dc80f54eb8564aa778a0929a00811168617ee6340cc59f0af48e5cca
1df872b27381fae0c7d9347f74f1e3a80de82342c209844355e92537b0320b35
1f3cd9162638b743c8bf4d939bcfd1dc256f2e97231e13b5cff600502a78a10e
21c656c6aae5babedb87b7511e29fad50499615042bf7fdf35667dfcbbf19acb
2392bb69de9eb1e9efad1da54204d43b70c52e5b6004b053d1e645fac906ac3f
25178aeef6eb6b83b96f5f2d004eda3bffbb37122de64afbaef7107b384a4132
25a97b6f96010411d7098a277fc392cf8fe4c024a5bb5ef44b9da7790f0c0022
27f23d423972a484a8859aaf6ed6f06b8049e2d3601f6fef704253533d75ff1c
2c0f3dcfe93d7e380c290fe4ab838ed8cadff1596d62697f5444be460d1f876d
2c9e67bb91ac1a22d5c655ed5f9aaed86ee2974e68da1255a259fe49309f4a60
2ca9c4e355f5caba2d98744fce8cd95767b4196f3670388328d6af12ce5394f7
2cff7ab03cb4e476b49ea05511c6cfcc71af6d5ed20d40e9b40ee31062149e77
2d981ce75575944eb8894c8288c35a4a433e0073294af0bbe2e197ad896bc4a4
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ecc69ac2569c7d51c47188683562fa35f391a92207a4ea4cfce6327ed4b7124
2f738547bbcdbef189de47347ad84fc0bb0c15164980f51a0214706fa5c94a73
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
357839b656a38b688c109822362a471abf0cfa1c50b94f913e8c141fba7f59bf
36fc82ad82111bf7da88225f18aab0e154bed6944094d09f837b4e7ab2b8713c
379587f0cc0fe0137ff92ac3ee3671dd1f90119e17e269e26a807a9a668642a9
37be7a267c93deed806a27dbc7c367081e0f9399a76748a20e6f9f5e20ee51c0
384179ee8fb1fd393558e28ea811532ea776e8cd69f9e94f379ddefb78948bd7
3893d9665f8fbf07ef6b354ba585077392c45b3f503831a7e1e6ec48d2e2270b
3a57826dd4437403ec9dffe3d8a907466926d7123e4a765ec724d79ae24e1d54
3b69755b8b5cacc944ad24027eba711a4c9f398f6964e684f3e4cab48e1091e9
3c30f9db6ce74a9fadf8de7de2ae7e23428d3c043f576184c391908f8154d2f7
3df581ede5b6755ba8ff7ed918d78063854a7b1d499a9beb4a86abfe5cecb307
3e1dcab28d56d415e3591c4a20dcb4f579750ddbc5c2927db2693537a3be3d18
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3f0a286769312e8db193ae35a08d50d0b60988e0e8faf3d4f9294b822617fe63
4277498281e4d5d4f23a45156ed4463789da5b23f46bc44b56a3addd020ad932
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
4373878b9f750698b6a199ebc0eb0e550df208c5a1f9f778a346e271a2b4d733
47175b1daa58725f19ffe6baa072761eeb7e1c80cb30e4c6ba0e58b0605915aa
475700259e64d480d1a70023e14741bb298a025e338bb608552e2472d4505a65
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d49733b68153b5908d90444dd86378352eba5f9c0915fdb780f409ea126a889
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4fa0156d693856f79289525c8e4db988a188d55ce0283351c96d811c7ce3e2c3
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51068d7e137c6b7726ed0c3761e2d5f06707bf6d43f9fd982e8c585ede2c4dba
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
5447f6b6ef0a1a76bb80b615bb46b1fbd67f60a05dbb8a5a30432bba080a1429
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
55fa35d4287b6076f06fe6c33f5302e04c594549b6fdb2fb67c27a840eb5060d
583eda12fed77c078f7391866e53eedd80aec5b9b178a3537a3c4c3b09575485
5883c97b5d12d166d1489e2f96e38a8c4e70b8eae2d97a6fb743f0b62d31c4c1
5a762079bc40b1cf7de00f77a397f83b5168d21eef19a51845e24fd50b874642
5b4653897fa212130fb903edef7589c0e0e8fd2e7b89140eca46359c1110bf2d
5c3cafd09dcc182446bac9da532a773ef49387b2010cb699fe489e3b3740be65
5c5a77f9800815c3c6e5aeb1b0607d3b77ac7372a9804cd5775e61dc02a1b019
5ce46f553ca45d2ff6acac8e983bc80ad540a9e07c06309e79fddf07c9629f69
5d1f3a4ee5a02abdbc66a11aad769dd81cbe4d07f0b3799ff0940ad7b7d6cc1a
5e2718b4b437edd86140d80891cf912e88267f780c14656e84f27a38b10f48b6
5ee25ab981932f30b684b02dbdf11c1297fec0354b5b2d8e5e78e5ebbace3345
5f0207bbbd69497c7a37284c0b6f9bdcc9f83c574a4cda737e00a390d0ed268f
5fe8339073019358c5929817d72108f77d84e0b7d433c889b721e8c1c67e8c4c
61deae71fd0ad0396d0819d19356b76f37d4d6a6d028bd1d04775ff083c3e147
6298b38f3fff05de65d95e2488175cfe03899c0fdb9708b2cf89d8cb0970a132
62cdccf1ab4b4215586295612a4a2ef96fa490250fa96dbccc565f659cab86ab
62d94d92171945a5b5277736044df5abe5b497ec96541fba2fd64a4642877d36
6334d3fb12d9adaf7c8dbdbbb98e6b38bdf95f53d675011e821802a0b82e6e13
63d41983cb11cb819383ae7d42101f22005b612b02e3cfab3ca39a7208778a2c
6575f0cf2715f805306e1f78104a0658a73caa90a523ff01c7d30f9ee202138d
67ea46bc3d15351067faccb3613bd833dd3f15137a4b4a09f2e873fd41d024d2
685c891724937f7182b419a9f3a9d5d3643a31669377ab6fd208148a83ed61ca
6b8e6866c0bd6940892a862809cb167358a648d5ff08fac8e005a5bfacd8664e
6c44f914035b2e802131430b0eb46eb6fc752e888d108d422fb80b8e8027ad8d
6cf4ddc728ae2116b65b72832d21cdf33961c094ce95ea8a5b676b7d71212f82
6dae544072c4991301930f77bbb9827737cf46282fb38a2862762cc84b39eb76
6edfad1d5d6275fc7ade68ffb1f07d480fdbb39579fa359bc9c7ea1d4649fce9
6fd5607dcbe171b837fe85c863ceaa921f82aa628f30006944cac938286376e6
70009818dd359fa38d706cf06c2906f7ad035c19218cd9eb0d083f19925aaf87
723e501f4e38617a697af2b4047c3185034ed26f1e5577d5f64feb1f46975cc7
747a840bad45aa020a2f68fffa8160bcf1f1af1d9c3f29d650713a7b51320203
77fc7e2cee3f1b71326ab2d9e121017b176205d0c8bbb013dfe7ebfccb2c5cab
78c0f75a6623c51b457ab4c9cb029f9a126ea6e4c91cf7a4ef068f6ab5e4b6f9
7a44e0685d8929b5d4d50476273c9957c8c76f03afc424c665a4066e5bc1beb9
7c30b7faefd4e8fefed030603d324d54adcab250726f3b2baa6d07388ababc2c
82ddb41786c5dbc18c39ba71edf3dff78aa5d8cc8f4ba8da018d5f3cb678e145
8390ca880cb9010395dfcf17e842c4b846fe445a88008317853280d2c198b8fc
83cd4afc0672833e8ac46854de805cda18237894e6d5193111af3e2e866a7a3a
84631de0bca7e12b1b542849e146044afb360af10af6ae4f5d90ec534e017734
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
84f8704bdc07ab2809b5a9dd028ef0c9e0001bd0b21c32fc06c18231069a581e
872ebbe8a094cbe91d4df8aa23ec3d9c364733f37e62b6d8fb3d1bd2c8c56ba9
87e9cb4cbda54b2611883c0963d41adcd7c9d4eda558e452c76991b875eeffad
8acb353b031da51b2508fa3b0f6037cbafb24a10063e30e720869142f4ae1eca
8d3ca80fa271e94b0c36cf3053b0f806b7a42bb3395b424c99dc0bd218f0ac20
8db455f33493a19689b104d3c13901e6c3ddc6dbbff3a96f6c54177c55c643d7
90d5239db1aaa33c8c9c7645a27c5f805e4a1dc614dba32358a213ad1137549c
91d0e4ecb3ea604c246525ebbeeb5bf06f2f9968ce52ceebcbac89a593033f37
932060b34fe451f1cb994f3da257f6d2d0f281e1e286e9f3f0e2da63e862fec6
939b4f5c505097e74e93c3a6a82b69b516bb6d160d449bafb37edb72ab260c1d
93ae7d494fad0fb30cbf3ae746a39c4bc7a0f8bbf87fbb587a3f3c01f3c5ce20
93de9da26817cc716a1e41bb7508dd98825bfb43ca156d26987d963287dd4291
94d7b69fb7e7650f35431ef09583d547ec990997d617cef32357525f7811ed96
966ee1486939f4b7c9815a6ce8dd42420c5859a42efdbbd5b91aff45e0b1cc38
969231fe165a93933d6908d45bfa09c364b66de37160efea47d87d18d7d37bd8
97393a112daec37c07950204785734138594145ebc9a7ca627327e6959571d65
973e6795da37c3922841c161eae4f74ee150fb8e4ce740104b44d4601d0f6278
9790b1e59dc7381d61727e37a3427430c62f5507d85243b96dace08caf43f6e4
9793b7ffe16ab6975ee3b25c407232bae1a6ddebfd6b2c317644f79c5a6d27fe
97f6f81b224c70cf2431f07287d287446129697370b4419a9b82838be0ea0174
98f268d1d377b74fc8884dac14d9a2584d6fa3f34f97e969a9b92af4bc3cca06
999dd215435801026f51fb5847df0b1127bd49541ef7d9aeb8b799a9669d8c56
9a2c51bb4f513905c22e5aa58fd3fefd299c5c6176e3d843e4c46d5a504fe30f
9b05a11101e907dcc74a4f399e1e67ac4d6bf45e11a59748099d1aee86e1989b
9df9512d0f2332b34e43e220b6bdc675dc6b663e72406edde64fd96dc9128e1b
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a315211ce0ff1a546557ea0467ee97aa7d9329a0771bfdcf2611f6a940e44114
a3c5ff7e114ffe32212ee07123f9dc6aa19c09072e44fe64649c9cc747040cab
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a5eab91a9543953d01395510d46a0669f4c6a0d50e2ac5ffec8ac27b616f613e
a5ead9037af4a0e749e217f63b25a25493a7705e17d98f04b336ab1370a353db
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a7bf67883867f93d08cbf4eeac0485e641cb9e5b123e18bef046b7c706cffd28
a81ee9f7aad91808ed8611c7b85abef34084d1717b3ac32314af7f705accaf1b
a87352099e9b3946d71f4f73c69f9217ef99278088a177d5eef09df78c11e4ae
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
abd939286969354845508b802e22a8758e4d0326a15a8db0f8ff5a7039655ea5
af3f252591eb99c9c714c0ec97bc15bccacb1d121f4fb61a97ea942698391322
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b00176dbbd9e4c77629b36fae58d076c8c3b55754e7c2dd3a6e4986e7ec9c37b
b08c9f7a86522551301ca94e21255ee178956b6fa21b5b339012a4b862028584
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b18d61b86715bd86a3e4d8af4564ab2a03bf8b0bc02c0aba56a9fa116fc435cf
b4be89713a4c1c9d3924114991f78514a1889ebc8471656534da0a2e67a3fe82
b4d0b0ad9c7d497814338ccfb16c3ffab79729f3a2f8b1de1148398ce0bfb798
b4f80028ddc6dc380c89927fb2d2d3dd9c580a24f99db9b93e32ce0b607d5c88
b6f6d0902ff385f68ec17c4c059d4fe89a0a08f1c022ab70580ea8552dfc0a11
b96b92f6bdbe9e386407a0f6fd461a40593a4c9d786b2a7fcec8f69049c508ee
b9cf652fa4cfc3b7d5cfcc57fed17d0c4780061e6c643fd03141e94426f26936
ba959ccf71867a76d7e4bc7bba9477b2d979659980edb7808e912964ae8356fe
bc0bf498e9001e3b48b9c62401bd9b1abeabe273ea0daa06a7bcaf28b43f648b
bde8b4a6a7932250743eaed28abd85b5e062ce5c1e1c0d7b3a9cacddc8db3b2c
bfc452d9f3bedeaf767796c812477b5cae148e196f69376ab252e33180cd26e4
c17bdd3155570f35de26a1f74f5d8d38ebd693cb690c8b09f7eab540c4d520f4
c38ffa43053e8a0903c19e4de1077ce958984488012358c67db76c568e3029dd
c3c0d3f472358aac78455515c4800771426770c22698e2486d39fdb5505634e1
c4243f7f5aa95631ca62fab376c3804859e808b66d373d07270872d23b8b081b
c5fbf01dd1c6132ce61b7afbdd9fc0c1bbffa294eb3f35dbce36edda8c9043af
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
c8eca11d2042157cca4452b3e76ec73d8bea575f1b02a196fe64fdc6288d92ab
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c97016870b24d7e538d20e7775074972e95d8d1bba9843968034059cf8e06a47
cbddc59fd95006e6df8dd917bc0f59cbb4f3216ed7a8b5fb735f532de86603c0
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
ce98100c3936bba679df02a3ca94d32a15e6913ae4cec24c35b160a7af0c7b79
cf741964e9f94011b12fba5ee48912ed12c9bc0530448ebb08c0fc69f0c1206b
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d454e6c4da3a0abaa8ffa671f15b8d101073c5e1c1b94af6cba27ec333f3473f
d4d3fc80cdc9e1cf7ef25e1f3615b716575f8dc9f939665bb6d9225c5efe8c1b
d593eab937ae208334c866b7afc56b0703787c857dae8bb562aefbbd3ca15ee6
d717c22b73d39caf59c4d46c23774ac2386bfc80937b90fd09ab56c0f2e7b072
d7d5e54ad1e33d7ab49c664323ced79cb9723ff15e9764cd0edc3e15208e8336
d9db9c26133de44e188ba8efdffc8ada7122550a3023fe6070660f02a1528e3f
dce1dbf98150f2afaefaddc9f7376d3f893ce234844e9848d8ff69e4cc35850d
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5
de2497b0f38f31843985675650d9abc40905fa46ba83aa7ef8e6a14b094c7ca7
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de6c4ffa2bd9fd283610e28d0db2ec48607aab39d213a51aef248673a0a7e980
dfc2535f6e81fe3e03bc7f1585541629734216cdd9c99f99dd8e7c09feb71089
e26b31b609e44e401e93111cd65784f23b93e73320a17ad7c0aa21389c118758
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44b89ad714fb0c6274b63cef72f68a66e32194cefe161f1e75ad7eae962b002
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e5fe677f5b7e72b891cd094fc07280de57be8c282ac46c6640cb898f2fc75d01
e61660c659c426e45bce2937dddb01af6b550502a2904546575c1ec2ba1121dd
e7052ee7e4fa3d19fa953957b23d6cd29b2311739ec0932d6e570577d19f2503
e774d16aae4abd20126ec970c217dab5622004c7587f42708dd1274c8a347403
e89a316ebf1c63ea09e2b7b5889fb55e1ffb326c7b2b172027da0948f5709f6a
ea5b6a0210cfbd83a9bde2a3b9944d77e2c8b041e19c2d7c907d54bdd8f87828
ebf760ddf1da609d8fe7b122b98658ed1323ddce8c386aa71a455cce587514e1
ed10d35454e38914e25e3065e29a312b424941cb16fdcbc232aaa7799025c1db
ede4cae635acd7b2fff35bec7fd7e82e78f02a3f7c0ae6bcad68a02b6b75574a
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
eecda7280d7a8779cb5ff8bf7459b430bf970052106a1c4b186ff2eddd8c82d7
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
eed69e1ad88cb0fee94ff49f9d3ba118ee75d1d42ca07b7874f7fbde426a00e6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef6b116f5d682673f7e8ebbfa0027176ccb482caea43b4077cc34f0748d7bc4b
ef77661c9a82727ffa00dc3d30539b65dac8ee0630cf4e2ffc3c47cc02ff7184
efb3cdc5e4582fd67dffab6fc6e5062074ce3f8c51747346af944e97749dc309
f0db6195e48e8eaa4269aed7b4accd79741ac69c251c9b468fb1114ef63a24c7
f2cd97361029231f60fed13cfcf4b7647194819d1e7510777a42c0757e9614c3
f31b9ff7335d0fa093957a86997fae3fab28387b0eb13336c71fb27da3be99a5
f62d058eed4cc539bd198e74f38867d3e7ec28d1d70123573ea231647a066eab
f6441798447ba251e1090a35dcee01ee8b3e9446325a4c058fabda6090a90a16
f6ec74cbaa77faa5a1b1a3a5f010df29a8a610221148427d0968a5962b5c1e7a
f9da31cabd7ad9f32c9a2c18ce1838a6eaeeca9fbf55995a3e5a2abb2aface6b
fb78178efb17880986453d866dc2c7ff441b2b2426665937e77f2ae214f44713
fbf857f2d8e2082494a42b59bb1f2c8bc8a7ec864d62d5165a024ffc25653054
fc04d1fd608cedf1f0c4735145a15031f77cb7491d6234cec4ee2cd9be74937a
fc0cbaf945a159758b1e56536890cd2d929d45c74f5c1a0b22a66daf3d8c246a
fd27afebefc1df9f840e6c9f09fabda18857d03e89c5245e24d709e7618e3420
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
ffc8cae87ca06c2f9622b6ecf8880d1e25525ee1445724c1fbdb10ae12cc4cc7

www.opovo.com.br Open in urlscan Pro 2606:4700:3037::6815:3403 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

375 Requests

100 %HTTPS

54 %IPv6

45 Domains

70 Subdomains

76 IPs

10 Countries

13226 kBTransfer

20865 kBSize

7 Cookies

42 Outgoing links

Page URL History

Redirected requests

375 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 10 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.opovo.com.br Open in urlscan Pro
2606:4700:3037::6815:3403 Public Scan

Screenshot
Live screenshot

Full Image

375
Requests

100 %
HTTPS

54 %
IPv6

45
Domains

70
Subdomains

76
IPs

10
Countries

13226 kB
Transfer

20865 kB
Size

7
Cookies

375 HTTP transactions
10 data transactions