www.elfinancierocr.com Open in urlscan Pro
2a02:26f0:6c00::210:ba09 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmE...
Effective URL:
https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09...
Submission: On December 10 via api (December 10th 2021, 1:04:12 pm UTC) from US — Scanned from DE

Summary HTTP 364 Redirects Links 22 Behaviour Indicators

Summary

This website contacted 81 IPs in 10 countries across 61 domains to perform 364 HTTP transactions. The main IP is 2a02:26f0:6c00::210:ba09, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.elfinancierocr.com.
TLS certificate: Issued by R3 on November 11th 2021. Valid for: 3 months.

This is the only time www.elfinancierocr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	217.175.192.17 217.175.192.17	199236 (EMARSYS-A...) (EMARSYS-AS Emarsys eMarketing Systems AG)
1 22	2a02:26f0:6c0... 2a02:26f0:6c00::210:ba09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a04:4e42::282 2a04:4e42::282	54113 (FASTLY) (FASTLY)
4	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::15	15169 (GOOGLE) (GOOGLE)
2	2a02:26f0:6c0... 2a02:26f0:6c00:287::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	2606:4700::68... 2606:4700::6812:e234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE)
12	2606:4700::68... 2606:4700::6811:b6b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:6c0... 2a02:26f0:6c00:1bb::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a02:26f0:6c0... 2a02:26f0:6c00:2a7::268b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:2a41	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	147.75.85.120 147.75.85.120	54825 (PACKET) (PACKET)
1	178.63.13.144 178.63.13.144	24940 (HETZNER-AS) (HETZNER-AS)
8	2a00:1450:400... 2a00:1450:4001:82a::200e	15169 (GOOGLE) (GOOGLE)
2	116.202.80.165 116.202.80.165	24940 (HETZNER-AS) (HETZNER-AS)
1	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 9	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:830::2001	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:810::200e	15169 (GOOGLE) (GOOGLE)
2	2600:9000:205... 2600:9000:2057:4200:18:1fcd:34f:cdc1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	3.129.250.65 3.129.250.65	16509 (AMAZON-02) (AMAZON-02)
1	52.2.53.191 52.2.53.191	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42::714 2a04:4e42::714	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:400c:c06::9a	15169 (GOOGLE) (GOOGLE)
4	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:808::2003	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 5	2a00:1450:400... 2a00:1450:4001:801::2004	15169 (GOOGLE) (GOOGLE)
6	151.139.128.11 151.139.128.11	20446 (HIGHWINDS3) (HIGHWINDS3)
2 2	66.155.71.150 66.155.71.150	13768 (COGECO-PEER1) (COGECO-PEER1)
3	3.122.131.186 3.122.131.186	16509 (AMAZON-02) (AMAZON-02)
5 5	18.185.209.98 18.185.209.98	16509 (AMAZON-02) (AMAZON-02)
1 2	2a05:d018:d29... 2a05:d018:d29:3605:7ea4:f1cc:2176:cd9d	16509 (AMAZON-02) (AMAZON-02)
2	99.83.189.147 99.83.189.147	16509 (AMAZON-02) (AMAZON-02)
9	2.18.234.233 2.18.234.233	16625 (AKAMAI-AS) (AKAMAI-AS)
4	146.20.132.82 146.20.132.82	27357 (RACKSPACE) (RACKSPACE)
15	146.20.128.168 146.20.128.168	27357 (RACKSPACE) (RACKSPACE)
4 4	2001:678:cb4:... 2001:678:cb4:bbbb::11	56396 (AMOBEE) (AMOBEE)
7	2a00:1450:400... 2a00:1450:4001:801::200e	15169 (GOOGLE) (GOOGLE)
23	2a00:1450:400... 2a00:1450:4001:82f::2002	15169 (GOOGLE) (GOOGLE)
34	2a00:1450:400... 2a00:1450:4001:808::2001	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:808::2002	15169 (GOOGLE) (GOOGLE)
16	146.20.128.41 146.20.128.41	27357 (RACKSPACE) (RACKSPACE)
11 13	142.250.185.194 142.250.185.194	15169 (GOOGLE) (GOOGLE)
4 8	2.18.234.21 2.18.234.21	16625 (AKAMAI-AS) (AKAMAI-AS)
5 8	185.33.220.242 185.33.220.242	29990 (ASN-APPNEX) (ASN-APPNEX)
25	2a00:1450:400... 2a00:1450:4001:830::2006	15169 (GOOGLE) (GOOGLE)
5	142.250.186.66 142.250.186.66	15169 (GOOGLE) (GOOGLE)
2	37.157.6.252 37.157.6.252	198622 (ADFORM) (ADFORM)
2	2600:1f18:612... 2600:1f18:612b:4232:853f:4ce7:6a68:6291	14618 (AMAZON-AES) (AMAZON-AES)
1	185.94.180.123 185.94.180.123	35220 (SPOTX-AMS) (SPOTX-AMS)
12	2.18.233.180 2.18.233.180	16625 (AKAMAI-AS) (AKAMAI-AS)
2	3.66.59.71 3.66.59.71	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:206... 2600:9000:206f:e00:15:6f6c:b180:93a1	16509 (AMAZON-02) (AMAZON-02)
2	198.47.127.19 198.47.127.19	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 4	37.157.3.30 37.157.3.30	198622 (ADFORM) (ADFORM)
2 2	213.155.156.180 213.155.156.180	1299 (TWELVE99 ...) (TWELVE99 Twelve99)
2 6	185.64.189.110 185.64.189.110	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	178.250.0.163 178.250.0.163	44788 (ASN-CRITE...) (ASN-CRITEO-EUROPE)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
4 10	185.64.190.80 185.64.190.80	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 2	185.29.132.241 185.29.132.241	30419 (MEDIAMATH...) (MEDIAMATH-INC)
3	185.64.190.81 185.64.190.81	62713 (AS-PUBMATIC) (AS-PUBMATIC)
3 3	51.210.112.63 51.210.112.63	16276 (OVH) (OVH)
2 2	63.35.242.195 63.35.242.195	16509 (AMAZON-02) (AMAZON-02)
5 5	3.33.220.150 3.33.220.150	16509 (AMAZON-02) (AMAZON-02)
1 2	2606:4700:10:... 2606:4700:10::6816:1857	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	169.50.137.184 169.50.137.184	36351 (SOFTLAYER) (SOFTLAYER)
1	185.64.190.75 185.64.190.75	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	74.125.133.157 74.125.133.157	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4009:81b::2003	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:830::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400e:1::6	15169 (GOOGLE) (GOOGLE)
4	172.217.16.130 172.217.16.130	15169 (GOOGLE) (GOOGLE)
18	52.17.7.190 52.17.7.190	16509 (AMAZON-02) (AMAZON-02)
3	3.20.211.8 3.20.211.8	16509 (AMAZON-02) (AMAZON-02)
6 7	198.47.127.18 198.47.127.18	3257 (GTT-BACKB...) (GTT-BACKBONE GTT)
1 1	2620:116:800d... 2620:116:800d:21:3175:5196:e3fd:8c1d	16509 (AMAZON-02) (AMAZON-02)
1 1	3.126.56.137 3.126.56.137	16509 (AMAZON-02) (AMAZON-02)
1 1	80.82.217.91 80.82.217.91	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
2 3	85.90.244.253 85.90.244.253	63949 (LINODE-AP...) (LINODE-AP Linode)
1 1	139.162.141.41 139.162.141.41	63949 (LINODE-AP...) (LINODE-AP Linode)
1	198.47.127.20 198.47.127.20	62713 (AS-PUBMATIC) (AS-PUBMATIC)
2 4	13.35.253.71 13.35.253.71	16509 (AMAZON-02) (AMAZON-02)
1	151.101.194.49 151.101.194.49	() ()
3 3	213.19.147.44 213.19.147.44	() ()
1 1	3.228.133.61 3.228.133.61	() ()
1 1	146.0.227.110 146.0.227.110	() ()
2	52.208.210.171 52.208.210.171	() ()
1 1	34.102.253.54 34.102.253.54	() ()
1 1	185.33.221.89 185.33.221.89	() ()
1	2a02:fa8:8806... 2a02:fa8:8806:13::1400	() ()
1 1	178.62.202.251 178.62.202.251	() ()
364	81

1 217.175.192.17 (Austria)

ASN199236 (EMARSYS-AS Emarsys eMarketing Systems AG, AT)

links.elfinancierocr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2a02:26f0:6c00::210:ba09 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.elfinancierocr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::282 (United States)

ASN54113 (FASTLY, US)

polyfill.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::15 (United States)

ASN15169 (GOOGLE, US)

gtm.nacion.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:6c00:287::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
684dd32a.akstat.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6812:e234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
img.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6811:b6b1 (United States)

ASN13335 (CLOUDFLARENET, US)

api.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buy.tinypass.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:1bb::11a6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:26f0:6c00:2a7::268b (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

scdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 172.217.18.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:2a41 (United States)

ASN13335 (CLOUDFLARENET, US)

c2.piano.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.85.120 (Schiphol, Netherlands)

ASN54825 (PACKET, US)

api.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.63.13.144 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: de717.cxense.com

p1cluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

news.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 116.202.80.165 (Osterhofen, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.165.80.202.116.clients.your-server.de

comcluster.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
id.cxense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:830::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:4200:18:1fcd:34f:cdc1 (United States)

ASN16509 (AMAZON-02, US)

static.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.129.250.65 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-250-65.us-east-2.compute.amazonaws.com

ads.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.2.53.191 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-2-53-191.compute-1.amazonaws.com

ping.chartbeat.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42::714 (United States)

ASN54113 (FASTLY, US)

mab.chartbeat.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c06::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:801::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.139.128.11 (United States)

ASN20446 (HIGHWINDS3, US)

ad.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 66.155.71.150 (Portsmouth, United Kingdom) 2 redirects

ASN13768 (COGECO-PEER1, CA)

pixel-sync.sitescout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.122.131.186 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-122-131-186.eu-central-1.compute.amazonaws.com

a.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 18.185.209.98 (Frankfurt am Main, Germany) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-18-185-209-98.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:d018:d29:3605:7ea4:f1cc:2176:cd9d (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 99.83.189.147 (United States)

ASN16509 (AMAZON-02, US)
PTR: ae6a0aaac8071ff4b.awsglobalaccelerator.com

stg.vidoomy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2.18.234.233 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-233.deploy.static.akamaitechnologies.com

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.20.132.82 (United States)

ASN27357 (RACKSPACE, US)

v.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 146.20.128.168 (United States)

ASN27357 (RACKSPACE, US)

cs.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:678:cb4:bbbb::11 (United Kingdom) 4 redirects

ASN56396 (AMOBEE, GB)

ad.turn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:801::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

play.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 2a00:1450:4001:82f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 2a00:1450:4001:808::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 146.20.128.41 (United States)

ASN27357 (RACKSPACE, US)

t.lkqd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 142.250.185.194 (United States) 11 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2.18.234.21 (Frankfurt am Main, Germany) 4 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-234-21.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.33.220.242 (Amsterdam, Netherlands) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a00:1450:4001:830::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.186.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.157.6.252 (Denmark)

ASN198622 (ADFORM, DK)
PTR: s1.adform.net

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1f18:612b:4232:853f:4ce7:6a68:6291 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

4cywq-eqnre.ads.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.94.180.123 (Amsterdam, Netherlands)

ASN35220 (SPOTX-AMS, US)

search.spotxchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2.18.233.180 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a2-18-233-180.deploy.static.akamaitechnologies.com

vpaid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ads.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
aktrack.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.66.59.71 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-66-59-71.eu-central-1.compute.amazonaws.com

ads.adaptv.advertising.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:206f:e00:15:6f6c:b180:93a1 (United States)

ASN16509 (AMAZON-02, US)

vpaid.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 198.47.127.19 (United States)

ASN62713 (AS-PUBMATIC, US)

image6.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 37.157.3.30 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.180 (Uppsala, Sweden) 2 redirects

ASN1299 (TWELVE99 Twelve99, Telia Carrier, SE)
PTR: 213-155-156-180.teliacarrier-cust.com

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 185.64.189.110 (United Kingdom) 2 redirects

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.250.0.163 (France)

ASN44788 (ASN-CRITEO-EUROPE, FR)

dis.criteo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 185.64.190.80 (United Kingdom) 4 redirects

ASN62713 (AS-PUBMATIC, US)

simage2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.29.132.241 (United Kingdom) 2 redirects

ASN30419 (MEDIAMATH-INC, US)

sync.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 185.64.190.81 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

image4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.210.112.63 (France) 3 redirects

ASN16276 (OVH, FR)
PTR: pikafka-3.cloudy.ovh

pixel.onaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.35.242.195 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-63-35-242-195.eu-west-1.compute.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 3.33.220.150 (United States) 5 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:1857 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

spl.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
mwzeom.zeotap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 169.50.137.184 (United States)

ASN36351 (SOFTLAYER, US)
PTR: b8.89.32a9.ip4.static.sl-reverse.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.64.190.75 (United Kingdom)

ASN62713 (AS-PUBMATIC, US)

vid.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.125.133.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f157.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4009:81b::2003 (United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:830::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400e:1::6 (Ireland)

ASN15169 (GOOGLE, US)

r1---sn-5hnekn7d.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.130 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f130.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

18 52.17.7.190 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com

s.update.rose.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 3.20.211.8 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-20-211-8.us-east-2.compute.amazonaws.com

vid-io-cle.springserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 198.47.127.18 (United States) 6 redirects

ASN3257 (GTT-BACKBONE GTT, US)

image8.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:3175:5196:e3fd:8c1d (United States) 1 redirects

ASN16509 (AMAZON-02, US)

pixel.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.126.56.137 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-126-56-137.eu-central-1.compute.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 80.82.217.91 (Krefeld, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)

ads.smartstream.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 85.90.244.253 (Frankfurt am Main, Germany) 2 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: li1427-253.members.linode.com

cm.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.162.141.41 (Frankfurt am Main, Germany) 1 redirects

ASN63949 (LINODE-AP Linode, LLC, US)
PTR: tags1.adsafety.net

tags.adsafety.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 198.47.127.20 (United States)

ASN62713 (AS-PUBMATIC, US)

simage4.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 13.35.253.71 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-35-253-71.fra6.r.cloudfront.net

sb.scorecardresearch.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.49 (None, )

ASN- ()

sync-tm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 213.19.147.44 (None, ) 3 redirects

ASN- ()

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.228.133.61 (None, ) 1 redirects

ASN- ()

sync.srv.stackadapt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.0.227.110 (None, ) 1 redirects

ASN- ()

inv-nets.admixer.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.210.171 (None, )

ASN- ()

rtb.gumgum.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.253.54 (None, ) 1 redirects

ASN- ()

ads.playground.xyz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.33.221.89 (None, ) 1 redirects

ASN- ()

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:fa8:8806:13::1400 (None, )

ASN- ()

pubmatic-match.dotomi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.62.202.251 (None, ) 1 redirects

ASN- ()

match.adsby.bidtheatre.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
65	googlesyndication.com 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com pagead2.googlesyndication.com tpc.googlesyndication.com ade.googlesyndication.com	353 KB
60	pubmatic.com 12 redirects vpaid.pubmatic.com ads.pubmatic.com image6.pubmatic.com image2.pubmatic.com simage2.pubmatic.com image4.pubmatic.com vid.pubmatic.com s.update.rose.pubmatic.com aktrack.pubmatic.com image8.pubmatic.com simage4.pubmatic.com	194 KB
41	lkqd.net ad.lkqd.net v.lkqd.net cs.lkqd.net t.lkqd.net	154 KB
33	doubleclick.net 12 redirects securepubads.g.doubleclick.net stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net googleads4.g.doubleclick.net bid.g.doubleclick.net	266 KB
27	2mdn.net 1 redirects s0.2mdn.net gcdn.2mdn.net r1---sn-5hnekn7d.c.2mdn.net	1 MB
23	google.com 1 redirects news.google.com adservice.google.com analytics.google.com www.google.com play.google.com	68 KB
23	elfinancierocr.com 1 redirects links.elfinancierocr.com www.elfinancierocr.com	580 KB
15	gstatic.com fonts.gstatic.com www.gstatic.com csi.gstatic.com	256 KB
12	tinypass.com api.tinypass.com cdn.tinypass.com buy.tinypass.com	359 KB
9	adnxs.com 6 redirects ib.adnxs.com secure.adnxs.com	8 KB
9	stickyadstv.com ads.stickyadstv.com	11 KB
9	cxense.com scdn.cxense.com api.cxense.com cdn.cxense.com p1cluster.cxense.com comcluster.cxense.com id.cxense.com	93 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com	7 KB
7	googleapis.com fonts.googleapis.com imasdk.googleapis.com	338 KB
6	adform.net 3 redirects adx.adform.net c1.adform.net	3 KB
6	vidoomy.com ads.vidoomy.com a.vidoomy.com stg.vidoomy.com	7 KB
6	onesignal.com cdn.onesignal.com onesignal.com img.onesignal.com	88 KB
5	adsrvr.org 5 redirects match.adsrvr.org	2 KB
5	bidswitch.net 5 redirects x.bidswitch.net	3 KB
4	scorecardresearch.com 2 redirects sb.scorecardresearch.com	2 KB
4	adsafety.net 3 redirects cm.adsafety.net tags.adsafety.net	7 KB
4	springserve.com vpaid.springserve.com vid-io-cle.springserve.com	88 KB
4	turn.com 4 redirects ad.turn.com	2 KB
3	onaudience.com 3 redirects pixel.onaudience.com	1 KB
3	googletagservices.com www.googletagservices.com	110 KB
3	yahoo.com 2 redirects pr-bh.ybp.yahoo.com ups.analytics.yahoo.com	2 KB
3	chartbeat.com static.chartbeat.com mab.chartbeat.com	24 KB
3	google-analytics.com www.google-analytics.com	20 KB
3	google.de adservice.google.de www.google.de	1 KB
2	gumgum.com rtb.gumgum.com	475 B
2	1rx.io 2 redirects sync.1rx.io	1 KB
2	zeotap.com 1 redirects spl.zeotap.com mwzeom.zeotap.com	896 B
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1 KB
2	mathtag.com 2 redirects sync.mathtag.com	1 KB
2	de17a.com 2 redirects d5p.de17a.com	637 B
2	advertising.com ads.adaptv.advertising.com	775 B
2	tremorhub.com 4cywq-eqnre.ads.tremorhub.com	941 B
2	sitescout.com 2 redirects pixel-sync.sitescout.com	600 B
2	facebook.com www.facebook.com	313 B
2	facebook.net connect.facebook.net	113 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	52 KB
1	bidtheatre.com 1 redirects match.adsby.bidtheatre.com	534 B
1	dotomi.com pubmatic-match.dotomi.com	104 B
1	playground.xyz 1 redirects ads.playground.xyz	469 B
1	admixer.net 1 redirects inv-nets.admixer.net	584 B
1	stackadapt.com 1 redirects sync.srv.stackadapt.com	653 B
1	unrulymedia.com 1 redirects sync.targeting.unrulymedia.com	535 B
1	everesttech.net sync-tm.everesttech.net	177 B
1	smartstream.tv 1 redirects ads.smartstream.tv	823 B
1	quantserve.com 1 redirects pixel.quantserve.com	542 B
1	simpli.fi um.simpli.fi	616 B
1	adition.com 1 redirects dsp.adfarm1.adition.com	501 B
1	criteo.com dis.criteo.com	335 B
1	akstat.io 684dd32a.akstat.io	207 B
1	spotxchange.com search.spotxchange.com	1 KB
1	chartbeat.net ping.chartbeat.net	201 B
1	googletagmanager.com www.googletagmanager.com	61 KB
1	piano.io c2.piano.io	3 KB
1	nacion.com gtm.nacion.com	59 KB
1	polyfill.io polyfill.io	587 B
0	smartadserver.com Failed rtb-csync.smartadserver.com Failed
364	61

	Domain	Requested by
34	tpc.googlesyndication.com	2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com links.elfinancierocr.com tpc.googlesyndication.com securepubads.g.doubleclick.net s0.2mdn.net imasdk.googleapis.com
25	s0.2mdn.net	tpc.googlesyndication.com links.elfinancierocr.com s0.2mdn.net imasdk.googleapis.com
23	pagead2.googlesyndication.com	2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com googleads.g.doubleclick.net tpc.googlesyndication.com securepubads.g.doubleclick.net s0.2mdn.net www.googletagservices.com imasdk.googleapis.com srcdoc
22	www.elfinancierocr.com	1 redirects www.elfinancierocr.com
18	s.update.rose.pubmatic.com	vpaid.pubmatic.com s.update.rose.pubmatic.com
16	t.lkqd.net	ad.lkqd.net
15	cs.lkqd.net	ad.lkqd.net
13	cm.g.doubleclick.net	11 redirects googleads.g.doubleclick.net
10	simage2.pubmatic.com	4 redirects ads.pubmatic.com
10	buy.tinypass.com	cdn.tinypass.com buy.tinypass.com
9	ads.stickyadstv.com	www.elfinancierocr.com ad.lkqd.net
8	ib.adnxs.com	5 redirects googleads.g.doubleclick.net vpaid.springserve.com
8	dsum-sec.casalemedia.com	4 redirects googleads.g.doubleclick.net
8	news.google.com	cdn.tinypass.com news.google.com links.elfinancierocr.com www.gstatic.com
8	fonts.gstatic.com	fonts.googleapis.com news.google.com
7	image8.pubmatic.com	6 redirects
7	googleads.g.doubleclick.net	1 redirects 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com links.elfinancierocr.com
7	play.google.com	www.gstatic.com
6	image2.pubmatic.com	2 redirects ads.pubmatic.com
6	ad.lkqd.net	links.elfinancierocr.com ad.lkqd.net
5	match.adsrvr.org	5 redirects
5	vpaid.pubmatic.com	ad.lkqd.net vpaid.springserve.com blank
5	googleads4.g.doubleclick.net	links.elfinancierocr.com
5	x.bidswitch.net	5 redirects
5	www.google.com	1 redirects www.elfinancierocr.com 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com tpc.googlesyndication.com
5	securepubads.g.doubleclick.net	www.elfinancierocr.com securepubads.g.doubleclick.net links.elfinancierocr.com
4	sb.scorecardresearch.com	2 redirects
4	ade.googlesyndication.com
4	c1.adform.net	3 redirects ads.pubmatic.com
4	ads.pubmatic.com	vpaid.pubmatic.com ads.pubmatic.com
4	ad.turn.com	4 redirects
4	v.lkqd.net	ad.lkqd.net
4	www.gstatic.com	news.google.com www.gstatic.com
4	2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
4	cdn.cxense.com	scdn.cxense.com cdn.cxense.com links.elfinancierocr.com
4	fonts.googleapis.com	www.elfinancierocr.com buy.tinypass.com tpc.googlesyndication.com s0.2mdn.net
3	cm.adsafety.net	2 redirects
3	aktrack.pubmatic.com
3	vid-io-cle.springserve.com	vpaid.springserve.com
3	csi.gstatic.com	imasdk.googleapis.com
3	imasdk.googleapis.com	vpaid.pubmatic.com imasdk.googleapis.com
3	pixel.onaudience.com	3 redirects
3	image4.pubmatic.com	ads.pubmatic.com
3	www.googletagservices.com	2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
3	a.vidoomy.com	links.elfinancierocr.com www.elfinancierocr.com ad.lkqd.net
3	www.google-analytics.com	gtm.nacion.com www.elfinancierocr.com
3	onesignal.com	cdn.onesignal.com
2	rtb.gumgum.com
2	sync.1rx.io	2 redirects
2	sync.crwdcntrl.net	2 redirects
2	sync.mathtag.com	2 redirects
2	d5p.de17a.com	2 redirects
2	image6.pubmatic.com	ads.pubmatic.com
2	ads.adaptv.advertising.com	ad.lkqd.net vpaid.springserve.com
2	4cywq-eqnre.ads.tremorhub.com	ad.lkqd.net
2	adx.adform.net	ad.lkqd.net
2	stg.vidoomy.com	www.elfinancierocr.com
2	pr-bh.ybp.yahoo.com	1 redirects
2	pixel-sync.sitescout.com	2 redirects
2	www.facebook.com	www.elfinancierocr.com
2	www.google.de	www.elfinancierocr.com
2	stats.g.doubleclick.net	www.google-analytics.com www.googletagmanager.com
2	connect.facebook.net	links.elfinancierocr.com connect.facebook.net
2	static.chartbeat.com	gtm.nacion.com links.elfinancierocr.com
2	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
2	cdn.onesignal.com	www.elfinancierocr.com cdn.onesignal.com
1	match.adsby.bidtheatre.com	1 redirects
1	pubmatic-match.dotomi.com
1	secure.adnxs.com	1 redirects
1	ads.playground.xyz	1 redirects
1	inv-nets.admixer.net	1 redirects
1	sync.srv.stackadapt.com	1 redirects
1	sync.targeting.unrulymedia.com	1 redirects
1	sync-tm.everesttech.net	ads.pubmatic.com
1	img.onesignal.com
1	simage4.pubmatic.com	ads.pubmatic.com
1	tags.adsafety.net	1 redirects
1	ads.smartstream.tv	1 redirects
1	ups.analytics.yahoo.com	1 redirects
1	pixel.quantserve.com	1 redirects
1	r1---sn-5hnekn7d.c.2mdn.net
1	gcdn.2mdn.net	1 redirects
1	bid.g.doubleclick.net	vpaid.pubmatic.com
1	vid.pubmatic.com	vpaid.pubmatic.com
1	um.simpli.fi	ads.pubmatic.com
1	mwzeom.zeotap.com	ads.pubmatic.com
1	spl.zeotap.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	dis.criteo.com	ads.pubmatic.com
1	vpaid.springserve.com	ad.lkqd.net
1	684dd32a.akstat.io	s.go-mpulse.net
1	search.spotxchange.com	ad.lkqd.net
1	analytics.google.com	www.googletagmanager.com
1	mab.chartbeat.com	static.chartbeat.com
1	ping.chartbeat.net	www.elfinancierocr.com
1	ads.vidoomy.com	gtm.nacion.com
1	www.googletagmanager.com	gtm.nacion.com
1	adservice.google.de	securepubads.g.doubleclick.net
1	id.cxense.com	scdn.cxense.com
1	comcluster.cxense.com	cdn.cxense.com
1	p1cluster.cxense.com	cdn.cxense.com
1	api.cxense.com	scdn.cxense.com
1	c2.piano.io	cdn.tinypass.com
1	scdn.cxense.com	www.elfinancierocr.com
1	c.go-mpulse.net	s.go-mpulse.net
1	cdn.tinypass.com	api.tinypass.com
1	api.tinypass.com	www.elfinancierocr.com
1	s.go-mpulse.net	www.elfinancierocr.com
1	gtm.nacion.com	www.elfinancierocr.com
1	polyfill.io	www.elfinancierocr.com
1	links.elfinancierocr.com
0	rtb-csync.smartadserver.com Failed	ads.pubmatic.com
364	112

This site contains links to these domains. Also see Links.

Domain
lanacioncostarica.pressreader.com
www.facebook.com
twitter.com
www.nacion.com
www.lateja.cr
sso.gruponacion.biz
www.yuplon.com
www.parqueviva.com
www.elempleo.com
printea.com
www.fussio.com
gncomercial.com

Subject Issuer	Validity	Valid
links.elfinancierocr.com R3	`2021-11-24` - `2022-02-22`	3 months	crt.sh
gruponacion.web.arc-cdn.net R3	`2021-11-11` - `2022-02-09`	3 months	crt.sh
polyfill.io GlobalSign Atlas R3 DV TLS CA 2020	`2021-06-04` - `2022-07-06`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
gtm.nacion.com GTS CA 1D4	`2021-11-11` - `2022-02-09`	3 months	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2021-06-08` - `2022-06-13`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-07-04` - `2022-07-03`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.piano.io Sectigo RSA Domain Validation Secure Server CA	`2021-08-19` - `2022-09-18`	a year	crt.sh
*.cxense.com DigiCert SHA2 Secure Server CA	`2021-05-21` - `2022-05-26`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.news.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.chartbeat.com Thawte RSA CA 2018	`2021-05-20` - `2022-06-03`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-09-18` - `2021-12-17`	3 months	crt.sh
*.vidoomy.com Sectigo RSA Domain Validation Secure Server CA	`2021-08-06` - `2022-09-05`	a year	crt.sh
*.chartbeat.net Thawte RSA CA 2018	`2021-12-01` - `2022-12-30`	a year	crt.sh
www.google.de GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
www.google.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
ad.lkqd.net R3	`2021-12-02` - `2022-03-02`	3 months	crt.sh
ads.stickyadstv.com DigiCert SHA2 Secure Server CA	`2021-09-19` - `2022-09-20`	a year	crt.sh
*.lkqd.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-09` - `2022-07-14`	a year	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2021-11-08` - `2022-01-31`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2021-09-06` - `2022-10-07`	a year	crt.sh
*.tremorhub.com Amazon	`2021-06-27` - `2022-07-26`	a year	crt.sh
*.spotxchange.com GeoTrust RSA CA 2018	`2021-03-10` - `2022-03-29`	a year	crt.sh
*.pubmatic.com DigiCert SHA2 Secure Server CA	`2021-03-30` - `2022-04-04`	a year	crt.sh
*.v.ssp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-10-19` - `2022-04-13`	6 months	crt.sh
*.springserve.com Amazon	`2021-04-30` - `2022-05-29`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2021-03-05` - `2022-02-19`	a year	crt.sh
*.criteo.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2021-12-01` - `2022-02-26`	3 months	crt.sh
*.simpli.fi DigiCert TLS RSA SHA256 2020 CA1	`2021-10-27` - `2022-11-27`	a year	crt.sh
update.rose.pubmatic.com R3	`2021-12-04` - `2022-03-04`	3 months	crt.sh
*.everesttech.net GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.ybp.yahoo.com DigiCert SHA2 High Assurance Server CA	`2021-08-24` - `2022-02-16`	6 months	crt.sh
*.dotomi.com GlobalSign RSA OV SSL CA 2018	`2021-08-10` - `2022-09-11`	a year	crt.sh

This page contains 47 frames:

Primary Page: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Frame ID: 68E33241097B6476F08877B725DB3E8E
Requests: 103 HTTP requests in this frame

Frame: https://cdn.cxense.com/sp1.html
Frame ID: 6C0BC0142E602A1BF1307F5EE51FC725
Requests: 4 HTTP requests in this frame

Frame: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
Frame ID: 1FA2010AD609F6DFA53720710D87B031
Requests: 12 HTTP requests in this frame

Frame: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 130C661B622FEF57CBCFAA526C834392
Requests: 1 HTTP requests in this frame

Frame: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455317
Frame ID: DC855868A1807B3130EA2B8E6938764B
Requests: 13 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/formats.js
Frame ID: 2CEEEA0636564D88145CB853B0626E12
Requests: 2 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/formats.js
Frame ID: 9590D294B8233B10E1AC68001F4B3656
Requests: 2 HTTP requests in this frame

Frame: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Frame ID: 0F7F504247244AB0B88177A48FCDBE65
Requests: 1 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 32793E438490E1F3D734F88CF59BFD01
Requests: 6 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 7220DB79CAC5A3CCE345A290049815CD
Requests: 6 HTTP requests in this frame

Frame: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: E277F2250D3DB305BC871EF9576378D5
Requests: 15 HTTP requests in this frame

Frame: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 617F55150D4509B857BA63A8A2337852
Requests: 14 HTTP requests in this frame

Frame: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 9D33CC77D6BA3210AA91D7C79F758D56
Requests: 8 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaxpgEQuKirARjpx6y6ATAB&v=APEucNXzabfQ_gXdu3NPFJnbbzCScuuZiscU4hzfmkDoQyKGSUq1nonjRdIT--Y-181dznC3JFufYKO-d8omXDIpGpoai_wBXQaQidDZ-PBqiLPB2hk-SycVTlRlUGOMmdBhExqkiK6N-cYT4Gb8N-T6UOeUK7NW0eVnf51Ppozit0gcEvlwHQU
Frame ID: 637609B1CC1E43CB0400DCE45E5219BA
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQoYD6ARjX7MmhATAB&v=APEucNX9KoXoIaXGMshUhpF4k8ngpziEoCrtXV5teu9XD_5ZiXu0E42w3bP5I3DJeIfTLQpl1ZVl7fZ-X1dRkTuqPdzNMfrc0Fq-L3Q-fVHG6PEMJPBEUpNK75SAjjefcqaQO6sYorcU2wdxluA9PTKoEyhwdltHzomCeLSb8K6fqc7ZdwRArhA
Frame ID: E3B93C2D9661908A2E3A0F6F1ED21901
Requests: 5 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html
Frame ID: E4EEE2D0C89BC769422F80C18C169370
Requests: 22 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: 84369CECBCF07B1A79105FCEBB1CC534
Requests: 1 HTTP requests in this frame

Frame: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Frame ID: 2B9D83C531DE2F696532232373D04A65
Requests: 6 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: B338A19DD18B541FC70FCED4B05B14AF
Requests: 1 HTTP requests in this frame

Frame: https://ad.lkqd.net/cookie-sync/usync.html
Frame ID: 04D0AA33410C61AEAB1A1148A8322ABC
Requests: 6 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
Frame ID: 834CDE0A79F6A5DDDC3F1D6D4F6BE9EE
Requests: 2 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: 2313C45A25C22B6D501D607C7DA91A0C
Requests: 6 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 6B36960F240FDC66017FEF62FF73AF54
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 46634BBCF5FA0C99016160124B38D5BE
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
Frame ID: DD08DCFF49AA59B7CC4C1B3D75EA4715
Requests: 15 HTTP requests in this frame

Frame: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
Frame ID: D47F880BA3D9094C7EB2D2FF7D2973B7
Requests: 8 HTTP requests in this frame

Frame: https://t.lkqd.net/t
Frame ID: 7263E714A15885C00FD5C7A740BC51C2
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: ECCFB6296241EE24E2C69F64149D36E3
Requests: 2 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 36A4452E9FA9D1213AAA1ABDA4EE2041
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js
Frame ID: 8DEEFFFC37EE90F048973D4AACE7A42D
Requests: 1 HTTP requests in this frame

Frame: https://vpaid.springserve.com/production/vpaid_25214542.js
Frame ID: A4A5CDE07A18B805D97A1956925A106F
Requests: 6 HTTP requests in this frame

Frame: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Frame ID: 0F2A7553406E4275E61A6850426A81CC
Requests: 29 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: 89B49A85C66AC82135442A6C24EB59E2
Requests: 13 HTTP requests in this frame

Frame: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557
Frame ID: 3C3A64A1F8249870D6B179301C7EDFF6
Requests: 1 HTTP requests in this frame

Frame: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6201097776656751456
Frame ID: D8A414CB69178DE06B33A508D0DC4FF3
Requests: 1 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Frame ID: A0D370D16B4D020DBB54B07DD9708F32
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040058908427090063
Frame ID: 731496C5C1A00E232897DB0DA1F70C2C
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/showad.js
Frame ID: A747539687D10A04099B16FB24F74F06
Requests: 8 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js
Frame ID: 1D299564895C47EBEA307FC3B58B38DD
Requests: 6 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.491.0_en.html
Frame ID: D0D587E0232251D3AA3D03BAE98B3E71
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: 97110B403DE2EA281C05F95EA8050049
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 4444B9C139863572B4714EA62B927E49
Requests: 3 HTTP requests in this frame

Frame: data://truncated
Frame ID: 54C0E4C4006E33000476D18587DF1238
Requests: 1 HTTP requests in this frame

Frame: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Frame ID: 8A438EB3B340B7109446A790B6283CA2
Requests: 1 HTTP requests in this frame

Frame: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFnBk7DZqEAADsxMjamEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID
Frame ID: 15F4F5634ACDB70F02657BE26E0346CC
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0ffe19a1-9819-4799-b038-740962339c79-003
Frame ID: 1287FCCAC6E2AC8AC478F588F09EB18F
Requests: 1 HTTP requests in this frame

Frame: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=UYceiszMT3pEZypcw2GbQbnVm6I
Frame ID: 902A525DB6AB5AB66A219E7F6BB5EAC6
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Negocios | El Financiero

Page URL History Show full URLs

https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzM... Page URL
https://www.elfinancierocr.com/negocios?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Ve... HTTP 301
https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+V... Page URL

Page Statistics

364
Requests

91 %
HTTPS

42 %
IPv6

61
Domains

112
Subdomains

81
IPs

10
Countries

4772 kB
Transfer

12147 kB
Size

103
Cookies

22 Outgoing links

These are links going to different origins than the main page.

URL: https://lanacioncostarica.pressreader.com/
Title: Edición Impresa(Se abre en una nueva ventana)

Search URL Search Domain Scan URL

URL: https://www.facebook.com/elfinancierocr

Search URL Search Domain Scan URL

URL: https://twitter.com/elfinancierocr

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gruponacion/
Title: Grupo Nación(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.lateja.cr/
Title: La Teja(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/revista-perfil/
Title: Revista Perfil(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/sabores/
Title: Sabores(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/apps/landing/index.html
Title: Aplicaciones(Opens in new window)

Search URL Search Domain Scan URL

URL: https://sso.gruponacion.biz/public/newsletter.html
Title: Boletines(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/todobusco/
Title: Todo Busco(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.yuplon.com/
Title: Yuplón(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.parqueviva.com/
Title: Parque Viva(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.elempleo.com/cr/ofertas-empleo/
Title: El Empleo(Opens in new window)

Search URL Search Domain Scan URL

URL: https://printea.com/es/
Title: Printea(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.fussio.com/
Title: Fussio(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/privacidad.html
Title: Políticas de privacidad(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/condiciones.html
Title: Condiciones de uso(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/estados-financieros.html
Title: Estados financieros(Opens in new window)

Search URL Search Domain Scan URL

URL: http://gncomercial.com/reglamentos/
Title: Reglamentos(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/contacto.html
Title: Contáctenos(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/especiales/gruponacion/centro_de_ayuda.html
Title: Centro de ayuda(Opens in new window)

Search URL Search Domain Scan URL

URL: https://www.nacion.com/gnfactory/comercial/2021/TARIFARIO_2021.pdf
Title: Anúnciese(Opens in new window)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839 Page URL
https://www.elfinancierocr.com/negocios?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02 HTTP 301
https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 94

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

Request Chain 95

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=981339846.97800721762847185.7560908 HTTP 302
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=981339846.97800721762847185.7560908 HTTP 302
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=vidoomy&ssp_user_id=5a4c075d-d4fb-4523-bf42-ad719d4e9937 HTTP 302
https://x.bidswitch.net/sync?dsp_id=74&&user_id=171315491&expires=5&ssp=vidoomy HTTP 302
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=5a4c075d-d4fb-4523-bf42-ad719d4e9937

Request Chain 108

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2690142867855200886

Request Chain 113

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950

Request Chain 153

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1

Request Chain 154

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNQRlYWBt8pD-nkdqXjAQAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1

Request Chain 155

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1

Request Chain 156

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY5NjU1NTkwODUzNjU2MjA3Nw%3D%3D

Request Chain 157

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1

Request Chain 158

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNQRq8xmEIktMN-gvQAEAAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1

Request Chain 159

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1

Request Chain 160

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgwMTIyMDMwNjkzMzI3MjM3

Request Chain 171

https://ad.turn.com/r/cs?pid=65 HTTP 302
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950

Request Chain 179

https://www.google.com/pagead/drt/ui HTTP 302
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Request Chain 280

https://c1.adform.net/serving/cookie/match?party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557 HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557

Request Chain 281

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6201097776656751456

Request Chain 283

https://dsp.adfarm1.adition.com/cookie/?ssp=9 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040058908427090063

Request Chain 284

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ymBBnYjJREyWn6pbzBD1Vw%3D%3D HTTP 302
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

Request Chain 285

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5e9e61b3-5047-4600-8505-4d906c85ad1c

Request Chain 286

https://pixel.onaudience.com/?partner=214&mapped=CA60419D-88C9-444C-969F-AA5BCC10F557 HTTP 302
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D HTTP 302
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=ed62a075af93b0380e86a4013c8206dc HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1 HTTP 302
https://pixel.onaudience.com/?partner=147&mapped=c734707d-99bc-4bb1-8322-dcd4d46a7eee&icm HTTP 302
https://spl.zeotap.com/?zdid=1332&zcluid=1fc8a118e810145c HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=3b71d7a0-8f60-499f-778c-1883b819732f&reqId=f61bc459-e1e9-4458-598b-7a7f4ff08f6d&zcluid=1fc8a118e810145c&zdid=1332 HTTP 302
https://mwzeom.zeotap.com/mw?google_gid=CAESED84KvOw5Hu-ruuWVCaUeJk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=3b71d7a0-8f60-499f-778c-1883b819732f&reqId=f61bc459-e1e9-4458-598b-7a7f4ff08f6d&zcluid=1fc8a118e810145c&zdid=1332

Request Chain 287

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0E2MDQxOUQtODhDOS00NDRDLTk2OUYtQUE1QkNDMTBGNTU3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

Request Chain 288

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKqCC7Sp1bWcyrE3WQ2JDbs&google_cver=1

Request Chain 290

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3Duid%3A%5BMM_UUID%5D HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&gdpr=0&gdpr_consent=

Request Chain 291

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c734707d-99bc-4bb1-8322-dcd4d46a7eee

Request Chain 292

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COOKIES%20HERE]&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8622795666401676995

Request Chain 293

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=780122030693327237&gdpr=0&gdpr_consent=

Request Chain 306

https://gcdn.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/signature/940638C8C66915B892CAEF69E05837F961E0E981.21FA6C6EC97A7427ECE8620B2F68E3F575B1677A/key/ck2/file/file.mp4?cpn=gMcZRsj-13ZHwBi2 HTTP 302
https://r1---sn-5hnekn7d.c.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7CB74D1AFA55EFF6A0EC6C41C71CE86F7DF8BD09.04ED49BC0380ED26B5E23C331410856A60FF5B04/key/cms1/cms_redirect/yes/mh/Gy/mip/2a03:1b20:6:f011::2e/mm/42/mn/sn-5hnekn7d/ms/onc/mt/1639140738/mv/u/mvi/1/pl/48?cpn=gMcZRsj-13ZHwBi2&file=file.mp4

Request Chain 319

https://image8.pubmatic.com/AdServer/ImgSync?&fp=1&mpc=10&p=156498&gdpr=0&gdpr_consent=&pmc=-1&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fpmc%3D-1%26partnerID%3D156498%26partnerUID%3D%28null%29 HTTP 302
https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=v4kZJbyITy-k2hkg74BWJ7iIHS6kixl374hv4kM4 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=CA60419D-88C9-444C-969F-AA5BCC10F557&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dzG1KBBE2uVch.qgEc13SV3Vd3wIT0c-~A&gdpr=0&gdpr_consent=

Request Chain 321

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLah2M0CEMuI_c8CGP7enboBIAEwAQ&v=APEucNXO9nhDnRjPbll2uPolNtJunBGqmh2muvqCfXgjxfMVmtaj0DxU6h5jn4bNGFnSrmzl_rPd6xtQJ11yoZhPI6s42ZKqg4zlf_fu0FnzYeHTo_KtZ7M HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0 HTTP 302
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESELqJ-QRPWeUy1YIARnEzgvw&google_cver=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELqJ-QRPWeUy1YIARnEzgvw&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=242c29d0275d9a76f624ec04ae107660&uid=242c29d0275d9a76f624ec04ae107660&data[stv][idt_did_status]=added&gdpr_consent=&gdpr=0 HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1 HTTP 302
https://cm.adsafety.net/?_cmsrc=ttdx&idt=100&did=c734707d-99bc-4bb1-8322-dcd4d46a7eee HTTP 302
https://tags.adsafety.net/v1/cm?cm_uid=CM1202112101329e93555c48606f3603&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Ddefault%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D HTTP 302
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=default&idt=100&did=242c29d0275d9a76f624ec04ae107660

Request Chain 337

https://sb.scorecardresearch.com/p?C1=1&C2=23229166&C3=platform&C5=01&C7=https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02 HTTP 302
https://sb.scorecardresearch.com/p2?C1=1&C2=23229166&C3=platform&C5=01&C7=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail&utm_medium=newsletter&utm_campaign=Edici%C3%B3n%20Vespertina%202021-12-09%2019%3A06%3A10&utm_content=-2021-12-10-02

Request Chain 338

https://sb.scorecardresearch.com/p?c1=2&c2=23229166&c3=platform&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1639141447&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=30000&ns_st_pt=0&ns_ts=1639141447 HTTP 302
https://sb.scorecardresearch.com/p2?c1=2&c2=23229166&c3=platform&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1639141447&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=30000&ns_st_pt=0&ns_ts=1639141447

Request Chain 359

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent= HTTP 303
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1 HTTP 303
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGbkJrN0RacUVBQURzeE1qYW1FZw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 302
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1 HTTP 303
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFnBk7DZqEAADsxMjamEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID

Request Chain 360

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7703576983 HTTP 302
https://sync.1rx.io/usersync/tradedesk/c734707d-99bc-4bb1-8322-dcd4d46a7eee HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-0ffe19a1-9819-4799-b038-740962339c79-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%3D%26piggybackCookie%3DRX-0ffe19a1-9819-4799-b038-740962339c79-003 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0ffe19a1-9819-4799-b038-740962339c79-003

Request Chain 361

https://sync.srv.stackadapt.com/sync?nid=11 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=UYceiszMT3pEZypcw2GbQbnVm6I

Request Chain 363

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent= HTTP 302
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dpubmatic%26bsw_param%3D5a4c075d-d4fb-4523-bf42-ad719d4e9937%26gdpr%3D0%26consent%3D%26gdpr_pd%3D%26expires%3D7 HTTP 302
https://x.bidswitch.net/sync?dsp_id=354&user_id=ae82db4a22d9433f8948fcb7ec5910c8&ssp=pubmatic&bsw_param=5a4c075d-d4fb-4523-bf42-ad719d4e9937&gdpr=0&consent=&gdpr_pd=&expires=7 HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=5a4c075d-d4fb-4523-bf42-ad719d4e9937&gdpr=0&gdpr_consent=&gdpr_pd= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D

Request Chain 364

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2618085273817272950&gdpr=0&gdpr_consent=&us_privacy= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=780122030693327237 HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://image4.pubmatic.com/AdServer/SPug?pmc=-1&partnerID=156498&partnerUID=(null)

Request Chain 365

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent= HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent= HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=

Request Chain 367

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent= HTTP 302
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d8a5c696-ce0d-4440-adde-0d3ca5f3a48d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw HTTP 302
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent= HTTP 302
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D

364 HTTP transactions
8 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK nrd.php Show response
links.elfinancierocr.com/u/ 855 B
810 B 204ms
166ms Document
text/html 217.175.192.17
EMARSYS-AS Emarsy...

General

Check archive.org

Show headers Download Go to

Full URL

https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

217.175.192.17 , Austria, ASN199236 (EMARSYS-AS Emarsys eMarketing Systems AG, AT),

Reverse DNS

Software

Apache /

Resource Hash

5ed74d3df834144b5c87b15adcd8f0f5d50590c5360f264f826b7c8836f5a36e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 13:04:04 GMT
server: Apache
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding
content-encoding: gzip
x-af: suite6-web1
cache-control: max-age=0, no-cache, no-store, must-revalidate
pragma: no-cache
content-length: 433
content-type: text/html; charset=utf-8
x-hf: suite-haproxy01e

GET
H2

200

Primary Request / Show response
www.elfinancierocr.com/negocios/
Redirect Chain

https://www.elfinancierocr.com/negocios?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02

171 KB
39 KB

36ms
36ms

Document
text/html

2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

c063dcf1fba1e0c0388203ecd5bd686fefe29c81c5f6373efc9e3e97e9cc99f3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839

Response headers

content-type: text/html; charset=utf-8
server: openresty
content-encoding: gzip
etag: W/"29b91-U3+v26u2tU/TnrO8BFYR7UhlCHg"
last-modified: Fri, 10 Dec 2021 13:02:51 GMT
vary: Accept-Encoding
x-akamai-transformed: 9 37020 0 pmb=mRUM,2
cache-control: private, max-age=60
expires: Fri, 10 Dec 2021 13:05:04 GMT
date: Fri, 10 Dec 2021 13:04:04 GMT
server-timing: cdn-cache; desc=HIT edge; dur=22
content-security-policy: upgrade-insecure-requests

Redirect headers

content-type: text/html
content-length: 166
server: openresty
cache-control: private, max-age=55
expires: Fri, 10 Dec 2021 13:04:59 GMT
date: Fri, 10 Dec 2021 13:04:04 GMT
server-timing: cdn-cache; desc=HIT edge; dur=58
location: /negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
content-security-policy: upgrade-insecure-requests

GET
H2 200 polyfill.min.js Show response
polyfill.io/v3/ 101 B
587 B 25ms
7ms Script
text/javascript 2a04:4e42::282
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://polyfill.io/v3/polyfill.min.js?features=IntersectionObserver%2CElement.prototype.prepend%2CElement.prototype.remove%2CArray.prototype.find%2CArray.prototype.includes

Requested by

Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a04:4e42::282 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

dd1b5e04d54c4420fe3e8e6abe2875fc7f13a3cd6384b6c2afc1a35e302dd846

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubdomains; preload
content-encoding: br
x-content-type-options: nosniff
content-type: text/javascript; charset=utf-8
age: 2218428
detected-user-agent: Chrome Mobile/96.0.4664
server-timing: HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=1
content-length: 101
referrer-policy: origin-when-cross-origin
last-modified: Sun, 14 Nov 2021 16:39:56 GMT
date: Fri, 10 Dec 2021 13:04:05 GMT
vary: User-Agent, Accept-Encoding
access-control-allow-methods: GET,HEAD,OPTIONS
normalized-user-agent: chrome/96.0.0
access-control-allow-origin: *
cache-control: public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 react.js Show response
www.elfinancierocr.com/pf/dist/engine/ 314 KB
96 KB 39ms
37ms Script
application/javascript 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/engine/react.js?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

2d3392ee6ac1a9b7a9d10b015b51fbafddedec77e5fda7905f60e15b8b588125

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: 61R8Q58D1F7JB99Y
etag: W/"3c3e93985a12dd6eaed03c6d89da6437"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 97696
x-amz-id-2: o7MqzjfsSFBxxrroGj4WCnH0oRISdFgFJXHb8mXt6mYi3M5hkDVQRlD17mko7jkdtMPC+Q37Uo8=
expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H2 200 default.js Show response
www.elfinancierocr.com/pf/dist/components/combinations/ 1 MB
286 KB 24ms
24ms Script
application/javascript 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

da1986030b191b42a24d8f95f6246b1f42c4bfd1ec1dc53e2551a32f89b34848

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: V6SA5K4JDKNE275W
etag: W/"0b22ed62b74607c50fbd5593c5e16bf3"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 291317
x-amz-id-2: fyIhEdxu0CtJGuBoZ780Cg3XkNrj8b0BX7c+kViOokK/h9NGF/e0zlMTfiPwN5JgofaAHsaccz8=
expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H2 200 default.css
www.elfinancierocr.com/pf/dist/components/output-types/ 33 KB
5 KB 124ms
123ms Stylesheet
text/css 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/components/output-types/default.css?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

ada22e6eba70375c2b46ed604b28c317d19c3208d9354f2d714b1e020d08d7fa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: MZ5WHJP2PVBFB6A7
etag: W/"b85a56d0b2f48a049db57c189c0a816d"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4204
x-amz-id-2: sdgECOdL2P6poLS/pc33bgimOCbI5e53j9PMtUKgIaC0NZGRdUZeNY35+7/nyxg9FYATf7l/G4w=
expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H2 200 default.css
www.elfinancierocr.com/pf/dist/components/combinations/ 83 KB
16 KB 160ms
159ms Stylesheet
text/css 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/dist/components/combinations/default.css?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

aeaa6078a758995f23fbad8f680d98c2b63515a7c2e5acc30d318efdb4854bb8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-server-side-encryption: AES256
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
x-amz-request-id: 3NN6E5DD0CWW0WRW
etag: W/"eeb68d5f3c1c35861c1181c253354c65"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 15801
x-amz-id-2: K+jKfVV6l6Ri1EqfO1DGh+FjdvcdgllNWJ7LdJTys0oqtBsvLlcDZZ94jQTWqOJ0l8fR4wWFhZI=
expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H2 200 overwrite.css
www.elfinancierocr.com/pf/resources/global/ 7 KB
2 KB 177ms
176ms Stylesheet
text/css 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.elfinancierocr.com/pf/resources/global/overwrite.css?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

42e18cf3e34929b45ad8fc524c72c82898c2a9ebe89dd3eb9f8feed643fbc368

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-amz-request-id: SEDKSXMPVSWY2BYV
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 1571
x-amz-id-2: u+uo6mxlTFvcJ5b3hs6QB73/XHI75T4ZoHAU0u2jNe6V8ntRQ6lwobJeA9YH1Y+kessIjYi6CmM=
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
etag: W/"e2c8963f2c1ae225002a67245811f455"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H2 200 css2
fonts.googleapis.com/ 12 KB
1 KB 133ms
49ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

36f424145fc49aeb31e34362c9f4263af9ddebb7e3815d0c40c9d07aafc88d49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:57:37 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 13:04:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 13:04:05 GMT

GET
H2 200 logo.svg
www.elfinancierocr.com/pf/resources/el-financiero/ 13 KB
5 KB 23ms
23ms Image
image/svg+xml 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/pf/resources/el-financiero/logo.svg?d=131

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

openresty /

Resource Hash

2a858776bb6bd9226815d72d9d3458d1449c1e46a3ca53340988f22bd247759f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-amz-request-id: 61R6VHK71279H8Y3
x-amz-server-side-encryption: AES256
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 4636
x-amz-id-2: 0uyszTigitoMuNTHc1LFXCpGGzBOf9L7xx7+SYdeMIpZa4z0le3tCds3AIrcW9vyg9gTIPi0rL4=
last-modified: Thu, 09 Dec 2021 21:00:40 GMT
server: openresty
etag: W/"312679b5836c87268047387621ab78ac"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=31536000
content-security-policy: upgrade-insecure-requests
expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H2 200 gtm.js Show response
gtm.nacion.com/ 153 KB
59 KB 576ms
537ms Script
application/javascript 2001:4860:4802:34::15
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::15 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: 3c42d82cabb963570626e82fe5e3f8208244e27054180efa1b7b2032091c4a66

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
via: 1.1 google
last-modified: Fri, 10 Dec 2021 12:00:00 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: private, max-age=450
content-encoding: gzip
expires: Fri, 10 Dec 2021 13:04:11 GMT

GET
H2 200 K2F2J-U4J6X-CUK55-UT5LV-F8L4T Show response
s.go-mpulse.net/boomerang/ 202 KB
51 KB 24ms
8ms Script
application/javascript 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/K2F2J-U4J6X-CUK55-UT5LV-F8L4T
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
last-modified: Tue, 16 Nov 2021 02:52:40 GMT
x-serial: 4518
x-akamai-pragma-client-ip: 10.202.51.110, 209.170.100.130
x-n: S
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-check-cacheable: YES
cache-control: max-age=604800
timing-allow-origin: *
content-length: 51580

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 9 KB
3 KB 33ms
16ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 55b4a8ebd4ce4144242d6bb9d0ebb65a01b2759e67243ed5badc3ac96c6fd396

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 2969
etag: W/"2d763adca2b6a93c45e5b76bff1f8c5d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6bb6ad507f084a8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 13 Dec 2021 13:04:05 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 125ms
40ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 01:54:06 GMT
x-content-type-options: nosniff
age: 212999
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 01:54:06 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
16 KB 161ms
77ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 20:07:55 GMT
x-content-type-options: nosniff
age: 233770
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 20:07:55 GMT

GET
H2 200 0QIvMX1D_JOuMwr7Iw.woff2
fonts.gstatic.com/s/lora/v20/ 35 KB
35 KB 177ms
93ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lora/v20/0QIvMX1D_JOuMwr7Iw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lora:wght@400;700&family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ef7da2ea9165f4486462c7f1dccddb7485e6a1922d220a1c393a8fa7214829fd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.elfinancierocr.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 20:20:54 GMT
x-content-type-options: nosniff
age: 146591
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35440
x-xss-protection: 0
last-modified: Wed, 10 Nov 2021 18:00:32 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 20:20:54 GMT

GET
H2 200 DQ2UNUHRAVFXTOO3ZDCSWR7YRY.jpg
www.elfinancierocr.com/resizer/vBTSZw_o6PxDKU2unmpgRNJZmxM=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 11 KB
11 KB 16ms
14ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/vBTSZw_o6PxDKU2unmpgRNJZmxM=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/DQ2UNUHRAVFXTOO3ZDCSWR7YRY.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

ff6ebdfad08d6efb6ac7fc6f4033fff174d6db41653378822a9e890605d9358f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 895
etag: "1d23f1bc21319dd85c82e66d63ec12377ea9e183"
content-type: image/jpeg
cache-control: private, no-transform, max-age=30340421
last-modified: Fri, 26 Nov 2021 16:58:11 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 10906
server: Akamai Image Manager
expires: Sat, 26 Nov 2022 16:57:46 GMT

GET
H2 200 EEWDH3DIG5A5VO2CT2VWY5IY7A.jpeg
www.elfinancierocr.com/resizer/LrkWtwOWzeChDKRc7ZmQvG16bBw=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 9 KB
9 KB 28ms
25ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/LrkWtwOWzeChDKRc7ZmQvG16bBw=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/EEWDH3DIG5A5VO2CT2VWY5IY7A.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

af320f1e888cebe2e87f4956ca6bad98675ac88b3b90142e434733d4af44fb26

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 292
etag: "0feddfd2cdba6c1e7c415629004e94a5c681659e"
content-type: image/jpeg
cache-control: private, no-transform, max-age=31480769
last-modified: Thu, 09 Dec 2021 21:43:46 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9025
server: Akamai Image Manager
expires: Fri, 09 Dec 2022 21:43:34 GMT

GET
H2 200 BLWQ6IE32FGM7OZXUILTF372VE.JPG
www.elfinancierocr.com/resizer/H_0aQDd6nhH50oavZ3sEacEtpBk=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 7 KB
7 KB 40ms
38ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/H_0aQDd6nhH50oavZ3sEacEtpBk=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/BLWQ6IE32FGM7OZXUILTF372VE.JPG

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

55f97136162c46ec2086a4ed139008c92320792404bc0fc6307ceef8eee402e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 129
etag: "d78757e44d8dd736a75500e0092a4b6a75f97fab"
content-type: image/jpeg
cache-control: private, no-transform, max-age=31467391
last-modified: Thu, 09 Dec 2021 18:00:36 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6910
server: Akamai Image Manager
expires: Fri, 09 Dec 2022 18:00:36 GMT

GET
H2 200 GUSCC2E7SZGEPJ2CSTSCZ2TM5U.jpeg
www.elfinancierocr.com/resizer/PPiLPt6TcsQkd1pFtMQalUQGnhg=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 10 KB
10 KB 53ms
51ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/PPiLPt6TcsQkd1pFtMQalUQGnhg=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/GUSCC2E7SZGEPJ2CSTSCZ2TM5U.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

1f2824d57ba75a198844634c40d76f1a4fed512990845f170d7b9e55f6271b79

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 177
etag: "8849fb6994907b834ea9dd3e72075574f9599ce1"
content-type: image/jpeg
cache-control: private, no-transform, max-age=31400671
last-modified: Wed, 08 Dec 2021 23:28:15 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9737
server: Akamai Image Manager
expires: Thu, 08 Dec 2022 23:28:36 GMT

GET
H2 200 LA6H24PH2JATPFXFPWPHQ4BXRU.JPG
www.elfinancierocr.com/resizer/CwBhJG3vaQDe91kHwAZAIFT9_HQ=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 10 KB
10 KB 66ms
64ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/CwBhJG3vaQDe91kHwAZAIFT9_HQ=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/LA6H24PH2JATPFXFPWPHQ4BXRU.JPG

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

da25c13d9a60d7c2865534d2535e98c14926dd29ee0cdb594ad132e45cc631de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
last-modified: Tue, 07 Dec 2021 22:12:01 GMT
server: Akamai Image Manager
etag: "5e57e5ed0022c562e22f2053e80ca2cc52a1fcda"
content-type: image/jpeg
cache-control: private, no-transform, max-age=31309813
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 10140
expires: Wed, 07 Dec 2022 22:14:18 GMT

GET
H2 200 TMJXUQSZFBCS7OYVWWZZF7W7NU.jpg
www.elfinancierocr.com/resizer/_PAqixA4eWzwxY6YpFeaMmOaAus=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 7 KB
8 KB 80ms
78ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/_PAqixA4eWzwxY6YpFeaMmOaAus=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/TMJXUQSZFBCS7OYVWWZZF7W7NU.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

0be3304dbcb230db486d6f3673a10574d33e052a95685906710577caefe7e16f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
last-modified: Mon, 22 Nov 2021 12:01:16 GMT
server: Akamai Image Manager
etag: "ca8774a362435d2adcdbf8582d5c5e4d9d88e25f"
content-type: image/jpeg
cache-control: private, no-transform, max-age=29977189
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 7434
expires: Tue, 22 Nov 2022 12:03:54 GMT

GET
H2 200 YHDFPLRMUJDO5AXXT5KIDTNNUE.jpg
www.elfinancierocr.com/resizer/xqSAtRfdVIPkU2ndqVEC4Bwin8k=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 13 KB
13 KB 91ms
88ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/xqSAtRfdVIPkU2ndqVEC4Bwin8k=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/YHDFPLRMUJDO5AXXT5KIDTNNUE.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

b45de02eef3e292f8b17d4e40e47d3c3349cef8707596c7e1238f6fd47697e2f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
last-modified: Sun, 05 Dec 2021 15:02:24 GMT
server: Akamai Image Manager
etag: "b01dff070d943b374df14123e1e55ba88ca2e37a"
content-type: image/jpeg
cache-control: private, no-transform, max-age=31111014
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 13162
expires: Mon, 05 Dec 2022 15:00:59 GMT

GET
H2 200 MVQLF775FBHYBB5SBS6FYC7HKU.jpg
www.elfinancierocr.com/resizer/8XBj0KgrnQ2PIznETjy4gK3M4jY=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 7 KB
7 KB 101ms
99ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/8XBj0KgrnQ2PIznETjy4gK3M4jY=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/MVQLF775FBHYBB5SBS6FYC7HKU.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

00b57475c2d70b5466f176f0b993f6ca310512de223a985ec52cfb6d858113c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
last-modified: Fri, 03 Dec 2021 15:58:20 GMT
server: Akamai Image Manager
etag: "eed9051f2d25917f8f1baf01135f04146cb2317f"
content-type: image/jpeg
cache-control: private, max-age=30941781
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6844
expires: Sat, 03 Dec 2022 16:00:26 GMT

GET
H2 200 M5C54B27XFCSREBD7LEHN4OQXM.jpg
www.elfinancierocr.com/resizer/Jx9R5kADfny1YJhP7AXLVZ7jSjE=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 11 KB
12 KB 112ms
110ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/Jx9R5kADfny1YJhP7AXLVZ7jSjE=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/M5C54B27XFCSREBD7LEHN4OQXM.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

994331ea6dd6e5446c21a008b32b66ddc8dfa628a54742643cfa7e31e273a895

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
last-modified: Sat, 04 Dec 2021 18:26:24 GMT
server: Akamai Image Manager
etag: "957d07f2e24fd2fb8453bfeeadf814aac3c78f77"
content-type: image/jpeg
x-edgeconnect-cache-status: 1
cache-control: private, no-transform, max-age=31037048
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 11445
expires: Sun, 04 Dec 2022 18:28:13 GMT

GET
H2 200 5RRLFUT63BHTTFADX2VSHTVLZY.jpg
www.elfinancierocr.com/resizer/rCxigborDELRWsQ7s_PoKYSiGtM=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 6 KB
6 KB 123ms
121ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/rCxigborDELRWsQ7s_PoKYSiGtM=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/5RRLFUT63BHTTFADX2VSHTVLZY.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

1db1d3d3e0ea40d73f265cbe4db86dbc04f34fecb52aa923240fba5f192c3b6c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 369
etag: "c6941f37c5c0e68994f62a87483e5909dedf20b2"
content-type: image/jpeg
cache-control: private, no-transform, max-age=30958196
last-modified: Fri, 03 Dec 2021 20:31:23 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 6005
server: Akamai Image Manager
expires: Sat, 03 Dec 2022 20:34:01 GMT

GET
H2 200 YA7EB22EF5GLTFEE3RLX2WSM4E.jpg
www.elfinancierocr.com/resizer/JMsAcSNGXfPxcwhL8sVZc6N8ZF8=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 13 KB
13 KB 135ms
133ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/JMsAcSNGXfPxcwhL8sVZc6N8ZF8=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/YA7EB22EF5GLTFEE3RLX2WSM4E.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

ea4d85b7f5ae7f10af43ee3361954dbd4aaffe917029f2e2e1ffb951451081f6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 582
etag: "08cc82836f4adcd4db0d8ac69fb1b15e8475ae25"
content-type: image/jpeg
cache-control: private, no-transform, max-age=30956346
last-modified: Fri, 03 Dec 2021 20:03:40 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 13238
server: Akamai Image Manager
expires: Sat, 03 Dec 2022 20:03:11 GMT

GET
H2 200 IANAE7X7TFHLHDWZMMXCBTNKNA.JPG
www.elfinancierocr.com/resizer/eNxaQPlu-uO2PUaPc8Zsjoak5HE=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 9 KB
9 KB 161ms
159ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/eNxaQPlu-uO2PUaPc8Zsjoak5HE=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/IANAE7X7TFHLHDWZMMXCBTNKNA.JPG

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

20bcee3d2c1f81a048cce884a22977c2e2ab2c13b6f138f09c4e59dc81154c75

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 466
etag: "8e60756b56b87855c1f9b75f9f05a0bd591d1ed6"
content-type: image/jpeg
cache-control: private, no-transform, max-age=30853910
last-modified: Thu, 02 Dec 2021 15:36:31 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 8850
server: Akamai Image Manager
expires: Fri, 02 Dec 2022 15:35:55 GMT

GET
H2 200 XBV347EDAVG75IXYEASWMFNVL4.jpeg
www.elfinancierocr.com/resizer/o_3uterb8XRAIMeUwnYCwv3X8XQ=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 9 KB
9 KB 179ms
178ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/o_3uterb8XRAIMeUwnYCwv3X8XQ=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/XBV347EDAVG75IXYEASWMFNVL4.jpeg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

e6484d750a7a0fafa69ada662310c48873e8db2b871aa1a4569ac3f3e26cd7aa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 102
etag: "8618d7716a4c041a2133c271881466e884cb3e3a"
content-type: image/jpeg
cache-control: private, no-transform, max-age=30790128
last-modified: Wed, 01 Dec 2021 21:54:04 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 9227
server: Akamai Image Manager
expires: Thu, 01 Dec 2022 21:52:53 GMT

GET
H2 200 5NNEA3IONNBU5NDKNQ562BHHNE.jpg
www.elfinancierocr.com/resizer/8gXmre2d3qPJqUK-flIPbxzNjIc=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/ 7 KB
7 KB 193ms
192ms Image
image/jpeg 2a02:26f0:6c00::210:ba09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elfinancierocr.com/resizer/8gXmre2d3qPJqUK-flIPbxzNjIc=/274x154/filters:format(jpg):quality(70)/cloudfront-us-east-1.images.arcpublishing.com/gruponacion/5NNEA3IONNBU5NDKNQ562BHHNE.jpg

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:6c00::210:ba09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

7701c0a6af5d7112c2dac21206b61c302c752049e36665944bf5b3daf6c9993e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
x-check-cacheable: YES
x-serial: 1441
etag: "437cf414c6add9ac56ff97a8d0386e3ea6c9d065"
content-type: image/jpeg
cache-control: private, no-transform, max-age=30690032
last-modified: Tue, 30 Nov 2021 18:07:18 GMT
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 7273
server: Akamai Image Manager
expires: Wed, 30 Nov 2022 18:04:37 GMT

GET
H2 200 load Show response
api.tinypass.com/xbuilder/experience/ 4 KB
2 KB 47ms
28ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.tinypass.com/xbuilder/experience/load?aid=BM6tVBSjXE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

592b2d7cbc5a7cad13de7f9a94f0e7d6112515896fb866303c71a2ad9d7a96c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 2419
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Cmrfw3rSZab
pragma
wn: prod-dash-10-0-122-89
last-modified: Fri, 10 Dec 2021 12:23:46 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=utf-8
server-time: 0.016
cache-control: public, max-age=1800
cf-ray: 6bb6ad50bed04e4a-FRA
expires: Fri, 10 Dec 2021 13:34:05 GMT

GET
H2 200 OneSignalPageSDKES6.js Show response
cdn.onesignal.com/sdks/ 283 KB
68 KB 29ms
28ms Script
application/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ba83c227cde7d4c34fb514ccd483305e8dfef365e6b2b70a126f2d73adaa1691

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 3241
etag: W/"bac537a7eba0b66473f70a7a4bf837c4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6bb6ad50d80d4a8c-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 13 Dec 2021 13:04:05 GMT

GET
H2 200 tinypass.min.js Show response
cdn.tinypass.com/api/ 395 KB
123 KB 23ms
22ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.tinypass.com/api/tinypass.min.js

Requested by

Host: api.tinypass.com
URL: https://api.tinypass.com/xbuilder/experience/load?aid=BM6tVBSjXE

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

10f0ad588f05191ae9cc057cf2b8364b676cc9cbd70d47226ff2aa027e1fd457

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 3
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-200-137-133
last-modified: Thu, 09 Dec 2021 12:33:01 GMT
server: cloudflare
etag: W/"404856-1639053181341"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.000
cache-control: public, max-age=7200
cf-ray: 6bb6ad50ef4f4e4a-FRA
expires: Fri, 10 Dec 2021 15:04:05 GMT

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 5 KB
1 KB 272ms
255ms XHR
application/json 2a02:26f0:6c00:1bb::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=K2F2J-U4J6X-CUK55-UT5LV-F8L4T&d=www.elfinancierocr.com&t=5463805&v=1.632.0&sl=0&si=kgozyqw2df-r3whmt&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,LOGN&acao=&ak.ai=642712
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/K2F2J-U4J6X-CUK55-UT5LV-F8L4T
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a02:26f0:6c00:1bb::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8aec8924ad59b6c1199aec9c6ac25e50db6d5f6cbbafe334392625f1748699fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:05 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 1074

GET
H/1.1 200
OK cx.js Show response
scdn.cxense.com/ 118 KB
28 KB 28ms
11ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://scdn.cxense.com/cx.js
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Dec 2021 20:01:46 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Fri, 10 Dec 2021 14:04:05 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ 80 KB
27 KB 140ms
54ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/pf/dist/components/combinations/default.js?d=131

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

f45530ee93fe1451632f4c4da09ff7b9dcbbe6a64f2ae824c058c78fababd34c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
etag: "1066 / 496 of 1000 / last-modified: 1639137928"
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 27033
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 10 Dec 2021 13:04:05 GMT

GET
H2 200 web Show response
onesignal.com/api/v1/sync/ed42b0eb-86e1-445d-b83e-a6cf15f859cb/ 5 KB
2 KB 14ms
14ms Script
text/javascript 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/sync/ed42b0eb-86e1-445d-b83e-a6cf15f859cb/web?callback=__jp0

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1204e16492dda076149aa3a805c34c8a4a644caa377a8a9f6f5003610e6a792a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 176
cf-polished: origSize=5169
status: 200 OK
x-envoy-upstream-service-time: 75
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: c5ff5cfe-7cb5-4c9d-aed2-1c29b52134c8
x-runtime: 0.072929
referrer-policy: strict-origin-when-cross-origin
cf-bgj: minify
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"605ae4ef98f85ba4c4f5984841c4c835"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
cf-ray: 6bb6ad522abc4a8c-FRA
access-control-allow-headers: SDK-Version
expires: Fri, 10 Dec 2021 14:04:05 GMT

POST
H2 200 execute Show response
c2.piano.io/xbuilder/experience/ 12 KB
3 KB 154ms
135ms XHR
application/json 2606:4700::6810:2a41
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c2.piano.io/xbuilder/experience/execute?aid=BM6tVBSjXE

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:2a41 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d3c8f75c57204ea3e701b244aa300af4f32944d05296c041bc5fcb0de1520dc

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: */*
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
vary: Accept-Encoding, Origin
cf-cache-status: DYNAMIC
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: 80d0ypdym1
pragma: no-cache
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store
access-control-allow-credentials: true
cf-ray: 6bb6ad52791f4ec7-FRA

GET
H2 200 get.js Show response
buy.tinypass.com/api/v3/anon/captcha/ 153 B
298 B 39ms
39ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/captcha/get.js?callback=jsonpCallback&aid=BM6tVBSjXE

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51044618b6f1403289b87a95590ead360f23720215754270c1e08cfcc1749ad8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 261
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Ckfhw3rBzYq
pragma
wn: prod-dash-10-0-128-232
last-modified: Fri, 10 Dec 2021 12:59:44 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript
server-time: 0.005
cache-control: public, max-age=1200
cf-ray: 6bb6ad526a2b4e4a-FRA
expires: Fri, 10 Dec 2021 13:24:05 GMT

GET
H/1.1 200
OK segment Show response
api.cxense.com/profile/user/ 77 B
693 B 50ms
17ms Script
text/javascript 147.75.85.120
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.cxense.com/profile/user/segment?callback=cXJsonpCBkx0ehtwi32oh9vvc&persisted=b15320daa6193bf072303805114e1600484395c8&json=%7B%22identities%22%3A%5B%7B%22id%22%3A%22kx0ehtwhgsnn4csd%22%2C%22type%22%3A%22cx%22%7D%5D%7D

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

147.75.85.120 Schiphol, Netherlands, ASN54825 (PACKET, US),

Reverse DNS

Software

Jetty(9.4.28.v20200408) /

Resource Hash

8604710cf38806b59d7034e8e258cec63dc4095dd65b07f273ba816828a6a62a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:05 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
strict-transport-security: max-age=31536000
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 77
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK sp1.html Show response
cdn.cxense.com/ Frame 6C0B 1 KB
888 B 36ms
11ms Document
text/html 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/sp1.html
Requested by: Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a739cc97a54df824e12fc75392160360e56e55f623a445f99fa26108fa84e6fb

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

Accept-Ranges: bytes
Last-Modified: Mon, 29 Nov 2021 08:03:18 GMT
Server: AkamaiNetStorage
Content-Length: 518
Cache-Control: max-age=864000
Expires: Mon, 20 Dec 2021 13:04:05 GMT
Date: Fri, 10 Dec 2021 13:04:05 GMT
Connection: keep-alive
Content-Type: text/html
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Vary: Accept-Encoding

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ Frame 6C0B 118 KB
28 KB 13ms
12ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/sp1.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Dec 2021 20:01:46 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Fri, 10 Dec 2021 14:04:05 GMT

GET
H/1.1 200
OK p1.js Show response
p1cluster.cxense.com/ Frame 6C0B 47 B
637 B 48ms
12ms Script
text/javascript 178.63.13.144
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://p1cluster.cxense.com/p1.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.63.13.144 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: de717.cxense.com
Software: Jetty(9.4.28.v20200408) /
Resource Hash: ae7737c4dc9ae410b716ea22e0f6753f3fe94562552ef8ef0f5edc1ba5a7d99c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:05 GMT
Last-Modified: Thu, 10 Jun 2021 13:04:05 GMT
Server: Jetty(9.4.28.v20200408)
ETag: 270pa1ypo0s4e38s48i85li6nl
P3P: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: private, proxy-revalidate
Content-Type: text/javascript;charset=utf-8
Content-Length: 47
Expires: Sat, 10 Dec 2022 13:04:05 GMT

GET
H3 200 pubads_impl_2021120601.js Show response
securepubads.g.doubleclick.net/gpt/ 348 KB
117 KB 92ms
46ms Script
text/javascript 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

sffe /

Resource Hash

2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 119476
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 09:34:20 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: private, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Fri, 10 Dec 2021 13:04:05 GMT

GET
H3 200 ppub_config Show response
securepubads.g.doubleclick.net/pagead/ 197 B
152 B 93ms
48ms XHR
application/json 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=www.elfinancierocr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

8b03951013852c8273718fdfb5f1de5e91f45dd7857e372c57fdd2b99017c449

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 127
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:05 GMT

GET
H2 200 swg.js Show response
news.google.com/swg/js/v1/ 139 KB
44 KB 124ms
38ms Script
text/javascript 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg.js

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:38:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1561
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 44196
x-xss-protection: 0
last-modified: Wed, 08 Dec 2021 19:29:32 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/javascript
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:28:04 GMT

POST
H3 200 loadTemplateContext Show response
buy.tinypass.com/api/v3/anon/template/ 554 B
868 B 187ms
169ms XHR
application/json 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/api/v3/anon/template/loadTemplateContext?aid=BM6tVBSjXE

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c4c5a5f6d000524acca69b491540a08ed7ea17476e2fc5dc2da4f8fb4f63c1f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Ctmhw3rtGRH
pragma: no-cache
wn: prod-dash-10-0-133-91
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/json
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
server-time: 0.005
cf-ray: 6bb6ad538a291f15-FRA
expires: 0

GET
H3 200 cacheableShow Show response
buy.tinypass.com/checkout/template/ Frame 1FA2 9 KB
4 KB 155ms
136ms Document
text/html 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com

Requested by

Host: cdn.tinypass.com
URL: https://cdn.tinypass.com/api/tinypass.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cc7870a999894c7c44d7b5483fa2fca5a85103a978a2548d2f2af330e2bdb46

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-type: text/html;charset=UTF-8
access-control-allow-methods: *
access-control-allow-origin: https://dashboard.piano.io
cache-control: public, max-age=10800
expires: Fri, 10 Dec 2021 16:04:05 GMT
p3p: CP="NON DSP COR OUR IND"
pragma
server-time: 0.009
strict-transport-security: max-age=86400; includeSubDomains
vary: accept-encoding
wn: prod-dash-10-0-137-58
x-forwarded-https: on
x-request-id: Ctmhw3rkgeE
x-xss-protection: 0
cf-cache-status: MISS
last-modified: Fri, 10 Dec 2021 13:04:05 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 6bb6ad538f45697b-FRA
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

GET
H/1.1 200
OK rep.gif
comcluster.cxense.com/Repo/ Frame 6C0B 43 B
469 B 38ms
14ms Image
image/gif 116.202.80.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://comcluster.cxense.com/Repo/rep.gif?ver=1.1.2&typ=pgv&rnd=kx0ehtvqrxwpuzhb&sid=1127341995055146356&loc=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&new=0&arf=0&ltm=1639141445511&ref=https%3A%2F%2Flinks.elfinancierocr.com%2F&tzo=0&res=1600x1200&dpr=1&col=24&bln=en-US&chs=UTF-8&cks=kx0ehtwk8uvmx4l5&ckp=kx0ehtwhgsnn4csd&glb=&wsz=1600x1200&cp_estadoUsuario=ANONIMO&cp_EF_ACCESS=false&cp_LT_ACCESS=false&cp_LN_ACCESS=false&cst=270pa1ypo0s4e38s48i85li6nl
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/sp1.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 116.202.80.165 Osterhofen, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.165.80.202.116.clients.your-server.de
Software: Jetty(9.4.28.v20200408) /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://cdn.cxense.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
server: Jetty(9.4.28.v20200408)
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 43
content-type: image/gif

GET
H/1.1 200
OK id Show response
id.cxense.com/public/user/ 118 B
690 B 39ms
15ms Script
text/javascript 116.202.80.165
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://id.cxense.com/public/user/id?json=%7B%22identities%22%3A%5B%7B%22type%22%3A%22ckp%22%2C%22id%22%3A%22kx0ehtwhgsnn4csd%22%7D%2C%7B%22type%22%3A%22lst%22%2C%22id%22%3A%22270pa1ypo0s4e38s48i85li6nl%22%7D%2C%7B%22type%22%3A%22cst%22%2C%22id%22%3A%22270pa1ypo0s4e38s48i85li6nl%22%7D%5D%2C%22siteId%22%3A%221127341995055146356%22%2C%22location%22%3A%22https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02%22%7D&callback=cXJsonpCBkx0ehu0g1vhsagze

Requested by

Host: scdn.cxense.com
URL: https://scdn.cxense.com/cx.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

116.202.80.165 Osterhofen, Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.165.80.202.116.clients.your-server.de

Software

Jetty(9.4.28.v20200408) /

Resource Hash

97b553f267b500041670d7e603dc2a9f3e0a5c042685728894bc5e1887357bde

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:05 GMT
x-content-type-options: nosniff
server: Jetty(9.4.28.v20200408)
p3p: policyref="http://www.cxense.com/w3c/p3p.xml", CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control: no-store, no-cache, must-revalidate
content-type: text/javascript;charset=utf-8
content-length: 118
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 integrator.js Show response
adservice.google.de/adsid/ 107 B
792 B 139ms
53ms Script
application/javascript 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.de/adsid/integrator.js?domain=www.elfinancierocr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ 107 B
549 B 134ms
49ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.elfinancierocr.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ 129 KB
42 KB 569ms
569ms XHR
text/plain 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?gdfp_req=1&pvsid=2761687363296391&correlator=4452411171516183&output=ldjh&impl=fifs&vrg=2021120601&ptt=17&sc=1&sfv=1-0-38&ecs=20211210&iu_parts=175346488%2Cfinanciero%2Cfinanciero_negocios&enc_prev_ius=%2F0%2F1%2F2%2C%2F0%2F1%2F2%2C%2F0%2F1%2F2&prev_iu_szs=728x90%2C300x250%2C300x250%7C300x600&prev_scp=Pos%3Dx01%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dleaderboard_medium%26position%3D1%7CPos%3Dx02%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dcube%26position%3D1%7CPos%3Dx03%26user_type%3Danonymous%26without_ads%3D0%26subscriber_status%3DUNKNOW%26ad_type%3Dflex_cube%26position%3D1&eri=1&cust_params=page_type%3Dsection%26section_id%3D%252Ffinanciero_negocios&cookie_enabled=1&bc=31&abxe=1&lmt=1639141371&dt=1639141445853&dlt=1639141444973&idt=847&frm=20&biw=1600&bih=1200&oid=2&adxs=800%2C1043%2C1043&adys=78%2C283%2C1414&adks=1010108884%2C2218011079%2C704344478&ucis=1%7C2%7C3&ifi=1&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&ref=https%3A%2F%2Flinks.elfinancierocr.com%2F&vis=1&dmc=8&scr_x=0&scr_y=0&psz=1147x130%7C361x291%7C361x274&msz=0x106%7C300x267%7C300x250&ga_vid=237038539.1639141446&ga_sid=1639141446&ga_hid=1765678254&ga_fc=false&fws=0%2C0%2C512&ohw=0%2C0%2C0&btvi=0%7C0%7C1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&nvt=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.18.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s42-in-f2.1e100.net

Software

cafe /

Resource Hash

c7ed1be3b144e1def8354f8c60f7f93064beb317b96bb4e6f9781da54f061997

Security Headers

Name	Value
Content-Security-Policy	child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJrT-tyl2fQCFe7dEQgdFzcM-g&gqi=&layout=/sadbundle/%24csp%253Der3%24/5342819515450181736/index.html
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: child-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html;frame-src 'unsafe-inline' cm.g.doubleclick.net googleads.g.doubleclick.net www.google.com accounts.google.com pagead2.googlesyndication.com/pagead/s/cookie_push.html gmsg: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html;report-uri https://pagead2.googlesyndication.com/pagead/gen_csp?id=adbundle&qqi=CJrT-tyl2fQCFe7dEQgdFzcM-g&gqi=&layout=/sadbundle/%24csp%253Der3%24/5342819515450181736/index.html
content-encoding: br
x-content-type-options: nosniff
google-creative-id: -1,-1,-1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42960
x-xss-protection: 0
google-lineitem-id: -1,-1,-1
pragma: no-cache
server: cafe
date: Fri, 10 Dec 2021 13:04:06 GMT
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 130C 6 KB
4 KB 152ms
47ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 13:04:05 GMT
expires: Sat, 10 Dec 2022 13:04:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 template.bundle.1.0.css
buy.tinypass.com/widget/dist/template/css/ Frame 1FA2 33 KB
6 KB 85ms
84ms Stylesheet
text/css 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: HIT
age: 6193
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-128-232
last-modified: Mon, 06 Dec 2021 02:53:08 GMT
server: cloudflare
etag: W/"33843-1638759188000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/css
server-time: 0.001
cache-control: public, max-age=7200
cf-ray: 6bb6ad54a9dd697b-FRA
expires: Fri, 10 Dec 2021 15:04:05 GMT

GET
H3 200 loadTranslationMap Show response
buy.tinypass.com/showtemplate/general/ Frame 1FA2 35 KB
9 KB 154ms
154ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/showtemplate/general/loadTranslationMap?aid=BM6tVBSjXE&version=1618854563000&language=es_MX

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d69cd54a374f720234b5eb529d12718e9c587ade711ec97574ce5636b72c9e1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Ctmhw3rq9sh
pragma
wn: prod-dash-10-0-86-204
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.002
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 6bb6ad54a9df697b-FRA
expires: Sat, 11 Dec 2021 08:04:05 EST

GET
H3 200 platform-translation-map_es_MX.js Show response
buy.tinypass.com/ng/common/i18n/ Frame 1FA2 146 KB
40 KB 43ms
42ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/ng/common/i18n/platform-translation-map_es_MX.js?version=14.38.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf6915c9dc74d8576271930c0acabac10cfd2be67da37e88b49f74cf49d21537

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 13390
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-125-28
last-modified: Thu, 09 Dec 2021 13:08:34 GMT
server: cloudflare
etag: W/"149161-1639055314000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.000
cache-control: public, max-age=86400
cf-ray: 6bb6ad54a9e4697b-FRA
expires: Sat, 11 Dec 2021 13:04:05 GMT

GET
H3 200 H4sIAAAAAAAAAD3IMQ6AIAwAwA9JG5j8jSnSkJKCxpbo893YLoevlMqORczRud9KzthsGfIcRXlDlWxIo06lJ0RIkBJK3Mc6vU5SPthC_6DZD0qT6bRaAAAA Show response
buy.tinypass.com/_sam/ Frame 1FA2 518 KB
155 KB 60ms
59ms Script
text/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3IMQ6AIAwAwA9JG5j8jSnSkJKCxpbo893YLoevlMqORczRud9KzthsGfIcRXlDlWxIo06lJ0RIkBJK3Mc6vU5SPthC_6DZD0qT6bRaAAAA?compressed=true&v=14.38.1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8140454fe8ed332221bb81b5cd7af6164efe46dcdbb8188c4715f869b38cba91

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 2563
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-133-91
last-modified: Thu, 09 Dec 2021 13:08:34 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/javascript
server-time: 0.005
cache-control: public, max-age=602237
x-optimized-by: _sam
cf-ray: 6bb6ad54a9e6697b-FRA
expires: Fri, 17 Dec 2021 12:21:22 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame 1FA2 9 KB
817 B 94ms
48ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2ac04714ec58571a4ea3d2a6d6c5d6a191098032883a50dd642f9859891ae065

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:55:14 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 13:04:05 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 13:04:05 GMT

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ 21 KB
6 KB 88ms
39ms Stylesheet
text/css 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:22:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2487
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6439
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:12:38 GMT

GET
H3 200 serviceiframe Show response
news.google.com/swg/_/ui/v1/ Frame DC85 23 KB
7 KB 164ms
126ms Document
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/ui/v1/serviceiframe?_=455317

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a2071877f90138caa4580f386d7a2e3868c9437ca81fd74b55801d6261398a60

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-2262s9waImBw46vwlGDdZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-2262s9waImBw46vwlGDdZg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 10 Dec 2021 13:04:06 GMT
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: unsafe-none; report-to="SubscribewithgoogleClientUi"
content-security-policy: script-src 'report-sample' 'nonce-2262s9waImBw46vwlGDdZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self' script-src 'nonce-2262s9waImBw46vwlGDdZg' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-resource-policy: same-site
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 loader.svg
news.google.com/swg/js/v1/ 0
1 KB 84ms
45ms Other
image/svg+xml 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/loader.svg

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:35:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1745
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1049
x-xss-protection: 0
last-modified: Mon, 16 Mar 2020 18:14:05 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: image/svg+xml
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:25:00 GMT

GET
H3 200 entitlements Show response
news.google.com/swg/_/api/v1/publication/nacion.com/ 2 B
58 B 148ms
116ms Fetch
application/json 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/_/api/v1/publication/nacion.com/entitlements

Requested by

Host: news.google.com
URL: https://news.google.com/swg/js/v1/swg.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: text/plain, application/json
Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
strict-transport-security: max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
cross-origin-opener-policy: same-origin
x-frame-options: SAMEORIGIN
access-control-allow-methods: GET, POST
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, max-age=0, must-revalidate
access-control-allow-credentials: true
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientHttp/cspreport
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 166 KB
61 KB 131ms
48ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-619EW470MQ&l=dataLayer&cx=c

Requested by

Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

64a32d27270e7858ef5d5eeeb19dc2d895418ea3ffb220fcbf00ac23f8f615ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:05 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 62413
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:05 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 119ms
36ms Script
text/javascript 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 5347
date: Fri, 10 Dec 2021 11:34:58 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Fri, 10 Dec 2021 13:34:58 GMT

GET
H2 200 chartbeat_mab.js Show response
static.chartbeat.com/js/ 22 KB
10 KB 25ms
7ms Script
application/x-javascript 2600:9000:2057:4200:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat_mab.js
Requested by: Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:4200:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: 3d54d65d1a3e03ee57b6b3bea623447a1d39393610bdd51bb389fe20c0b17f78

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:25:17 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:17:06 GMT
server: nginx
age: 2328
etag: W/"6179ec02-59c1"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: MsKdhZxBkZkiKfu5K6O4XfnxxjS4h4SlQsFpOuIWG40JzkgPHqZbnQ==
expires: Fri, 10 Dec 2021 14:25:17 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 98 KB
26 KB 23ms
7ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length: 25965
x-xss-protection: 0
pragma: public
x-fb-debug: Sc1schePoWiacijoGhHpvauPps2nAjqFQ0R504EdGT9juD9IP5nRol0RLRe8XH9YWCVdbWA7IsHWPKC9lu6o8g==
x-fb-trip-id: 917726464
x-frame-options: DENY
date: Fri, 10 Dec 2021 13:04:05 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK cx.cce.js Show response
cdn.cxense.com/ 22 KB
6 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.cce.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 08 Jul 2021 14:49:19 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 5864
Expires: Fri, 10 Dec 2021 14:04:05 GMT

GET
H/1.1 200
OK elfinancierocr_4269.js Show response
ads.vidoomy.com/ 5 KB
6 KB 350ms
126ms Script
application/javascript 3.129.250.65
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.vidoomy.com/elfinancierocr_4269.js
Requested by: Host: gtm.nacion.com
URL: https://gtm.nacion.com/gtm.js?id=GTM-58RCN8
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.129.250.65 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-250-65.us-east-2.compute.amazonaws.com
Software: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33 / PHP/7.0.33
Resource Hash: 5da0954a8668235cd2a1fafa5a319581ad082a703eec5e14ad4d0d86d2d641fc

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
Server: Apache/2.4.46 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.33
X-Powered-By: PHP/7.0.33
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection: Keep-Alive
Keep-Alive: timeout=2, max=300
Content-Length: 5356

GET
H2 200 chartbeat.js Show response
static.chartbeat.com/js/ 36 KB
14 KB 23ms
9ms Script
application/x-javascript 2600:9000:2057:4200:18:1fcd:34f:cdc1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://static.chartbeat.com/js/chartbeat.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:4200:18:1fcd:34f:cdc1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx /
Resource Hash: e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:55 GMT
content-encoding: gzip
last-modified: Thu, 28 Oct 2021 00:27:20 GMT
server: nginx
age: 670
etag: W/"6179ee68-8e96"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/x-javascript
via: 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
cache-control: max-age=7200
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: FRA6-C1
x-amz-cf-id: oYuZ41jEuENyH7izWDeUizznLaPZ5mnlOzG4GmjetT84nMytaix3ZQ==
expires: Fri, 10 Dec 2021 14:52:55 GMT

GET
H/1.1 200
OK cx.js Show response
cdn.cxense.com/ 118 KB
28 KB 12ms
10ms Script
application/x-javascript 2a02:26f0:6c00:2a7::268b
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.cxense.com/cx.js
Requested by: Host: cdn.cxense.com
URL: https://cdn.cxense.com/cx.cce.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:6c00:2a7::268b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:05 GMT
Content-Encoding: gzip
Last-Modified: Thu, 09 Dec 2021 20:01:46 GMT
Server: AkamaiNetStorage
Vary: Accept-Encoding
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28194
Expires: Fri, 10 Dec 2021 14:04:05 GMT

GET
H2 200 ping
ping.chartbeat.net/ 43 B
201 B 301ms
100ms Image
image/gif 52.2.53.191
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ping.chartbeat.net/ping?h=elfinancierocr.com&p=%2Fnegocios%2F&u=DLpdmUBHwIZ_CM31mg&d=elfinancierocr.com&g=45503&g0=sin-seccion&g1=Sin%20Autor&n=1&f=00001&c=0&x=0&m=0&y=4212&o=1600&w=1200&j=45&R=1&W=0&I=0&E=0&e=0&r=https%3A%2F%2Flinks.elfinancierocr.com%2F&b=1116&_c=Edici%C3%B3n%20Vespertina%202021-12-09%2019%3A06%3A10&_m=newsletter&_x=Email&_y=-2021-12-10-02&t=utZNaCvJYBaCd1sOnB9SaJpBYxh68&V=129&i=Negocios%20%7C%20El%20Financiero&tz=0&_acct=anon&sn=1&sv=ChQ2Y0CgnW_BCxTeVpDT8RctCrzu4X&sr=https%3A%2F%2Flinks.elfinancierocr.com%2F&sd=1&im=0653fc4f&_
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.2.53.191 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-2-53-191.compute-1.amazonaws.com
Software: /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
content-length: 43
expires: 0

GET
H3 200 344621399451357 Show response
connect.facebook.net/signals/config/ 305 KB
87 KB 150ms
140ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/344621399451357?v=2.9.48&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dd46847a9813d9c75ce9cfba3a988aabeef1d0bc1d7f9a1edd9be8c5234cccc8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: mJRL/WxmRu+/3szbEXIGB1eCtEQCpkvmQNG51irjs9SVBQbnl5KSF5PkdFngv8cOLa0gyLoDJco1o9tRIA08jw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Fri, 10 Dec 2021 13:04:06 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 / Show response
mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/ 177 B
486 B 24ms
7ms XHR
application/json 2a04:4e42::714
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://mab.chartbeat.com/mab_strategy/headline_testing/get_strategy/?host=elfinancierocr.com&domain=elfinancierocr.com&path=%2Fnegocios%2F
Requested by: Host: static.chartbeat.com
URL: https://static.chartbeat.com/js/chartbeat_mab.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a04:4e42::714 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3da2279eb3017d2a4fb932b620a01287d47040fbe34b6a0137dff725263a1e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
x-cache-hits: 1
age: 261
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 134
x-served-by: cache-hhn4025-HHN
access-control-allow-origin: *
x-timer: S1639141446.001690,VS0,VE1
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
content-type: application/json
via: 1.1 varnish (Varnish/6.0), 1.1 varnish
cache-control: no-store, no-cache, must-revalidate, max-age=0, s-maxage=0
accept-ranges: bytes
expires: Wed, 08 Dec 2021 12:59:44 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 1FA2 15 KB
15 KB 109ms
62ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 01:54:06 GMT
x-content-type-options: nosniff
age: 213000
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 01:54:06 GMT

GET
H3 200 platform-translation-map_en_US.js Show response
buy.tinypass.com/ng/common/i18n/ Frame 1FA2 59 KB
12 KB 27ms
27ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/ng/common/i18n/platform-translation-map_en_US.js?version=14.38.1

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/_sam/H4sIAAAAAAAAAD3IMQ6AIAwAwA9JG5j8jSnSkJKCxpbo893YLoevlMqORczRud9KzthsGfIcRXlDlWxIo06lJ0RIkBJK3Mc6vU5SPthC_6DZD0qT6bRaAAAA?compressed=true&v=14.38.1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd0b53e2d3257253a3d5f7c993763c1cd69ae7dc701ea5cb6fb1334336b4334a

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 13395
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
wn: prod-dash-10-0-128-232
last-modified: Thu, 09 Dec 2021 13:08:34 GMT
server: cloudflare
etag: W/"60841-1639055314000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.001
cache-control: public, max-age=86400
cf-ray: 6bb6ad55dcec697b-FRA
expires: Sat, 11 Dec 2021 13:04:06 GMT

GET
H3 200 loadTranslationMap Show response
buy.tinypass.com/showtemplate/general/ Frame 1FA2 30 KB
6 KB 133ms
133ms Script
application/javascript 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://buy.tinypass.com/showtemplate/general/loadTranslationMap?aid=BM6tVBSjXE&version=1618854563000&language=en_US

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d1ddd87e48b65c981cff34b7dafeb66c912fe02ef7ff89703ecb875e65e080a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/checkout/template/cacheableShow?aid=BM6tVBSjXE&templateId=OT4VIKTXZK7K&offerId=fakeOfferId&experienceId=EXSUBF9IPHPC&iframeId=offer_877be5e6aa79db64e0b6-0&displayMode=inline&pianoIdUrl=https%3A%2F%2Fid.tinypass.com%2Fid%2F&widget=template&url=https%3A%2F%2Fwww.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: br
vary: accept-encoding
cf-cache-status: DYNAMIC
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-request-id: Cumhw3r9IMD
pragma
wn: prod-dash-10-0-122-104
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=86400; includeSubDomains
content-type: application/javascript;charset=UTF-8
server-time: 0.002
cache-control: public, max-age=86400, s-maxage=86400
cf-ray: 6bb6ad55dcef697b-FRA
expires: Sat, 11 Dec 2021 08:04:06 EST

GET
H3 200 fail-icon.png
buy.tinypass.com/widget/dist/template/css/img/ Frame 1FA2 2 KB
3 KB 26ms
26ms Image
image/png 2606:4700::6811:b6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://buy.tinypass.com/widget/dist/template/css/img/fail-icon.png

Requested by

Host: buy.tinypass.com
URL: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:b6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://buy.tinypass.com/widget/dist/template/css/template.bundle.1.0.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
cf-cache-status: HIT
age: 6192
p3p: CP="NON DSP COR OUR IND"
x-forwarded-https: on
strict-transport-security: max-age=86400; includeSubDomains
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 2177
wn: prod-dash-10-0-92-175
last-modified: Thu, 09 Dec 2021 13:21:08 GMT
server: cloudflare
etag: W/"2177-1639056068000"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
server-time: 0.000
cache-control: public, max-age=7200
accept-ranges: bytes
cf-ray: 6bb6ad55ed17697b-FRA
expires: Fri, 10 Dec 2021 15:04:06 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 1FA2 15 KB
15 KB 65ms
39ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 20:07:55 GMT
x-content-type-options: nosniff
age: 233771
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 20:07:55 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2
fonts.gstatic.com/s/roboto/v29/ Frame 1FA2 12 KB
12 KB 77ms
52ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Noto+Serif:400,700|Roboto:400,700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://buy.tinypass.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 05:39:34 GMT
x-content-type-options: nosniff
age: 199472
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11836
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:22 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 05:39:34 GMT

POST
H3 204 cspreport
news.google.com/_/SubscribewithgoogleClientUi/ Frame DC85 0
24 B 92ms
92ms Other
text/html 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/cspreport

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-2M7jO3N7vLkzoar/Lvoiew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-2M7jO3N7vLkzoar/Lvoiew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455317
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/csp-report

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
report-to: {"group":"SubscribewithgoogleClientUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/SubscribewithgoogleClientUi/external"}]}
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport, script-src 'report-sample' 'nonce-2M7jO3N7vLkzoar/Lvoiew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/SubscribewithgoogleClientUi/cspreport;worker-src 'self', script-src 'nonce-2M7jO3N7vLkzoar/Lvoiew' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com https://sandbox.google.com https://payments.google.com;report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires: Mon, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
151 B 57ms
19ms XHR
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-3958088-1&cid=237038539.1639141446&jid=577305316&gjid=1734037881&_gid=1931113255.1639141446&_u=YChAgEABAAAAAE~&z=1993812071

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
date: Fri, 10 Dec 2021 13:04:06 GMT
content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 86ms
39ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1765678254&t=pageview&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dr=https%3A%2F%2Flinks.elfinancierocr.com%2F&ul=en-us&de=UTF-8&dt=Negocios%20%7C%20El%20Financiero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YChAgEAB~&jid=577305316&gjid=1734037881&cid=237038539.1639141446&tid=UA-3958088-1&_gid=1931113255.1639141446&gtm=2ygc1058RCN8&cg1=(not%20set)&cg2=(not%20set)&cg3=(not%20set)&cg4=(not%20set)&cg5=(not%20set)&cd1=anonymous&cd2=(not%20set)&cd3=(not%20set)&cd8=237038539.1639141446&cd9=1639141445894.d49lt7tl&cd10=2021-12-10T13%3A04%3A05.894%2B00%3A00&cd12=(not%20set)&cd19=(not%20set)&cd20=(not%20set)&z=148413707

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Dec 2021 15:05:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79103
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 85ms
38ms Image
image/gif 2a00:1450:4001:810::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j96&a=1765678254&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dr=https%3A%2F%2Flinks.elfinancierocr.com%2F&ul=en-us&de=UTF-8&dt=Negocios%20%7C%20El%20Financiero&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Set%20User%20ID&ea=anonymous&_u=YCjAgEABAAAAAE~&jid=&gjid=&cid=237038539.1639141446&tid=UA-3958088-1&_gid=1931113255.1639141446&gtm=2ygc1058RCN8&cd1=anonymous&cd2=(not%20set)&cd3=(not%20set)&cd8=237038539.1639141446&cd9=1639141445901.jxnm0y5&cd10=2021-12-10T13%3A04%3A05.901%2B00%3A00&cd12=(not%20set)&cd14=2021-12-10&cd16=0&cd17=0&cd18=1&z=754172220

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 09 Dec 2021 15:05:43 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 79103
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 swg-button.css
news.google.com/swg/js/v1/ Frame DC85 21 KB
6 KB 39ms
38ms Stylesheet
text/css 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/swg/js/v1/swg-button.css

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:22:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2488
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/news-frontend
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6439
x-xss-protection: 0
last-modified: Wed, 03 Nov 2021 17:26:21 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="news-frontend"
vary: Accept-Encoding
report-to: {"group":"news-frontend","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/news-frontend"}]}
content-type: text/css
cache-control: public, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:12:38 GMT

GET
H2 200 m=_b,_tp Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXT... Frame DC85 160 KB
57 KB 127ms
41ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455317

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:46:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 73066
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57574
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 02:53:28 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:46:20 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
352 B 132ms
46ms Ping
text/plain 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-619EW470MQ&gtm=2oec10&_p=1765678254&sr=1600x1200&_gaz=1&ul=en-us&cid=237038539.1639141446&_s=1&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dr=https%3A%2F%2Flinks.elfinancierocr.com%2F&dt=Negocios%20%7C%20El%20Financiero&sid=1639141445&sct=1&seg=0&en=page_view&_fv=1&_ss=1&ep.content_display_date=(not%20set)&ep.author=(not%20set)
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-619EW470MQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
352 B 25ms
18ms Ping
text/plain 2a00:1450:400c:c06::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-619EW470MQ&cid=237038539.1639141446&gtm=2oec10&aip=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-619EW470MQ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c06::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
501 B 149ms
64ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-619EW470MQ&cid=237038539.1639141446&gtm=2oec10&aip=1&z=1788770428

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
295 B 22ms
7ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=344621399451357&ev=PageView&dl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&rl=https%3A%2F%2Flinks.elfinancierocr.com%2F&if=false&ts=1639141446156&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1639141446155.353750500&it=1639141445955&coo=false&rqm=GET

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length: 44
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
501 B 150ms
64ms Image
image/gif 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3958088-1&cid=237038539.1639141446&jid=577305316&_u=YChAgEABAAAAAE~&z=65767461

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 117ms
65ms Image
image/gif 2a00:1450:4001:808::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-3958088-1&cid=237038539.1639141446&jid=577305316&_u=YChAgEABAAAAAE~&z=65767461

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame DC85 15 KB
15 KB 39ms
39ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: news.google.com
URL: https://news.google.com/swg/_/ui/v1/serviceiframe?_=455317

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Origin: https://news.google.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 11:18:05 GMT
x-content-type-options: nosniff
age: 265561
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 07 Dec 2022 11:18:05 GMT

GET
H2 200 formats.js Show response
ad.lkqd.net/vpaid/ Frame 2CEE 118 KB
35 KB 51ms
19ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/formats.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
last-modified: Fri, 11 Dec 2020 00:09:23 GMT
etag: "286704660baa2c113268f28385080796"
x-hw: 1639141446.cds116.am5.hn,1639141446.cds292.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 35765

GET
H2 200 formats.js Show response
ad.lkqd.net/vpaid/ Frame 9590 118 KB
35 KB 61ms
35ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/formats.js
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
last-modified: Fri, 11 Dec 2020 00:09:23 GMT
etag: "286704660baa2c113268f28385080796"
x-hw: 1639141446.cds116.am5.hn,1639141446.cds292.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 35765

GET
H2

200

cookie Show response
a.vidoomy.com/api/rtbserver/ Frame 0F7F
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=120&redir=https%3A%2F%2Fa.vidoomy.com%2Fapi%2Frtbserver%2Fcookie%3Fi%3DCEN%26uid%3D%7BuserId%7D
https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent

43 B
289 B

30ms
9ms

Document
image/gif

3.122.131.186
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.131.186 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-131-186.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-type: image/gif
content-length: 43
content-encoding: none
vary: Origin

Redirect headers

cache-control: max-age=0,no-cache,no-store
pragma: no-cache
expires: Tue, 11 Oct 1977 12:34:56 GMT
p3p: CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
location: https://a.vidoomy.com/api/rtbserver/cookie?i=CEN&uid=no-consent
content-length: 0
date: Fri, 10 Dec 2021 13:04:06 GMT
server: AC1.1

GET
H2

200

cookie
a.vidoomy.com/api/rtbserver/
Redirect Chain

https://x.bidswitch.net/sync?ssp=vidoomy&user_id=981339846.97800721762847185.7560908
https://x.bidswitch.net/ul_cb/sync?ssp=vidoomy&user_id=981339846.97800721762847185.7560908
https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=vidoomy&ssp_user_id=5a4c075d-d4fb-4523-bf42-ad719d4e9937
https://x.bidswitch.net/sync?dsp_id=74&&user_id=171315491&expires=5&ssp=vidoomy
https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=5a4c075d-d4fb-4523-bf42-ad719d4e9937

43 B
369 B

11ms
9ms

Image
image/gif

3.122.131.186
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=5a4c075d-d4fb-4523-bf42-ad719d4e9937
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Server: 3.122.131.186 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-131-186.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: none
content-length: 43
vary: Origin
content-type: image/gif

Redirect headers

Location: //a.vidoomy.com/api/rtbserver/cookie?i=BS&uid=5a4c075d-d4fb-4523-bf42-ad719d4e9937
Date: Fri, 10 Dec 2021 13:04:06 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0

GET
H2 200 ve
stg.vidoomy.com/api/rtbserver/ 9 B
90 B 32ms
9ms Image
application/json 99.83.189.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stg.vidoomy.com/api/rtbserver/ve?ad_type=Video&adomain=&c=SE&category=&crid=4269&deal=&domain=vidoomy.com&dsp=&dsp_ssp=&dt=1&gdpr=&gdprcs=&os=&p=&p_id=1&s=a&seat=1&size=&sspid=0&sync=0&zid=0&uimp=1
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.189.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae6a0aaac8071ff4b.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-length: 9
vary: Origin
content-type: application/json

GET
H/1.1 200
OK auto-user-sync
ads.stickyadstv.com/ 43 B
599 B 39ms
18ms Image
image/gif 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/auto-user-sync
Requested by: Host: www.elfinancierocr.com
URL: https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12-09+19%3A06%3A10&utm_content=-2021-12-10-02
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
Server: nginx
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 43
x-sticky-vk: 1639141446272023-366
Expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H3 200 m=byfTOb,lsjVmc,LEikZe Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame DC85 37 KB
13 KB 107ms
60ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=_b,_tp/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=byfTOb,lsjVmc,LEikZe

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/am=AgAI/d=1/excm=_b,_tp,serviceiframeview/ed=1/dg=0/wt=2/esmo=1/rs=ABXTjI5L3LLXZ0Fgis6GByEmucK6c1cajA/m=_b,_tp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13600
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

GET
H3 200 m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame DC85 102 KB
35 KB 89ms
45ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=LEikZe,_b,_tp,byfTOb,lsjVmc/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=xUdipf,blwjVc,fKUV3e,aurFic,ws9Tlc,COQbmf,U0aPgd,zG9H6c,NwH0H,OmgaI,gychg,lfpdyf,ZfAoz,PQaYAf,lPKSwe,yDVVkb,KG2eXe,DfBslb

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35580
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 3279 5 KB
2 KB 18ms
17ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1639141446.cds116.am5.hn,1639141446.cds257.am5.c
access-control-allow-origin: *

GET
H2 200 ad Show response
v.lkqd.net/ Frame 2CEE 2 KB
2 KB 305ms
102ms XHR
application/xml 146.20.132.82
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010002&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=68657723&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.82 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: ec5bceb6e9ec6e537b8582ac8fe6c2a4abba8f40ae2d975ea92884e73d2a50f6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
server: nginx
content-type: application/xml; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 1510

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 7220 5 KB
2 KB 19ms
18ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1639141446.cds116.am5.hn,1639141446.cds257.am5.c
access-control-allow-origin: *

GET
H2 200 ad Show response
v.lkqd.net/ Frame 9590 180 B
359 B 843ms
651ms XHR
application/xml 146.20.132.82
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010004&formats=true&output=vastvpaid&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=92610312&m=
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.82 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 45fa735c6df15f15a1293a9cb3125033408874bf284280e8bcac23f95ad8feac

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: nginx
content-type: application/xml; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 150

GET
H2 200 cs
cs.lkqd.net/ Frame 3279 43 B
308 B 290ms
93ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 3279 43 B
308 B 290ms
93ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 3279 43 B
308 B 381ms
183ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 3279 43 B
308 B 290ms
93ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2

200

cs
cs.lkqd.net/ Frame 3279
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2690142867855200886

43 B
308 B

220ms
95ms

Image
image/gif

146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2690142867855200886
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

location: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2690142867855200886
pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 cs
cs.lkqd.net/ Frame 7220 43 B
308 B 285ms
94ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 7220 43 B
308 B 285ms
94ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 7220 43 B
308 B 285ms
95ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 7220 43 B
308 B 373ms
182ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2

200

cs
cs.lkqd.net/ Frame 7220
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950

43 B
309 B

217ms
92ms

Image
image/gif

146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

location: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950
pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H3 200 container.html Show response
2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame E277 6 KB
3 KB 89ms
42ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 13:04:05 GMT
expires: Sat, 10 Dec 2022 13:04:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 617F 6 KB
3 KB 83ms
41ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 13:04:05 GMT
expires: Sat, 10 Dec 2022 13:04:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 container.html Show response
2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 9D33 6 KB
3 KB 71ms
43ms Document
text/html 2a00:1450:4001:830::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Fri, 10 Dec 2021 13:04:05 GMT
expires: Sat, 10 Dec 2022 13:04:05 GMT
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, immutable, max-age=31536000
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H3 200 batchexecute Show response
news.google.com/_/SubscribewithgoogleClientUi/data/ Frame DC85 502 B
295 B 67ms
66ms XHR
application/json 2a00:1450:4001:82a::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://news.google.com/_/SubscribewithgoogleClientUi/data/batchexecute?rpcids=SlvRf&f.sid=-5995531754950792084&bl=boq_subscribewithgoogleclientserver_20211208.11_p0&hl=de&soc-app=673&soc-platform=1&soc-device=1&_reqid=47047&rt=c

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

cfe62334e424a8cb8c87b7635b9d5c17f784219b9f3f5ac5788c65b58d4f96bf

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

X-Same-Domain: 1
Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: same-site
content-disposition: attachment; filename="response.bin"; filename*=UTF-8''response.bin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
pragma: no-cache
server: ESF
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-security-policy: require-trusted-types-for 'script';report-uri /_/SubscribewithgoogleClientUi/cspreport
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="SubscribewithgoogleClientUi"
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 m=Wt6vjf,hhhU8,FCpbqb,WhJNk Show response
www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1... Frame DC85 17 KB
7 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/_/mss/boq-subscribewithgoogle/_/js/k=boq-subscribewithgoogle.SubscribewithgoogleClientUi.de.4eSN_71pnvk.es5.O/ck=boq-subscribewithgoogle.SubscribewithgoogleClientUi.uewZWcn_Cs4.L.B1.O/am=AgAI/d=1/exm=COQbmf,DfBslb,KG2eXe,LEikZe,NwH0H,OmgaI,PQaYAf,U0aPgd,ZfAoz,_b,_tp,aurFic,blwjVc,byfTOb,fKUV3e,gychg,lPKSwe,lfpdyf,lsjVmc,ws9Tlc,xUdipf,yDVVkb,zG9H6c/excm=_b,_tp,serviceiframeview/esmo=1/ed=1/wt=2/rs=ABXTjI5kfIQ74-8tGq-F-HAdYZnSquv4Qw/ee=cEt90b:ws9Tlc;uY49fb:COQbmf;Oj465e:KG2eXe;yxTchf:KUM7Z;qddgKe:xQtZb;wR5FRb:O1Gjze;iFQyKf:vfuNJf;dIoSBb:SpsfSb;NPKaK:SdcwHb;LBgRLc:SdcwHb;zxnPse:GkRiKb;NSEoX:lazG7b;nAFL3:NTMZac;oGtAuc:sOXFj;eBAeSb:zbML3c;io8t5d:yDVVkb;j7137d:KG2eXe;ul9GGd:JrBFQb;sP4Vbe:VwDzFe;kMFpHd:blwjVc;pXdRYb:MdUzUe;SNUn3:ZwDk9d/m=Wt6vjf,hhhU8,FCpbqb,WhJNk

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 16:48:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 72925
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/boq-infra/subscribewithgoogle-boq-js-css-signers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7293
x-xss-protection: 0
last-modified: Thu, 09 Dec 2021 00:01:46 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"boq-infra/subscribewithgoogle-boq-js-css-signers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/boq-infra/subscribewithgoogle-boq-js-css-signers"}]}
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="boq-infra/subscribewithgoogle-boq-js-css-signers"
expires: Fri, 09 Dec 2022 16:48:41 GMT

POST
H2 200 log Show response
play.google.com/ Frame DC85 131 B
672 B 158ms
72ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://news.google.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 6376 624 B
560 B 139ms
51ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaxpgEQuKirARjpx6y6ATAB&v=APEucNXzabfQ_gXdu3NPFJnbbzCScuuZiscU4hzfmkDoQyKGSUq1nonjRdIT--Y-181dznC3JFufYKO-d8omXDIpGpoai_wBXQaQidDZ-PBqiLPB2hk-SycVTlRlUGOMmdBhExqkiK6N-cYT4Gb8N-T6UOeUK7NW0eVnf51Ppozit0gcEvlwHQU

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 13:04:06 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame 617F 72 KB
30 KB 228ms
141ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ApUrulJFmYgHF8E5XqhtBX9yw4SVIF2yGIOBIkub64htm4hMpRcB5B9vFaPKZDe068Dm9fUbYCNRXq0ACmfKTJcZL30FtdnfYxtxSnrPYYxigwNe_aXctkobRtZwdzmxmCD4rKmq_JQfopzwxtbxYaJ0Fckw&dbm_d=AKAmf-DW7MyRal6W_vhSLeLtFRJnNXZkIhOoojLd6VDnRgSbJ-rdKnjY5G5WclCTLF8RieSJHcYfPCzSazxOpSuakVw8ZwutHcnFnYV3Sok8qFORI41FCgJSg5TUbEh9MphjwCx6XjVQtuHgwMGRVTYl2f_4NQ2gAzuy60vfOmjg9cLC1bUC1hyQP4QeFO3Mq0a4NMoxbS0gUU408Jv3POpDvBYpuKVq8NGDiX6LT4BkY3woz_K81Lddpw9jBuElJUWxBSh5MXAlay2GddsNHsuhcTDSoXs7ALxcOBoZ-V9on-qBO7xZYjxeGrm9YUQdH46wO55_9KeBU65grc87uArCRFFYry7Mr89rJ6jUP-3J_7A-GOkTqiNrTh16aYXNii7POvZfXtykYLK7asAbRtZRqqrcXFtb47nQq3PAqseHSdtd0NcoAYrmH9k_9TCdJYDe5tOTtiQSNj7d34p6y8EIEolWnYCSiVNrRMlYdouTig7TJfpwUePtS_TjrwEtZgkMXxYPQwq_qFLmVmQu3k08WJh8vszkT4-Umn28tP9v5AKQAIgk2oBkg21o-YwRWbvlV0-OpKSVX0DW9cB6S5m5tfZ5n1uo58V3qWVAAib0YgUkjOB0yDOM8cgtLY4gP3O7aJBdcjJYvaRjQ5r016artiJcrvdjL8zhY3rVmhrSXxgBlUoHKdcK1amO-ZYQPRxZZI9n4eOX8yIMUl_7Eq12Tq5-XCgFk2CODliVzyuUoq91u3-cZUqEw7u2E6OTTOTK314BaF-vtv6_sn5n6QOOch4eRNsnV130cdKYojewdDMCVDAWJZUnh1DXztuLIuBvzNrJTT7M2K3EPlBunq0-xrVAQAmoOKtKRPdB1hu8qXJ38rlFto4rCi0a1BnzcJeg8qEFxhQWWQ2GtDJM0YLSvaFoBO1M4SPoHYF24QUlRCLNv5IvdQmh3hVzTfC04j6rQMRG7LxR6U6wsKmZyWzChFvydBdaWc03ufnrq5vptXkIxe5xc8p7dvYxLm7gEsOVnnfF-iS_X5Nx8Kzt3CkYr-8NVs1ijJCxOnWkpGgJhUQ-a4ft94jImfGIBqtNlrFN8ae2B4BqdvnkBpRkBVb31-QnLy-H99yXEmyGGiY5rbdyKZ_oyEalGP_KTxhaJAZ51WXlLxTONdH4hf7aaOrGstAU6dyuIwKoHiCB4TYSqT0XRDnEkwBsdc_GSKBRWF1xUMxAmjrN8kdMtZEH0FcOgt0S-hKg4Kt-55poXo85YWrzGqtcUwidHQND1GB8LsTkL5GCFRKSfe8-OuAZiDZUu3Z9nvl9Yc8ybCGLnaSWqFXAsngBjw4Vg-imYuS0R6sbLcHVhlOOvRdvl5MuTuEXKnh6Crxmq-Q2X2OtxiavturUG7V4AUHeCDAM1My6io7BANT3Ltk4qAj1Kr7EbT2zIgw9Wbb4jbUjsNgeyDOAJlfNjVwQx9lK2iyPEyEU-DY9vvx6jji-5BGT8rWLj3svZg4iNYsHe1x5W-YvD4t5p3E1FNIo4Hiw_-B6U6Xrnuftz6319ajbVpxc8hhlJPopD9PELsVQM_9mhG-pFbt-OFcI1V6ySrjQCQyJk_-6FItJI7FQDIeg2XQ22X44iEsBBSSuYv1no2iXJpto2nhZc3DoPTABMiTOqbNr83Re3zWJI3-R-4Wg8zL-BZi6fTrz3gzlQPbRlj_nCL0v9v8rT6bf23FpfJrxbQo4JMK_z5n-HHW5l9-TlE5peL-1o3T4wCYFXpeyiKTJzSPGEtjv5B6Tm4BnJMsGjV6TqKyLZw-Dk-QAjHz_U5G0EOCVnOmZWT9EyWNnIHVYgIhW9CiZsuP5HsIacVxlQ0QYbtTTNq0JUPKTa4T7D5V29e5_u28OCbc5ulsEn8R3eebJaIqb4sBL1ZobrnnJz6BIUMQXe772wyCpvy9McSIZKVujAM2wxdackWas492qZK3xdnsdxNcNMTi9OrysnW8L_D_h_u9eBpnsj9h1P2Ihrmdua6G6eARxwBDQTZLXtaWbJh-Nyd2fS5al67BPoWudJfWCMSkhP8fh6MzB2ixo3qRbJq8y3sEbDn11o9kz5mzOYQvT1fXUkUCchc4F7o-ale3GvmSalgPmViT4mj3pux5xmV-5ci3Sr1Hct6Zit4AchQlyie1ZOtXBlXBxTefOHJqPaorGJ9Bl1cFc2z-Xh4GLUlu5ifZi1NM3zTNlCFumzYrItWDFwzKgq8cbwhJ4K2RuXtA_rdXCcEk_NsixkQ83md2-5zmoG9ViEP5polChM7cieZfJ54TdsIfxn9NG5GewdB4BNVFTWgKXDmxv2QXE6n0nxxQXm9HvWE7w84NpPNBR3aPOPr7fNVzD6qTJOsoe1nY4rfLhRRNwQWEPMAavGwwn38bjeS4Ivao8IlSIShYwmkr44qUP9sW7FFfkZj9ynAqGnlhUdyUuGjy3NmJT7OO0IeSdR6OS_u-s99NpHv1ENYUWnoQgnpeO0Z40C1gvUzAbb0od93uo54gZ98WyKxt0E9huMuZAi90n8V5G6qjbzZE0uUNmDLlmfM4_wnXhN0I0MOFb5ucgX9JqpFCzfQ3WSnQw5i3X7DOEqIsNN_NZXfLv84rOSMcQmBVQDSjhneJFoLH_IwP9jZ348F9sqXnfGEcLkReay490-axym6e3Lp_LUrsJh0NAdmB_i2auvJ7jTBdlS6FN14vqSPPA8ehClsTOxDu3Fl9OkXUeuRLqvWN9buc0-OJtQ-jTwxG9gaBQFAAptOMgKm34Hu1Iei7mZjo9rEfmsjjKIfaF8mizUjESlye0t0CVfvA5UUvo3ei70FthOzdT_CUZWLQ4dKk5aKwoALDDTjOEoKEWhGF-qgcTbwRtj08lujXY_fy6TrT3uYj72yBbhOh2S0Ewm6B7xEJf7UyrbKXwO8HGGBzkhYqinPgJ47iSA_TGvFGrby2gP186HJvg3Em2i5HTnHo-_fxGrFPQMW9aHvKPD8yBC79zc_6ETIh5905dVl1eaTdSrvdl0eA4HoPGL8O9FUn5kZzvFR9HwaYCsivMWefsMQOAh6tO2OOdyynLHq-H0Y7P0KyWGKpfuhPgKJjhZfdC5YDLGuf8wU3yFiqLWJv7x_GLHEH4BvHrwE_DzYJX4FqaZ5vVWaOE-HBZ_2o8n2dVaN2jY0XPJJ43PAx_qW1N4tnBtMANpxRpg6bl1IzcQGHCcMIAZ5URpm-FL0WcGGLOj8Nd-X1dT7sP6TOap0o3TUs6DWpn3nAeCmxbo2KTCxv-VTHPaF4jw4ygK3mPKcZvuM5ftbsjLJarojIB6uLhiY10hjvGQhQHHZpNW-7ft_oWGWtllg2xzYz4Q6Z1_Dv3EP1IfozvNJkz2cMuqg8okMYEImyNcONueksVLPx5EAyhyywNZHSGpvuFFHgoCtbxpvaH4tbXOJmv85YnaEBCaqJWda9YiUqHJoC8UFrc6rXKoLJATf6d&cid=CAASFeRoPhvBrdC5f8VzRqrnt_3idmQs9w&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f1cfd35185e301e2937deefe2eb2b8d1b22443c7d0c056f5423c429eaf93c543

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 30399
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame 617F 42 B
107 B 153ms
70ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DpCOE8UbL13IrVjasBeJGccJ95fF3EY1ArVLFm7he-e8oVHSQGn9pOy-v95zBFqaRqWsnBNBJho7YGKfz9v8tE-USFSaiR1k3wuRx2gi6o3oQFDKU

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 617F 2 KB
1 KB 169ms
83ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:59:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 617F 119 KB
37 KB 150ms
61ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 617F 15 KB
7 KB 123ms
36ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:00:56 GMT

GET
H2 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame E3B9 624 B
975 B 135ms
50ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQoYD6ARjX7MmhATAB&v=APEucNX9KoXoIaXGMshUhpF4k8ngpziEoCrtXV5teu9XD_5ZiXu0E42w3bP5I3DJeIfTLQpl1ZVl7fZ-X1dRkTuqPdzNMfrc0Fq-L3Q-fVHG6PEMJPBEUpNK75SAjjefcqaQO6sYorcU2wdxluA9PTKoEyhwdltHzomCeLSb8K6fqc7ZdwRArhA

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 13:04:06 GMT
server: cafe
cache-control: private
content-length: 276
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame E277 76 KB
31 KB 179ms
95ms Script
text/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D2_0X7kHIKl7YOz5U4CX4WIGu0HhagmBPz9ZEjQfWM6BmjxHSKckK8eyArkepl8O58cXGxsTo2vki-mGMT9kOYjSjSVa_eTbYW0zOqocfFtbbGPiQG1ykpV9oCNcIl1NexmRJuXyXQusYvp8RAD4sd_WfjvQ&dbm_d=AKAmf-AgzH170AWzR2uKOwwzG90oQoZyV4GagOLIRyvalvlX2mj6kxSeBDXD-VTtf7xGNZD4eVdeZ6RZQw5BIJKxlcun7DKaDPb7Wu_ddmVO8lwFlJ2yW4RGL_LgDREcsSFVdd5xyb2quLHJHNhKNLOe2K5pFpZkQxJj31eKQzAF_iizWOF8A_1G8Sy4V052-hbx7TeWLHLEKzqNv4Y3Ao-HnySBDUNrSkA4VoppRDl-DjWKqpw0f5Q1p0jXHYP8Tqn6z6wlAugqNfJuyW5kTMLRTBzo9doU9vSdCnQUNhBc5WaHEXway7GGBvTNFHyiilRJSSEjQiXyuAgTU9doWEj41kU6vE8kG13KoYMClrlH74VxXTRIvKLdiwTrbaqE5VpA_pg2nw0JqjXFWvFJDMgWK27ax9qKk7YeE88ZtugXyOsxDEFaP0HxyPeLslmx083JoJyNf06Hl7zigxHlXr82wgV43Fkf4ErxltLWuzgiB55XHM7gNdVKHIS5arNCUASzmDQP7WUjF7hSb0BKuha130BY6wHXTgNTOArEW4jas-7C0QCIo__SmyR9SdmfZIbQBYH1q0TAk2gViiID9WNTTcwYBk5bZCcT7CmFvQYHu9gucue7MKeGwGmNItltEVO-5hrWdTrUIfDvyN6Jas4kJgwBxyOV1uuGt1D7jadPA5ZeMAeNcH5JP-yqc_etrsw2Dr3HV_2Kuo9zXYXdYETC68rPVS6NnjyxlQKjLAwvvnq_atVZpi_89fHlAYZD3wQ9BRGZ7z1gCXakPa7hGbWhrfutp3EPdx0S7OTez-TxNk0i44K0H1quPoYBQYTGjOEBf8l0iCPFbPSCCyuMTSECugDgUeiiVEzgvNlDT0U-R58XXy3vp5PdKKwOuiJ9u1PZHjgamMXcYWQpCKsSpQ49rEesF2d4ACg8MYBJPNriD62Mab3l9LDfPfwYaoLcYxxae9Q73mnlYkldXPrLOPQwUO8SlqVY_xAcMbkt11y9W05E57S1ZQYjYK4sT5nD79LOmXqPOl3kw4xchaIbUmOIRjC-rAydtydOY3SoDGSEFb-4OTzzJl-vUYmYoCBKKj3-V_cVv5MBPhDJf-UA1QoVBNJ8e0m4p_2M0nKJCbhef-SBnQWYakMfJ1Q5RBNVI9YiqBfMGoNeT8g1zZHXsO6iHynT43tUHZanl8e8bkCEStD7gRhI8jj15xVPJYnO2d2y1-e8j034B3UebfLFe6PjF1drA32EZPEm5nXEDtkzLp3RAkMIe5ry2w9vjOGDauFojNRqek26T7VMoQbV_vfCOpCcui44Sdw4smh6Xa9LkdkcAQgZJ2FHnbmP38FiX5CUPJNNn02fwlqCoT658zsP85NBSx88D9U7GA1aR6bnKS8wBUwr9WcREDg9MZgbo9N7UH6dPRqkBG8KgJLGEiUTZgVdf8_qd5Yaugc8eAJy_nk38aix8o1vIrTc9ZPMAQBV91mvbBHk_vHiuRukyRISXtqs2-m5rLsL1DRVJXcti1OiRlsAKGfyrByg7aQU6AJ3u69xmRFXmRTIoeYOMy3vdjrdLlx5e_dd6q7SKWi40gAF-IEw4u9YEDCuog486oCYFGnH17MCsvcZrQTrtPcwwPU9r3u8BXVHTLP15--kUeHGPoo_H_abSlnvjxvLD_V1Z82SOhAxGsYkxWxXCa-z00DBNnAq3BV_-G9d8zLydarcm9FZPLG5U_UIogQru--iTt_Tw3fVqNapRTrwPJR0okknAlynlBiedrW4uPFyiv2jC-nRhhp8uwsEwON5OVMsI-xBga4pfifTWcfZGX_LI1fYYQx_VMjp_PghjVw1D15su1_ND77f-PcOlXArHEfIJhQHqO3KzXXNSDzPqugacjMaYFi7ieKMiB_aOZ6fMg77w6xtWKo3rbPMEi6lP2CBS40wy7LqmXPZgJflPHhGWcjrluGkeftO89R5RxLlo8w6sokpUWDncWSt6OF-A84SsR6QyIXoosZ2foDlyHpM43ALfmia8mCZsM0IT45H8q7DWjTaESInu_UlUL3KmVE08dv4a410mYhcxTUG87jYq-nU_TOsEbzKM4wBHoemDs0uwMgib9AyLXiYn38_zBQDpIBn_jD89qL-7653smEaaENjsR79IbfAyckUV-f-krRmEMg46nhZQw-ma2Uu1aJ-mti1REcTS2aAKxNVqA8LTtxujMErENIODYq-QI3pyHxgt0PEKGQikMYNfx5T0PMjeJFog4Vg_yb7JVL0ekrUT-NDjRTimJ5Tl1Zutkr3K69o4EJMkpD3wrzcRSgpzPWouP-t4ony9pZ5Fni_o-Acy9OS0Lyhaue_9ifWnTp9bUY79TupeXafbW47aODdcgF3nWKuGWdR35eXSrIMa4dKoGJlTGBy31zjPmAfMaqC0EwZ9yE7EvLRIWu5A_p5XbeWavp3z05SKEg2-WSXdgZahdjWp5K2kINdw6PwNgQLaUWtK3ED8V2-oPTFN_10aUQgCnrFYvmsVtdv1Dq9NhJQc35Dvf67ghUoy89EgLvenxqD6RZ_d2Cqepuoms1U9d3KmZV72qsICF1k7QHwbabAchjbzeM1BZF89mCLa02Yu5cIjH0Vgu_WVIlK2JdoZ2dWanXbpE-ZtuRfo_9HtkSgSEG0UBXJuWJ-ua2KxPqTflV3NxcDz4dVGNE1PcycUSFWyx9TVs3qKIISL9r_Rk2EliVbKFbmJ1Uzm077v0xK8MXpIRNNlWOO24jCUJdiMGRQHlaL2a53Qsq1jKU8EsXez6omwLaALvG083SDhsUSEsyPiNW39Xcdut-m0WGb1k2ZwiPy6sOwdnq0KyLsAOkEunHDgnHdkG41TPMkUvdWDKnAIEupfFOt7Gk_1zlO79N8B6PXr6u1yCQUcFvJqUMmVv9VzaLadUYfu2gihrJuHdxuFx0lyNiRA7O0gZCYJaeHhey0cqFL6oNyKvhVcyk47Qn9w5JRNruQydEWq1exZHi2oE3yL7w9ByLVtVUaNOYduTxyXgj32ih3mQuQ2Sj67If8qy4FPp3MFbyV3nMfD1TB4KunCGXtc_abw_6h0J903_TXqYTnVbRWCHAnkUCKWMjPG_RDWHZmnmT4ns14S9BjMKXQTdsuSTc0V-9iBcr2tKmet3oY0H3wbk42BbOHI6ku53uPK0VAPRyGj3-JOyFA7nLzqFR9FhETLvZ2UTP1D5yB88JJgBqL6_XKJ0VCWju1-aKWqC6wEVpQJOfl6roUZPR1butgDrDf7ZelrHSEMOlEEkuWmMuW6tnm54pEUEDy-POZ9nJhrottFwJ0v2vn7fuens38oIshPhZwCbefoARmLW2jXLMu0YeASN1Yuzh-QSwUKy5xVFsx4BbugQiyYSVRpRM&cid=CAASFeRoKaJqZ5aBY7CthJnXf7dzdm6mOw&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

bf8ed1f68f7c967a343c24624a06f60042b7481e8c71be7c1c3dafcb61e2d106

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 31126
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame E277 42 B
494 B 148ms
70ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-DU7Mv42hw-bp2wk2APRXEwIP15ITCOvnswCXwfvKThe6Pojkd7vV17q7xIYZgLpSchTRN7z5soiES6tfN14OohiGrZimTACdhHoijgbSm3Ebg6Fq8

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E277 2 KB
1 KB 166ms
83ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:59:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame E277 119 KB
37 KB 204ms
119ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame E277 15 KB
6 KB 124ms
42ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:00:56 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame E277 0
0 98ms
49ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRh8TaLrRlimMoCQQWFRkT6gBNSgPFfCH54AV8LVvQUeD8pscLRZP1J0dpLDbdka46bcqN_bNov_ZeojZwgi_Vkq0BhlQ
Requested by: Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

POST
H3 200 log Show response
play.google.com/ Frame DC85 131 B
155 B 115ms
71ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:06 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 153ms
70ms Preflight
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 Dec 2021 13:04:06 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame DC85 131 B
155 B 83ms
73ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:06 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 185ms
103ms Preflight
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 Dec 2021 13:04:06 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: private

POST
H3 200 log Show response
play.google.com/ Frame DC85 131 B
155 B 80ms
70ms XHR
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://news.google.com/
X-Goog-AuthUser: 0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
server: Playlog
access-control-allow-headers: X-Playlog-Web
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
access-control-allow-origin: https://news.google.com
cache-control: private
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
content-type: text/plain; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 131
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:06 GMT

OPTIONS
H2 200 log
play.google.com/ Frame 0
0 185ms
104ms Preflight
text/plain 2a00:1450:4001:801::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://play.google.com/log?format=json&hasfast=true&authuser=0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Playlog /

Resource Hash

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-goog-authuser
Origin: https://news.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

access-control-allow-origin: https://news.google.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 86400
access-control-allow-credentials: true
access-control-allow-headers: X-Playlog-Web,authorization,origin,x-goog-authuser
content-type: text/plain; charset=UTF-8
date: Fri, 10 Dec 2021 13:04:06 GMT
server: Playlog
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: private

GET
H2 200 index.html Show response
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 81 KB
21 KB 153ms
88ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4db1f0c322659aa715d907f53e84b3f5b6ca3fd45eab7fe72b5c1ad6745f58f0

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
timing-allow-origin: *
date: Tue, 07 Dec 2021 23:04:57 GMT
expires: Wed, 07 Dec 2022 23:04:57 GMT
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
content-length: 20125
age: 223149
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 9D33 0
0 81ms
81ms Fetch
text/html 172.217.18.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CPmI8RVCzYdqcN-67x_APl-6w0A_aroiGZ__C1vbkDufOx-vZJxABIJ-qwmdgleKQgqAHoAGf0rW3AcgBCakCuz1NvuDysj7gAgCoAwHIAwiqBIcCT9DxzI7z5Gn_c-tCdHM_Ncuk6JuE1GYxcpumH0RDrHljCmmhLeKbYFl9LWt53cJdT8uXW4TaGhKRnAP-tGIdXjW3DWMf0LQ2HGK8s41KAee8Ty77he1rtflfZFxFEfMR4UyZckj_EQWGzKEnGdFbYSOi_pTQ9C04K2v7w5zxKbCZ9zGLnHzUlsso0VVIpb3kgf3N862SU0Se-B02oBcLUOf4KwQUXkTYJwhK8lYy7TrhnfdQ7EpdhSh53nXj1Njf-O3YWUFBeYzskNn1MTV7S2hD_yeUSkg8tOx9hv1D9cpmHV8Q8wmGUSkBhmBvSw6-MgpRAxx6sDcG57a2xRNtbkSee5Xy4UzABNjtu6nPA-AEAZIFBAgEGAGSBQQIBRgEkgUECAUYGJIFBQgFGKgBoAYugAfJrcrIAqgHjs4bqAeT2BuoB-6WsQKoB_6esQKoB9XJG6gHpr4b2AcA8gcEEJO9KdIICQiI4YAQEAEYHYAKA8gLAdgTDdAVAZgWAYAXAbIXHgocCAASFHB1Yi0zMzM1NzA2ODUwMzMwNzk4GKDOHA&sigh=pmG76UyY11c&uach_m=[UACH]&template_id=419
Requested by: Host: links.elfinancierocr.com
URL: https://links.elfinancierocr.com/u/nrd.php?p=YigU0v6Dg3_36810_4523827_1_3&ems_l=5597227&d=RWRpY2klQzMlQjNuK1Zlc3BlcnRpbmErMjAyMS0xMi0wOSsxOSUzQTA2JTNBMTA*3D*7C*7CMjAyMQ*3D*3D*7CMTI*3D*7CMTA*3D*7CMDI*3D*7C&_esuh=_11_2011f9e4fa70e49fd01d309f95179c0f0a596b7cf11387c949b202044df06839
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.217.18.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra16s42-in-f2.1e100.net
Software: /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

GET
H2 200 abg_lite_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 9D33 19 KB
8 KB 133ms
70ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:58:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 318
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 7876
x-xss-protection: 0
server: cafe
etag: 5333878705136318229
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:58:48 GMT

GET
H2 200 window_focus_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9D33 2 KB
1 KB 149ms
85ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/window_focus_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:59:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 252
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1332
x-xss-protection: 0
server: cafe
etag: 3351516697335751560
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:59:54 GMT

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 9D33 119 KB
37 KB 215ms
149ms Script
text/javascript 2a00:1450:4001:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37305
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1638461285297402"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 qs_click_protection_fy2019.js Show response
tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/ Frame 9D33 15 KB
6 KB 139ms
76ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20211207/r20110914/client/qs_click_protection_fy2019.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:00:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 190
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6464
x-xss-protection: 0
server: cafe
etag: 15715955993838318253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 13:00:56 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame 9D33 0
0 79ms
50ms Image
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaSmxvZqRh81tCCTXpyVbWg_ufPqUM_xTPcF8gZ1mZz8uvJz0HhCk1WiTrQMwyio8ce3PI2ytRoSIfPwwA78TzD7FhxN0g
Requested by: Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

POST
H2 200 t Show response
t.lkqd.net/ Frame 8436 0
169 B 300ms
98ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 292ms
94ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:06 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H2 200 vpaid.js Show response
ad.lkqd.net/vpaid/ Frame 2B9D 230 KB
61 KB 18ms
17ms Script
application/javascript 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: 36ae762191d24727fbba21272ea14872bb7824188961282001d50e67f7b1881c

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
last-modified: Tue, 02 Nov 2021 21:06:56 GMT
etag: "cca1f428155a1f13b17a4684f2c8ef1c"
x-hw: 1639141446.cds116.am5.hn,1639141446.cds300.am5.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1209600
accept-ranges: bytes
content-length: 62015

POST
H3 200 / Show response
www.facebook.com/tr/ Frame B338 0
18 B 16ms
7ms Document
text/plain 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
Origin: https://www.elfinancierocr.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

content-type: text/plain
access-control-allow-origin: https://www.elfinancierocr.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority: u=3,i
date: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 usync.html Show response
ad.lkqd.net/cookie-sync/ Frame 04D0 5 KB
2 KB 17ms
17ms Document
text/html 151.139.128.11
HIGHWINDS3

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.lkqd.net/cookie-sync/usync.html
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software: /
Resource Hash: b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
content-length: 1909
content-type: text/html
last-modified: Tue, 26 Oct 2021 15:08:45 GMT
accept-ranges: bytes
etag: "10c6626c1705141142b0302e29b3bd0e"
cache-control: public, max-age=1209600
x-hw: 1639141446.cds116.am5.hn,1639141446.cds257.am5.c
access-control-allow-origin: *

POST
H2 200 ad Show response
v.lkqd.net/ Frame 2B9D 194 KB
9 KB 143ms
143ms XHR
application/json 146.20.132.82
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010002&formats=true&output=json2&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=68657723&m=&rtv=1&thost=www.elfinancierocr.com
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.82 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: 3a937252276c02950c6d25f201651aa900072223bbfb35ea7c9ab10d15413110

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: nginx
content-type: application/json
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 9496

OPTIONS
H2 200 ad
v.lkqd.net/ Frame 0
0 300ms
97ms Preflight 146.20.132.82
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://v.lkqd.net/ad?pid=430&sid=1010002&formats=true&output=json2&support=html5&execution=outstream&placement=slider&playinit=auto&volume=0&width=400&height=225&gdpr=0&gdprcs=&pageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&dnt=0&c1=&c2=0&c3=1.0%2C1!vidoomy.com%2C53160%2C1%2C&c5=&c6=53160&rnd=68657723&m=&rtv=1&thost=www.elfinancierocr.com
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.132.82 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:07 GMT
content-length: 0
access-control-allow-origin: https://www.elfinancierocr.com
access-control-max-age: 300
cache-control: max-age=300
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Content-Type
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-credentials: true

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E3B9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1

43 B
894 B

20ms
20ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQoYD6ARjX7MmhATAB&v=APEucNX9KoXoIaXGMshUhpF4k8ngpziEoCrtXV5teu9XD_5ZiXu0E42w3bP5I3DJeIfTLQpl1ZVl7fZ-X1dRkTuqPdzNMfrc0Fq-L3Q-fVHG6PEMJPBEUpNK75SAjjefcqaQO6sYorcU2wdxluA9PTKoEyhwdltHzomCeLSb8K6fqc7ZdwRArhA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 13:04:06 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame E3B9
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNQRlYWBt8pD-nkdqXjAQAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1

43 B
894 B

26ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQoYD6ARjX7MmhATAB&v=APEucNX9KoXoIaXGMshUhpF4k8ngpziEoCrtXV5teu9XD_5ZiXu0E42w3bP5I3DJeIfTLQpl1ZVl7fZ-X1dRkTuqPdzNMfrc0Fq-L3Q-fVHG6PEMJPBEUpNK75SAjjefcqaQO6sYorcU2wdxluA9PTKoEyhwdltHzomCeLSb8K6fqc7ZdwRArhA
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 13:04:06 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame E3B9
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1

43 B
1007 B

40ms
40ms

Image
image/gif

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJ-i5AEQoYD6ARjX7MmhATAB&v=APEucNX9KoXoIaXGMshUhpF4k8ngpziEoCrtXV5teu9XD_5ZiXu0E42w3bP5I3DJeIfTLQpl1ZVl7fZ-X1dRkTuqPdzNMfrc0Fq-L3Q-fVHG6PEMJPBEUpNK75SAjjefcqaQO6sYorcU2wdxluA9PTKoEyhwdltHzomCeLSb8K6fqc7ZdwRArhA

Protocol

HTTP/1.1

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 2c6a37e7-6135-4af2-9449-f22917027768
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame E3B9
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY5NjU1NTkwODUzNjU2MjA3Nw%3D%3D

170 B
243 B

65ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY5NjU1NTkwODUzNjU2MjA3Nw%3D%3D

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: ecfec704-bf77-4840-b6b4-114182805d23
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzY5NjU1NTkwODUzNjU2MjA3Nw%3D%3D
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6376
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1

43 B
894 B

39ms
38ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaxpgEQuKirARjpx6y6ATAB&v=APEucNXzabfQ_gXdu3NPFJnbbzCScuuZiscU4hzfmkDoQyKGSUq1nonjRdIT--Y-181dznC3JFufYKO-d8omXDIpGpoai_wBXQaQidDZ-PBqiLPB2hk-SycVTlRlUGOMmdBhExqkiK6N-cYT4Gb8N-T6UOeUK7NW0eVnf51Ppozit0gcEvlwHQU
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 13:04:06 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEFg6AJk1U4ywE7KIvAZVfR0&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 6376
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=YbNQRq8xmEIktMN-gvQAEAAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1

43 B
894 B

25ms
13ms

Image
image/gif

2.18.234.21
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaxpgEQuKirARjpx6y6ATAB&v=APEucNXzabfQ_gXdu3NPFJnbbzCScuuZiscU4hzfmkDoQyKGSUq1nonjRdIT--Y-181dznC3JFufYKO-d8omXDIpGpoai_wBXQaQidDZ-PBqiLPB2hk-SycVTlRlUGOMmdBhExqkiK6N-cYT4Gb8N-T6UOeUK7NW0eVnf51Ppozit0gcEvlwHQU
Protocol: HTTP/1.1
Server: 2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-21.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
Server: Apache
Vary: Is-Traffic-Usersync
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Fri, 10 Dec 2021 13:04:06 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGIl6BTpmTfheoLlmFlq-Xw&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

setuid
ib.adnxs.com/ Frame 6376
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1

43 B
1007 B

32ms
31ms

Image
image/gif

185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CJaxpgEQuKirARjpx6y6ATAB&v=APEucNXzabfQ_gXdu3NPFJnbbzCScuuZiscU4hzfmkDoQyKGSUq1nonjRdIT--Y-181dznC3JFufYKO-d8omXDIpGpoai_wBXQaQidDZ-PBqiLPB2hk-SycVTlRlUGOMmdBhExqkiK6N-cYT4Gb8N-T6UOeUK7NW0eVnf51Ppozit0gcEvlwHQU

Protocol

HTTP/1.1

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 98484b78-6f44-4df2-bc71-ba4b6e0b9bdf
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEFO0y7GgJL43HtemLmQRZ78&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

pixel
cm.g.doubleclick.net/ Frame 6376
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgwMTIyMDMwNjkzMzI3MjM3

170 B
232 B

66ms
48ms

Image
image/png

142.250.185.194
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgwMTIyMDMwNjkzMzI3MjM3

Requested by

Protocol

Server

142.250.185.194 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:06 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: e9f20c63-e6b0-44e1-98e4-10fd61bbca90
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NzgwMTIyMDMwNjkzMzI3MjM3
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 65cb5cd5882c666a22bf188d80f04fe01f56fbb3428e29d74aa24e3d9b1c783b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 s Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 834C 143 B
163 B 81ms
36ms Document
text/html 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
content-encoding: gzip
date: Fri, 10 Dec 2021 12:04:34 GMT
server: cafe
content-length: 145
x-xss-protection: 0
cache-control: public, max-age=3600
age: 3572
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 exitapi-impl.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/api/ Frame E4EE 9 KB
3 KB 88ms
39ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/api/exitapi-impl.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 13:42:50 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 84076
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3271
x-xss-protection: 0
server: cafe
etag: 7483759447172721109
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 10 Dec 2021 13:42:50 GMT

GET
H3 200 addata.js Show response
tpc.googlesyndication.com/pagead/gadgets/html5/ Frame E4EE 26 KB
10 KB 89ms
41ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/gadgets/html5/addata.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 14:22:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 81720
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 10382
x-xss-protection: 0
server: cafe
etag: 12806417668659483808
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=86400
timing-allow-origin: *
expires: Fri, 10 Dec 2021 14:22:06 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame E4EE 29 KB
1 KB 49ms
47ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&cb=1626772622

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

2b2eeb7b890430b990ead38e7ac0e2715d47e1584e68b77000e3d58a5ebde5e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 12:49:34 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 13:04:06 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 gsap_3.2.4_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame E4EE 57 KB
23 KB 135ms
47ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.2.4_min.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23276
x-xss-protection: 0
last-modified: Thu, 05 Mar 2020 03:53:22 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2 200 cs
cs.lkqd.net/ Frame 04D0 43 B
308 B 93ms
92ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=55&redirect=https%3A%2F%2Fidsync.rlcdn.com%2F464986.gif%3Fpartner_uid%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 04D0 43 B
308 B 96ms
95ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=103&redirect=https%3A%2F%2Fevent.clientgear.com%2Fcookie%2Flkqd%3Fpartner%3Dlkqd%26cookieid%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 04D0 43 B
308 B 94ms
93ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=102&redirect=https%3A%2F%2Fcs.krushmedia.com%2Fcd607442bfdf172cfcec45014a5f4ece.gif%3Fpuid%3D%24%24rawlkqduserid%24%24%26redir%3Dhttps%253A%252F%252Fcs.lkqd.net%252Fcs%253FpartnerId%253D102%2526partnerUserId%253D%255BUID%255D&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2 200 cs
cs.lkqd.net/ Frame 04D0 43 B
308 B 94ms
94ms Image
image/gif 146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=99&redirect=https%3A%2F%2Fc.deployads.com%2Fcs%2FNXST%3Fb%3D%24%24rawlkqduserid%24%24&r=if
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

GET
H2

200

cs
cs.lkqd.net/ Frame 04D0
Redirect Chain

https://ad.turn.com/r/cs?pid=65
https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950

43 B
308 B

95ms
93ms

Image
image/gif

146.20.128.168
RACKSPACE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/cookie-sync/usync.html
Protocol: H2
Server: 146.20.128.168 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ad.lkqd.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
server: nginx
access-control-max-age: 0
access-control-allow-methods: GET
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Disposition
cache-control: max-age=0
access-control-allow-credentials: true
access-control-allow-headers: Content-Type
content-length: 43

Redirect headers

location: https://cs.lkqd.net/cs?partnerId=94&partnerUserId=2618085273817272950
pragma: no-cache
date: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

GET
H2 200 html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame E277 169 KB
59 KB 121ms
38ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
Origin: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 08:44:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 15597
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 60173
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Dec 2021 08:44:09 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame E277 8 KB
3 KB 104ms
57ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-D2_0X7kHIKl7YOz5U4CX4WIGu0HhagmBPz9ZEjQfWM6BmjxHSKckK8eyArkepl8O58cXGxsTo2vki-mGMT9kOYjSjSVa_eTbYW0zOqocfFtbbGPiQG1ykpV9oCNcIl1NexmRJuXyXQusYvp8RAD4sd_WfjvQ&dbm_d=AKAmf-AgzH170AWzR2uKOwwzG90oQoZyV4GagOLIRyvalvlX2mj6kxSeBDXD-VTtf7xGNZD4eVdeZ6RZQw5BIJKxlcun7DKaDPb7Wu_ddmVO8lwFlJ2yW4RGL_LgDREcsSFVdd5xyb2quLHJHNhKNLOe2K5pFpZkQxJj31eKQzAF_iizWOF8A_1G8Sy4V052-hbx7TeWLHLEKzqNv4Y3Ao-HnySBDUNrSkA4VoppRDl-DjWKqpw0f5Q1p0jXHYP8Tqn6z6wlAugqNfJuyW5kTMLRTBzo9doU9vSdCnQUNhBc5WaHEXway7GGBvTNFHyiilRJSSEjQiXyuAgTU9doWEj41kU6vE8kG13KoYMClrlH74VxXTRIvKLdiwTrbaqE5VpA_pg2nw0JqjXFWvFJDMgWK27ax9qKk7YeE88ZtugXyOsxDEFaP0HxyPeLslmx083JoJyNf06Hl7zigxHlXr82wgV43Fkf4ErxltLWuzgiB55XHM7gNdVKHIS5arNCUASzmDQP7WUjF7hSb0BKuha130BY6wHXTgNTOArEW4jas-7C0QCIo__SmyR9SdmfZIbQBYH1q0TAk2gViiID9WNTTcwYBk5bZCcT7CmFvQYHu9gucue7MKeGwGmNItltEVO-5hrWdTrUIfDvyN6Jas4kJgwBxyOV1uuGt1D7jadPA5ZeMAeNcH5JP-yqc_etrsw2Dr3HV_2Kuo9zXYXdYETC68rPVS6NnjyxlQKjLAwvvnq_atVZpi_89fHlAYZD3wQ9BRGZ7z1gCXakPa7hGbWhrfutp3EPdx0S7OTez-TxNk0i44K0H1quPoYBQYTGjOEBf8l0iCPFbPSCCyuMTSECugDgUeiiVEzgvNlDT0U-R58XXy3vp5PdKKwOuiJ9u1PZHjgamMXcYWQpCKsSpQ49rEesF2d4ACg8MYBJPNriD62Mab3l9LDfPfwYaoLcYxxae9Q73mnlYkldXPrLOPQwUO8SlqVY_xAcMbkt11y9W05E57S1ZQYjYK4sT5nD79LOmXqPOl3kw4xchaIbUmOIRjC-rAydtydOY3SoDGSEFb-4OTzzJl-vUYmYoCBKKj3-V_cVv5MBPhDJf-UA1QoVBNJ8e0m4p_2M0nKJCbhef-SBnQWYakMfJ1Q5RBNVI9YiqBfMGoNeT8g1zZHXsO6iHynT43tUHZanl8e8bkCEStD7gRhI8jj15xVPJYnO2d2y1-e8j034B3UebfLFe6PjF1drA32EZPEm5nXEDtkzLp3RAkMIe5ry2w9vjOGDauFojNRqek26T7VMoQbV_vfCOpCcui44Sdw4smh6Xa9LkdkcAQgZJ2FHnbmP38FiX5CUPJNNn02fwlqCoT658zsP85NBSx88D9U7GA1aR6bnKS8wBUwr9WcREDg9MZgbo9N7UH6dPRqkBG8KgJLGEiUTZgVdf8_qd5Yaugc8eAJy_nk38aix8o1vIrTc9ZPMAQBV91mvbBHk_vHiuRukyRISXtqs2-m5rLsL1DRVJXcti1OiRlsAKGfyrByg7aQU6AJ3u69xmRFXmRTIoeYOMy3vdjrdLlx5e_dd6q7SKWi40gAF-IEw4u9YEDCuog486oCYFGnH17MCsvcZrQTrtPcwwPU9r3u8BXVHTLP15--kUeHGPoo_H_abSlnvjxvLD_V1Z82SOhAxGsYkxWxXCa-z00DBNnAq3BV_-G9d8zLydarcm9FZPLG5U_UIogQru--iTt_Tw3fVqNapRTrwPJR0okknAlynlBiedrW4uPFyiv2jC-nRhhp8uwsEwON5OVMsI-xBga4pfifTWcfZGX_LI1fYYQx_VMjp_PghjVw1D15su1_ND77f-PcOlXArHEfIJhQHqO3KzXXNSDzPqugacjMaYFi7ieKMiB_aOZ6fMg77w6xtWKo3rbPMEi6lP2CBS40wy7LqmXPZgJflPHhGWcjrluGkeftO89R5RxLlo8w6sokpUWDncWSt6OF-A84SsR6QyIXoosZ2foDlyHpM43ALfmia8mCZsM0IT45H8q7DWjTaESInu_UlUL3KmVE08dv4a410mYhcxTUG87jYq-nU_TOsEbzKM4wBHoemDs0uwMgib9AyLXiYn38_zBQDpIBn_jD89qL-7653smEaaENjsR79IbfAyckUV-f-krRmEMg46nhZQw-ma2Uu1aJ-mti1REcTS2aAKxNVqA8LTtxujMErENIODYq-QI3pyHxgt0PEKGQikMYNfx5T0PMjeJFog4Vg_yb7JVL0ekrUT-NDjRTimJ5Tl1Zutkr3K69o4EJMkpD3wrzcRSgpzPWouP-t4ony9pZ5Fni_o-Acy9OS0Lyhaue_9ifWnTp9bUY79TupeXafbW47aODdcgF3nWKuGWdR35eXSrIMa4dKoGJlTGBy31zjPmAfMaqC0EwZ9yE7EvLRIWu5A_p5XbeWavp3z05SKEg2-WSXdgZahdjWp5K2kINdw6PwNgQLaUWtK3ED8V2-oPTFN_10aUQgCnrFYvmsVtdv1Dq9NhJQc35Dvf67ghUoy89EgLvenxqD6RZ_d2Cqepuoms1U9d3KmZV72qsICF1k7QHwbabAchjbzeM1BZF89mCLa02Yu5cIjH0Vgu_WVIlK2JdoZ2dWanXbpE-ZtuRfo_9HtkSgSEG0UBXJuWJ-ua2KxPqTflV3NxcDz4dVGNE1PcycUSFWyx9TVs3qKIISL9r_Rk2EliVbKFbmJ1Uzm077v0xK8MXpIRNNlWOO24jCUJdiMGRQHlaL2a53Qsq1jKU8EsXez6omwLaALvG083SDhsUSEsyPiNW39Xcdut-m0WGb1k2ZwiPy6sOwdnq0KyLsAOkEunHDgnHdkG41TPMkUvdWDKnAIEupfFOt7Gk_1zlO79N8B6PXr6u1yCQUcFvJqUMmVv9VzaLadUYfu2gihrJuHdxuFx0lyNiRA7O0gZCYJaeHhey0cqFL6oNyKvhVcyk47Qn9w5JRNruQydEWq1exZHi2oE3yL7w9ByLVtVUaNOYduTxyXgj32ih3mQuQ2Sj67If8qy4FPp3MFbyV3nMfD1TB4KunCGXtc_abw_6h0J903_TXqYTnVbRWCHAnkUCKWMjPG_RDWHZmnmT4ns14S9BjMKXQTdsuSTc0V-9iBcr2tKmet3oY0H3wbk42BbOHI6ku53uPK0VAPRyGj3-JOyFA7nLzqFR9FhETLvZ2UTP1D5yB88JJgBqL6_XKJ0VCWju1-aKWqC6wEVpQJOfl6roUZPR1butgDrDf7ZelrHSEMOlEEkuWmMuW6tnm54pEUEDy-POZ9nJhrottFwJ0v2vn7fuens38oIshPhZwCbefoARmLW2jXLMu0YeASN1Yuzh-QSwUKy5xVFsx4BbugQiyYSVRpRM&cid=CAASFeRoKaJqZ5aBY7CthJnXf7dzdm6mOw&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 686
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame E277 24 KB
9 KB 85ms
42ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 486
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
H2 200 express_html_inpage_rendering_lib_200_275.js Show response
s0.2mdn.net/879366/ Frame 617F 106 KB
37 KB 145ms
93ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
Origin: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 13:10:52 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 85994
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37892
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:44:52 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:10:52 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/ Frame 617F 8 KB
3 KB 70ms
55ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ApUrulJFmYgHF8E5XqhtBX9yw4SVIF2yGIOBIkub64htm4hMpRcB5B9vFaPKZDe068Dm9fUbYCNRXq0ACmfKTJcZL30FtdnfYxtxSnrPYYxigwNe_aXctkobRtZwdzmxmCD4rKmq_JQfopzwxtbxYaJ0Fckw&dbm_d=AKAmf-DW7MyRal6W_vhSLeLtFRJnNXZkIhOoojLd6VDnRgSbJ-rdKnjY5G5WclCTLF8RieSJHcYfPCzSazxOpSuakVw8ZwutHcnFnYV3Sok8qFORI41FCgJSg5TUbEh9MphjwCx6XjVQtuHgwMGRVTYl2f_4NQ2gAzuy60vfOmjg9cLC1bUC1hyQP4QeFO3Mq0a4NMoxbS0gUU408Jv3POpDvBYpuKVq8NGDiX6LT4BkY3woz_K81Lddpw9jBuElJUWxBSh5MXAlay2GddsNHsuhcTDSoXs7ALxcOBoZ-V9on-qBO7xZYjxeGrm9YUQdH46wO55_9KeBU65grc87uArCRFFYry7Mr89rJ6jUP-3J_7A-GOkTqiNrTh16aYXNii7POvZfXtykYLK7asAbRtZRqqrcXFtb47nQq3PAqseHSdtd0NcoAYrmH9k_9TCdJYDe5tOTtiQSNj7d34p6y8EIEolWnYCSiVNrRMlYdouTig7TJfpwUePtS_TjrwEtZgkMXxYPQwq_qFLmVmQu3k08WJh8vszkT4-Umn28tP9v5AKQAIgk2oBkg21o-YwRWbvlV0-OpKSVX0DW9cB6S5m5tfZ5n1uo58V3qWVAAib0YgUkjOB0yDOM8cgtLY4gP3O7aJBdcjJYvaRjQ5r016artiJcrvdjL8zhY3rVmhrSXxgBlUoHKdcK1amO-ZYQPRxZZI9n4eOX8yIMUl_7Eq12Tq5-XCgFk2CODliVzyuUoq91u3-cZUqEw7u2E6OTTOTK314BaF-vtv6_sn5n6QOOch4eRNsnV130cdKYojewdDMCVDAWJZUnh1DXztuLIuBvzNrJTT7M2K3EPlBunq0-xrVAQAmoOKtKRPdB1hu8qXJ38rlFto4rCi0a1BnzcJeg8qEFxhQWWQ2GtDJM0YLSvaFoBO1M4SPoHYF24QUlRCLNv5IvdQmh3hVzTfC04j6rQMRG7LxR6U6wsKmZyWzChFvydBdaWc03ufnrq5vptXkIxe5xc8p7dvYxLm7gEsOVnnfF-iS_X5Nx8Kzt3CkYr-8NVs1ijJCxOnWkpGgJhUQ-a4ft94jImfGIBqtNlrFN8ae2B4BqdvnkBpRkBVb31-QnLy-H99yXEmyGGiY5rbdyKZ_oyEalGP_KTxhaJAZ51WXlLxTONdH4hf7aaOrGstAU6dyuIwKoHiCB4TYSqT0XRDnEkwBsdc_GSKBRWF1xUMxAmjrN8kdMtZEH0FcOgt0S-hKg4Kt-55poXo85YWrzGqtcUwidHQND1GB8LsTkL5GCFRKSfe8-OuAZiDZUu3Z9nvl9Yc8ybCGLnaSWqFXAsngBjw4Vg-imYuS0R6sbLcHVhlOOvRdvl5MuTuEXKnh6Crxmq-Q2X2OtxiavturUG7V4AUHeCDAM1My6io7BANT3Ltk4qAj1Kr7EbT2zIgw9Wbb4jbUjsNgeyDOAJlfNjVwQx9lK2iyPEyEU-DY9vvx6jji-5BGT8rWLj3svZg4iNYsHe1x5W-YvD4t5p3E1FNIo4Hiw_-B6U6Xrnuftz6319ajbVpxc8hhlJPopD9PELsVQM_9mhG-pFbt-OFcI1V6ySrjQCQyJk_-6FItJI7FQDIeg2XQ22X44iEsBBSSuYv1no2iXJpto2nhZc3DoPTABMiTOqbNr83Re3zWJI3-R-4Wg8zL-BZi6fTrz3gzlQPbRlj_nCL0v9v8rT6bf23FpfJrxbQo4JMK_z5n-HHW5l9-TlE5peL-1o3T4wCYFXpeyiKTJzSPGEtjv5B6Tm4BnJMsGjV6TqKyLZw-Dk-QAjHz_U5G0EOCVnOmZWT9EyWNnIHVYgIhW9CiZsuP5HsIacVxlQ0QYbtTTNq0JUPKTa4T7D5V29e5_u28OCbc5ulsEn8R3eebJaIqb4sBL1ZobrnnJz6BIUMQXe772wyCpvy9McSIZKVujAM2wxdackWas492qZK3xdnsdxNcNMTi9OrysnW8L_D_h_u9eBpnsj9h1P2Ihrmdua6G6eARxwBDQTZLXtaWbJh-Nyd2fS5al67BPoWudJfWCMSkhP8fh6MzB2ixo3qRbJq8y3sEbDn11o9kz5mzOYQvT1fXUkUCchc4F7o-ale3GvmSalgPmViT4mj3pux5xmV-5ci3Sr1Hct6Zit4AchQlyie1ZOtXBlXBxTefOHJqPaorGJ9Bl1cFc2z-Xh4GLUlu5ifZi1NM3zTNlCFumzYrItWDFwzKgq8cbwhJ4K2RuXtA_rdXCcEk_NsixkQ83md2-5zmoG9ViEP5polChM7cieZfJ54TdsIfxn9NG5GewdB4BNVFTWgKXDmxv2QXE6n0nxxQXm9HvWE7w84NpPNBR3aPOPr7fNVzD6qTJOsoe1nY4rfLhRRNwQWEPMAavGwwn38bjeS4Ivao8IlSIShYwmkr44qUP9sW7FFfkZj9ynAqGnlhUdyUuGjy3NmJT7OO0IeSdR6OS_u-s99NpHv1ENYUWnoQgnpeO0Z40C1gvUzAbb0od93uo54gZ98WyKxt0E9huMuZAi90n8V5G6qjbzZE0uUNmDLlmfM4_wnXhN0I0MOFb5ucgX9JqpFCzfQ3WSnQw5i3X7DOEqIsNN_NZXfLv84rOSMcQmBVQDSjhneJFoLH_IwP9jZ348F9sqXnfGEcLkReay490-axym6e3Lp_LUrsJh0NAdmB_i2auvJ7jTBdlS6FN14vqSPPA8ehClsTOxDu3Fl9OkXUeuRLqvWN9buc0-OJtQ-jTwxG9gaBQFAAptOMgKm34Hu1Iei7mZjo9rEfmsjjKIfaF8mizUjESlye0t0CVfvA5UUvo3ei70FthOzdT_CUZWLQ4dKk5aKwoALDDTjOEoKEWhGF-qgcTbwRtj08lujXY_fy6TrT3uYj72yBbhOh2S0Ewm6B7xEJf7UyrbKXwO8HGGBzkhYqinPgJ47iSA_TGvFGrby2gP186HJvg3Em2i5HTnHo-_fxGrFPQMW9aHvKPD8yBC79zc_6ETIh5905dVl1eaTdSrvdl0eA4HoPGL8O9FUn5kZzvFR9HwaYCsivMWefsMQOAh6tO2OOdyynLHq-H0Y7P0KyWGKpfuhPgKJjhZfdC5YDLGuf8wU3yFiqLWJv7x_GLHEH4BvHrwE_DzYJX4FqaZ5vVWaOE-HBZ_2o8n2dVaN2jY0XPJJ43PAx_qW1N4tnBtMANpxRpg6bl1IzcQGHCcMIAZ5URpm-FL0WcGGLOj8Nd-X1dT7sP6TOap0o3TUs6DWpn3nAeCmxbo2KTCxv-VTHPaF4jw4ygK3mPKcZvuM5ftbsjLJarojIB6uLhiY10hjvGQhQHHZpNW-7ft_oWGWtllg2xzYz4Q6Z1_Dv3EP1IfozvNJkz2cMuqg8okMYEImyNcONueksVLPx5EAyhyywNZHSGpvuFFHgoCtbxpvaH4tbXOJmv85YnaEBCaqJWda9YiUqHJoC8UFrc6rXKoLJATf6d&cid=CAASFeRoPhvBrdC5f8VzRqrnt_3idmQs9w&rfl=1%2Chttps%253A%252F%252Fwww.elfinancierocr.com%252F%240

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:52:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 686
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3140
x-xss-protection: 0
server: cafe
etag: 17163059639670574047
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:52:40 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/ Frame 617F 24 KB
9 KB 52ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20211207/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:56:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 486
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9516
x-xss-protection: 0
server: cafe
etag: 14328493792227503680
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Fri, 24 Dec 2021 12:56:00 GMT

GET
DATA 200
OK truncated
/ Frame 9D33 212 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7c9d1ee6ba763442b670d59e5016a78d194b57192933d6c116743ca4e22adb3e

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3

200

si Show response
googleads.g.doubleclick.net/pagead/drt/ Frame 834C
Redirect Chain

https://www.google.com/pagead/drt/ui
https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

0
16 B

135ms
134ms

Document
text/html

2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211

Response headers

p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 10 Dec 2021 13:04:07 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: private

Redirect headers

location: https://googleads.g.doubleclick.net/pagead/drt/si?st=NO_DATA
cache-control: private
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Fri, 10 Dec 2021 13:04:06 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame E277 41 KB
15 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame E277 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 24c376c4e8fa4e3421ba6950bc9f413ee3896db422ee223ec54b9eccde371c5d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 617F 41 KB
15 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:05:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 68303
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15207
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 09 Dec 2022 18:05:43 GMT

GET
DATA 200
OK truncated
/ Frame 617F 217 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f13023145dbf5a785144e2c2ecd77b06f46943861e76a094e1865d7bbcc1c0f8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 t Show response
t.lkqd.net/ Frame 2313 0
170 B 222ms
97ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 98ms
98ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:06 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H3 200 92fb6fc61718ce8e69dc0b2507ec68d8.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 1 KB
1 KB 39ms
39ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/92fb6fc61718ce8e69dc0b2507ec68d8.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bdf9ca6411a02f94fcb087b5005bd9375cce773e3b5e505f85989159d6aa817

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1258
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 18e46d79782e1510056a0d51da249283.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 2 KB
2 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/18e46d79782e1510056a0d51da249283.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

459102b39622e70bb0cb5bdd4a6f3811e520b4b2a543b0e269cdf7e06390f4b8

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 223148
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2000
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Tue, 07 Dec 2021 23:04:58 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Dec 2022 23:04:58 GMT

GET
H3 200 4a52d9f228c68b142a6d8d0910d37a59.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 7 KB
7 KB 41ms
41ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/4a52d9f228c68b142a6d8d0910d37a59.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9b9c5368b4ce03504616f6c3a037dbcc5e62bd31b157294aa593cb9dc1e285f6

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 223149
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6812
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Tue, 07 Dec 2021 23:04:57 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Dec 2022 23:04:57 GMT

GET
H3 200 fbaa3dcf839d145c3e1579595e1903a6.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 9 KB
9 KB 48ms
48ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/fbaa3dcf839d145c3e1579595e1903a6.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5ed7fcd4db5da0e4b0fc3e54119c9c666a0c81281a0be368b7916cf41853d6eb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 223148
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 9640
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Tue, 07 Dec 2021 23:04:58 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Dec 2022 23:04:58 GMT

GET
H3 200 a5abb8efcbbf922c9fbec0434fb37c85.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 14 KB
14 KB 57ms
56ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/a5abb8efcbbf922c9fbec0434fb37c85.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7ad19ee95732c367868568376ca2c2a26a1ab325c3d7465dc5ea8c71e6f94863

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14617
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 b9e001394bce069d9d677169592e6c0c.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 11 KB
11 KB 74ms
72ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/b9e001394bce069d9d677169592e6c0c.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

fc94c74394ecdd4bfb25a98dbee8dd17e533fb310b384c6a984a5e4254162b5a

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 223148
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11747
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Tue, 07 Dec 2021 23:04:58 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Dec 2022 23:04:58 GMT

GET
H3 200 61a42aa7a5dfcd521a181a2c71dad734.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 301 B
329 B 85ms
84ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/61a42aa7a5dfcd521a181a2c71dad734.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

828e2e5e9b453b6820e69f29cbc5372238424baf7e0ddf7e00951ac0b06c7ac1

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 301
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 afe1dbb557a2d4d0e1c0ace3ef52db15.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 913 B
941 B 83ms
81ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/afe1dbb557a2d4d0e1c0ace3ef52db15.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b842e4d5be8a8539974c2567c79c94e8fa63809bc5b8ed9155756d3516963e46

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 223148
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 913
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Tue, 07 Dec 2021 23:04:58 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Wed, 07 Dec 2022 23:04:58 GMT

GET
H3 200 4e60863ec660aed99e168bb1ead28252.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 2 KB
2 KB 83ms
81ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/4e60863ec660aed99e168bb1ead28252.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e6c521ab19d881026493ef7df1703ff5c433fee945e4112eb4783f27e9e26bf

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2249
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 df566896b39ada30e069a3d440b08d4e.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 3 KB
3 KB 95ms
93ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/df566896b39ada30e069a3d440b08d4e.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e85ebbebeabd65af692e259b2dadaf6e746d864a210c0f9601664b40028890b4

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3066
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 c88e247046d57af7bfb0d9aee16b527b.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 212 B
241 B 96ms
94ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/c88e247046d57af7bfb0d9aee16b527b.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

afdad1a128dfb1c011d7f0c497debd07cca34746fd69561c9d723ef03bf95558

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 212
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 7fba26e94fafb30bad44c20979e90fab.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 130 B
159 B 94ms
92ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/7fba26e94fafb30bad44c20979e90fab.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

21bd514d9b905c7795bbff9277fedd0daa37d48e92d512c0b6fa5484b564d267

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 183783
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 130
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Wed, 08 Dec 2021 10:01:03 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 08 Dec 2022 10:01:03 GMT

GET
H3 200 imagesfmixhf0da0el0j6d6j6l.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 3 KB
3 KB 91ms
90ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/imagesfmixhf0da0el0j6d6j6l.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ca59ecc5cd8604927913bbefd9a116b0cf991c18a56235de46945ffe0abeafdb

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3080
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
H3 200 imagesdiiaauxk7g3fac2n5sm6.png
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 2 KB
2 KB 93ms
91ms Image
image/png 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/imagesdiiaauxk7g3fac2n5sm6.png

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1bed1817917272583d60d3bc3f34ec7ae9f58fb9f43aa63c9e05ae8c33f9199c

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 184785
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2320
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Wed, 08 Dec 2021 09:44:21 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Thu, 08 Dec 2022 09:44:21 GMT

GET
H3 200 748ed6a51bfccca8a8eb384463fa14df.jpg
tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/ Frame E4EE 12 KB
12 KB 84ms
83ms Image
image/jpeg 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/748ed6a51bfccca8a8eb384463fa14df.jpg

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e09319ece888cdacd705dc6bf1f0df32c2f61949bcd59b0405d5a2e9b25d9372

Security Headers

Name	Value
Content-Security-Policy	default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://.ggpht.com https://.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy: default-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; script-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://s0.2mdn.net/ads/studio/cached_libs/ https://storage.googleapis.com/vr-assets-static/test_ads/GMAPlayable/ https://www.gstatic.com/ads/ci/ https://www.gstatic.com/swiffy/; object-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com; style-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com/ajax/ https://fonts.googleapis.com; img-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com blob: data: https://*.ggpht.com https://*.gstatic.cn https://*.gstatic.com https://ajax.googleapis.com/ajax/ https://lh3.googleusercontent.com https://lh4.googleusercontent.com https://lh5.googleusercontent.com https://lh6.googleusercontent.com https://s0.2mdn.net/ads/studio/cached_libs/ https://static.doubleclick.net https://vr.google.com/shaders/w/techspecs/; media-src 'none'; frame-src 'unsafe-inline' javascript:; font-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com data: https://fonts.gstatic.com; connect-src https://tpc.googlesyndication.com https://pagead2.googlesyndication.com https://csi.gstatic.com/csi https://fonts.googleapis.com/css https://fonts.googleapis.com/css2 https://vr.google.com/shaders/w/techspecs/; report-uri /pagead/gen_csp?id=adbundle; child-src 'unsafe-inline' javascript:; form-action 'none'
x-content-type-options: nosniff
age: 309412
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11799
x-xss-protection: 0
last-modified: Thu, 29 Jul 2021 08:43:52 GMT
server: sffe
date: Mon, 06 Dec 2021 23:07:14 GMT
report-to: {"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="content-ads-owners"
expires: Tue, 06 Dec 2022 23:07:14 GMT

GET
DATA 200
OK truncated
/ Frame E4EE 18 KB
18 KB Font
font/truetype

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5747700ed707eb933940f42727076cf9bf06a9a13634694486e5b19d2864c804

Request headers

Referer
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: font/truetype;charset=utf-8

GET
H3 200 JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
fonts.gstatic.com/s/montserrat/v18/ Frame E4EE 19 KB
19 KB 40ms
39ms Font
font/woff2 2a00:1450:4001:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/montserrat/v18/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Montserrat:100,100italic,200,200italic,300,300italic,regular,italic,500,500italic,600,600italic,700,700italic,800,800italic,900,900italic&cb=1626772622

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: null
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 04:37:19 GMT
x-content-type-options: nosniff
age: 203207
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19844
x-xss-protection: 0
last-modified: Tue, 10 Aug 2021 00:20:10 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Thu, 08 Dec 2022 04:37:19 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 6B36 22 KB
8 KB 39ms
38ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68301
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4663 22 KB
8 KB 39ms
39ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8395
date: Thu, 09 Dec 2021 18:05:45 GMT
expires: Fri, 09 Dec 2022 18:05:45 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 68301
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 6B36 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 4663 35 KB
13 KB 40ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 index.html Show response
s0.2mdn.net/sadbundle/18393997666045394944/ Frame DD08 3 KB
929 B 96ms
48ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

567f31b9d3bd3d83ca14d650e9831df0e49a6ec3e49fbadc41a34ae4b4b1571f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 901
date: Fri, 10 Dec 2021 13:04:07 GMT
expires: Sat, 10 Dec 2022 13:04:07 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
x-content-type-options: nosniff
x-dns-prefetch-control: off
content-encoding: gzip
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame E277 0
61 B 172ms
86ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssQlnzRxEbuBW4DZz1wdocUrSo7WAMAVbfVq53ycqtPDfqd0tpJffiLD5Dx2VzZ8Iy3aCRVUT5RqR4cf1pyln_kR4QFQMFlG6_tn1tYiDP9T_Hc7UELX1dDja__WEpSlVl6Wes-SOc-6mmyJAKxEtLzuoCFeA3m5sp60vaxarqwrwi6zpoC0qfbr_pgIdhxewe8NRCl0LWJB_TTua8-p5lvah-Pt-E9koQjkIVWP1V7A-_NJGGixRSVr_XSNFvddZP50lPavluHvzpMYKzHCUwiGGPPL2dEpYlPYjlH1Vz6qG87-VbgHdd3ggPBhyjc2eoHjeKOYaaezqW8JqAKZHbUsEH7FcK-uRell2hxM8052MAZJrRcF59RU9dXd7SFnwybrYOmn3qN9mXMa7jy7iL-IqXx6eqOHLmYYl-P-qHh0qQN4jiHKf_FKMT7B0b3L5-wISXOah_Bmm5nG9WPCWfJbTlaZQGqQ0kQTf_DtSH96i1gmAtYWocX3zHxP4-Won_-UUbl9tcbSO4DOxUTfae_t2JYuA-vLakR5PsS1k07p7Vz1Mu7Qec6Dq3haDSWXXPd5Ri5MG88eeq2_Uj6UHA6pdJh0Res4EvB5xrXqqYsJSj6m1T0nh13xr-t0Keesenwe7OSuXtRRlLAX4TfRDBNmxqYZe7MdYgqQve8050pW3vv78eHVAStoC-rN90LrI-CagAk5hC8EMrlR_ajhHq3TJJt4nQOFbI0zGWkBy3KYY3Uq65W3cWLMQyNDGcWsoSuDvOL51iOCDvZ05K96yJs0Vd77kDCW1ZNsgzDIVj0EXpqNiUCAPNMoCxLTfOgv4RK4s9YjaQdwuepaKC94XYbpBKe8QwN6AMuLc_80B88B8pAQMljHE5GzHBMd_n03NjMJzKG1fLBmj7Wr6nls1AAAj4Fvhf5C2ByBNiftf-QGx-dS5njD5mRwefWmRumxnwEaburOCDbAIl3Ob5rPAHmv3Kvj9NtAMqh1NKmbCQ1STg9NVGLV5YlYt1g4pviVAwYHqI5LuGMykFWVFJ86KiJ29YWfmvq-xmczqL19sos7MVzGMWj7d8sOYL1mJD3TmWGZtvjeQRggOtYyHPqG-QU_MML-a9MPtOl0_dAWussQjXGSH9NYJH-EcX4oFCtVSZ2BAkb3Z5UHnA2jwRJj0PJsYRrWHtx6Ag5hFbvwcc9mS7P&sai=AMfl-YSL_VOeItKFbOMo8faX6TwqTlJqIT_eminZtL5vKpBf_uyXnfcuBoQUCB-PkqgM6aKM8Wem5cP1d5Ngyjx6Iu2jUn4D_zi7_dgZ2sw6ytzHal1fGWVWsVKP_pldeGvPBf1omWRv52-3gYiZKMQ-Dyib3Em4GG02MQnXU40&sig=Cg0ArKJSzKmppzhfUMI6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=245&cbvp=1&cstd=239&cisv=r20211207.74056&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 13:04:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 index.html Show response
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/ Frame D47F 4 KB
1 KB 62ms
40ms Document
text/html 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/express_html_inpage_rendering_lib_200_275.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

899b51cc4540b3a17d6c722b61f345aadada9f98cc123d7b88ee627b348cda04

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-length: 1478
date: Thu, 09 Dec 2021 23:02:10 GMT
expires: Fri, 10 Dec 2021 23:02:10 GMT
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 50517
cache-control: public, max-age=86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

POST
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 617F 0
571 B 146ms
85ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstMsq9o2VxZKi4NzjcmiBEkvnRt5MjqbLDikPm1cpc4buAnh6ldOIbTR6zai_q9u3QL3040RweXZo0WhwsNke6ZY51INJbB-DW1XsBw41Y3gAOwpW29mrIx729U_oxqF_Emp-2wq_WU4nmTt-mow0K1T8PAAId7M17-H57eSsKkEDJyxbvlSeWlcqx8nL6otbqDYlLjuHlBAxmtpu8BYkuNb8TgyD8JGWXTxW1BtaDrhoa4vPBatQVWXKnnkpySzhwDIGCZlZMIMxqp_P7k9uCjF9NqnaG76MwWFQlZ4I5LQqnvBMpskxW1LH7H54Bb-JPkE9v6t_0Dbq2FMUTB_ft_vEJGxOX2J4ZI6ChoK4wLSRzMi2kBBsNGN6PKIEia0WCstPmff-LRZAyuUyCHIDtAPfmtC6Pw6kFtwpTxnWXdTc7yu6OcWi7tA8vVkC574gDSIJcUHvQORNMk2krNHXPnADJiWk3u_95J-bNI9fQRtiwpOlb7eDQXkF8IkYHKXsZ7uyR52fkGAR_UT_oLkBsYvcxf8Nl_dQhnF_ObiPC9FC3IySO7GahlAgZ85IXycCOMXiImCiFt0JdediAFGTFYGNZkwnJelJLZt9jtuTEmdQNFPXMbbOQY2COCJHzit9LxMnWraiCFSDnEzKMX3HZtTz6enPREByJmyZBx8dNgaARgZFgsupH2GEcRAZkJa5xRuZ1qiE8Y3gs7wZqWnY75PlRos16WBBDehU-pBiglGwuNO0UK3_oX3qw3K50F1ClsNSagJUmhjdpZxyogRlDpi5Qc-K7LHGIFBENtN10x0rga1KnhXJM87bpxEzWlY5g8WA06VdSxwEinxMlFj20qNuM0iRzvFBcFa0Tkd7FkQa2ISotqPuayJo1a7u4wAWh66rWcRefcA0HtdDCEnJXgDNlgwyp1LoZVvGujEiMgnXlSx364gHra_9E_Q42KUQcBVYEXdV9jEShPvVVU5zkI2iogKvaKkgTqNkhXpYgzKCTrm7DUtVkBT6juzkCMxJfv_hrYVXgLnGZBTnp3a0_Xt79zyV7m3whOZ9AYatAQBgpQ6Mi4IHAJCCcxKri4tXXLjZaHseLdbnp59IA8XhJOcmhh2kZq5Z1faRVuFmKfSnVwqpypCHVsKwU72qa_oQsfP2lr1ACch8ybXyKvlOApZ4ZLZ8z_XkLtOZyFAL-Y21SK9ZCy0ZyELsu8WHR1omJaZjvEqChCuDU&sai=AMfl-YQZY1f9uNGPfA3xcLnnL9lD2yLWx7bOx1fnAFIHBnYuLGiAw9hBY1Yj8JlTGel7C1eBuFBfJOIJzRvCI0dcZcCHnnUZ3jacuII9Q4Gt8lCdu-aLllLhfKcouESjb6C0N908Mw1ITmK-bCWANN7-J7gAc8oguKfwevzN4xE&sig=Cg0ArKJSzJTwgbA1m5x5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=238&cbvp=1&cstd=235&cisv=r20211207.99226&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 13:04:07 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 style.css
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/styles/ Frame D47F 2 KB
783 B 40ms
40ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/styles/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

882d0bed45bbcb3a8d4b3a1b6015a27da20d660e8eee61351700dfa4da39dfc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:02:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50517
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 757
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:02:10 GMT

GET
H3 200 gsap_3.5.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame D47F 60 KB
24 KB 67ms
67ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 24155
x-xss-protection: 0
last-modified: Mon, 31 Aug 2020 21:23:17 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/scripts/ Frame D47F 855 B
389 B 40ms
40ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/scripts/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

68751d5d8697a609fd9b8972439c012d4c08a8e25f7edc4bd1067bb438b42595

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:02:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 363
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:02:17 GMT

GET
H3 200 img1.jpg
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/images/ Frame D47F 13 KB
13 KB 67ms
67ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/images/img1.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0caa0bc62101200778a1f5c0f68e2bf7516c569ad3cefdde2e095da7206efb1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 21:35:44 GMT
x-content-type-options: nosniff
age: 55703
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13084
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 21:35:44 GMT

GET
H3 200 img2.jpg
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/images/ Frame D47F 29 KB
29 KB 40ms
39ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/images/img2.jpg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

824de59aa1713dbd65bcc0c5926776b87db63a097e3465576626114e438bcde0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:01:32 GMT
x-content-type-options: nosniff
age: 50555
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 29218
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:01:32 GMT

GET
H3 200 pandora.svg
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/images/ Frame D47F 9 KB
3 KB 55ms
55ms Image
image/svg+xml 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/images/pandora.svg

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f923dd368c72055e674e4a8932e265ee51911ea42c51d885ca49aacc7e0dd016

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/index.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 23:02:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50510
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2902
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 23:02:17 GMT

GET
H3 200 css2
fonts.googleapis.com/ Frame DD08 4 KB
635 B 54ms
53ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@100;700&display=swap

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

5a8710d81938f21afdd8adc1bbbf09ad1fbb4f80ca43ada74dd10726cae7e1fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Fri, 10 Dec 2021 11:14:28 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 10 Dec 2021 13:04:07 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H3 200 style.css
s0.2mdn.net/sadbundle/18393997666045394944/ Frame DD08 6 KB
2 KB 40ms
40ms Stylesheet
text/css 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/style.css

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26dbad6cbcba2f814e73f527f13846bf5acdab0cbe8a5d261d02baedb442fa87

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 13:49:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 602088
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1771
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Dec 2022 13:49:19 GMT

GET
H3 200 SplitText.min.js Show response
s0.2mdn.net/sadbundle/18393997666045394944/ Frame DD08 7 KB
3 KB 41ms
40ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/SplitText.min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4aa9210ddc672e43bb409243fc14424e411a2a76fa7b7250c0c99da0e19d329e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 14:04:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 255605
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 3087
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Dec 2022 14:04:02 GMT

GET
H3 200 Enabler_01_245.js Show response
s0.2mdn.net/879366/ Frame DD08 110 KB
38 KB 45ms
44ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_245.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 13:07:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 86193
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 38568
x-xss-protection: 0
last-modified: Wed, 14 Oct 2020 19:32:54 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:07:34 GMT

GET
H3 200 tweenmax_2.1.2_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame DD08 113 KB
39 KB 79ms
78ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/tweenmax_2.1.2_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39910
x-xss-protection: 0
last-modified: Mon, 11 Mar 2019 14:29:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H3 200 invocation.js Show response
s0.2mdn.net/sadbundle/18393997666045394944/ Frame DD08 5 KB
1 KB 44ms
43ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/invocation.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d5089228f8682c0af8a6a97b223d4f6a3a8efee3818389ed58f38a3aca4dd021

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 14:16:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 254860
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1163
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Dec 2022 14:16:27 GMT

GET
H3 200 script.js Show response
s0.2mdn.net/sadbundle/18393997666045394944/ Frame DD08 26 KB
5 KB 61ms
60ms Script
application/x-javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/script.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b864aad82f812f79c2ced97538bc5ce5f59bf42b1b28c40759bcba555b291bba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 07 Dec 2021 17:05:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 244747
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4920
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Wed, 07 Dec 2022 17:05:00 GMT

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 94ms
94ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:07 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

POST
H2 200 t Show response
t.lkqd.net/ Frame 7263 0
169 B 97ms
97ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/formats.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ 67 B
726 B 174ms
174ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=7439281&_fw_us_privacy=0&_fw_gdpr=0&_fw_gdpr_consent=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15011415161584646331545106815%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1639141446664096-391
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ 65 B
533 B 150ms
107ms XHR
text/xml 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?mid=970530&t=2&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

94e4cb19c22e935d07b372642b91d6ef04fa8a8c61aed1bc5b17a5e79cdb6a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin: https://www.elfinancierocr.com
access-control-max-age: 86400
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: text/xml
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

GET
H2 200 tag Show response
4cywq-eqnre.ads.tremorhub.com/ad/ 119 B
470 B 494ms
286ms XHR
text/xml 2600:1f18:612b:4232:853f:4ce7:6a68:6291
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://4cywq-eqnre.ads.tremorhub.com/ad/tag?adCode=4cywq-7ivfu&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C1584646331545106815164747896%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:853f:4ce7:6a68:6291 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H2 200 tag Show response
4cywq-eqnre.ads.tremorhub.com/ad/ 119 B
471 B 417ms
210ms XHR
text/xml 2600:1f18:612b:4232:853f:4ce7:6a68:6291
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://4cywq-eqnre.ads.tremorhub.com/ad/tag?adCode=4cywq-7ivfu&playerWidth=400&playerHeight=225&srcPageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C1584646331545106815762634962%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:1f18:612b:4232:853f:4ce7:6a68:6291 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: 5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: Apache-Coyote/1.1
vary: accept-encoding
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
x-tremorvideo-status: NO_AD
content-type: text/xml;charset=UTF-8

GET
H2 204 rtb Show response
a.vidoomy.com/api/rtbserver/ 0
146 B 27ms
27ms XHR
text/plain 3.122.131.186
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://a.vidoomy.com/api/rtbserver/rtb?id=208973486&w=400&h=225&skip=1&req_type=1&req_type=1&ip=&ua=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%29%20AppleWebKit%2F537.36%20%28KHTML%2C%20like%20Gecko%29%20Chrome%2F96.0.4664.93%20Safari%2F537.36&l=EN&dt=2&c=DE&pid=53160&sid=&sname=&d=elfinancierocr.com&sp=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&coppa=&gdpr=0&gdprcs=&vpaid=1
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.122.131.186 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-122-131-186.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:07 GMT
access-control-allow-credentials: true
vary: Origin
access-control-expose-headers: X-Vd-C

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ 67 B
726 B 277ms
263ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=7439281&_fw_us_privacy=0&_fw_gdpr=0&_fw_gdpr_consent=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15846463315451068151450416324%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1639141447181024-395
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK 218945 Show response
search.spotxchange.com/vast/2.0/ 67 B
1 KB 89ms
42ms XHR
text/xml 185.94.180.123
SPOTX-AMS

General

Check archive.org

Show headers Download Go to

Full URL: https://search.spotxchange.com/vast/2.0/218945?VPAID=JS&content_page_url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&cb=77591267&player_width=400&player_height=225&regs[gdpr]=0&user[consent]=&device[geo][lat]=&device[geo][lon]=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15846463315451068151639660138%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 185.94.180.123 Amsterdam, Netherlands, ASN35220 (SPOTX-AMS, US),
Reverse DNS
Software: nginx /
Resource Hash: 78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:07 GMT
Content-Encoding: gzip
X-SpotX-Timing-Transform: 0.000455
X-SpotX-Timing-SpotMarket: 0.018715
X-SpotX-Timing-Page-Mux: 0.000353
X-SpotX-Timing-Page-Require: 0.000543
X-fe: 021
Connection: keep-alive
X-SpotX-Timing-Page-Cookie: 0.000045
Content-Length: 77
X-SpotX-Timing-Page: 0.025578
Pragma: no-cache
X-SpotX-Timing-Page-Context: 0.000451
Last-Modified: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Access-Control-Allow-Methods: POST, GET, PATCH, DELETE, OPTIONS
Vary: Accept-Encoding
X-SpotX-Timing-SpotMarket-Primary: 0.018715
Content-Type: text/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
X-SpotX-Timing-Page-Misc: 0.005002
X-SpotX-Timing-Page-Exception: 0.000001
X-SpotX-Timing-SpotMarket-Secondary: 0.000000
X-SpotX-Timing-Page-URI: 0.000013
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK swfIndex.php Show response
ads.stickyadstv.com/www/delivery/ 67 B
726 B 125ms
112ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/www/delivery/swfIndex.php?reqType=AdsSetup&protocolVersion=2.0&zoneId=7439281&_fw_us_privacy=0&_fw_gdpr=0&_fw_gdpr_consent=&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15846463315451068151288517166%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=UTF-8
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 67
x-sticky-vk: 1639141446718042-390
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ 65 B
654 B 129ms
89ms XHR
text/xml 37.157.6.252
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?mid=970530&url=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&t=2

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.252 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

s1.adform.net

Software

nginx /

Resource Hash

94e4cb19c22e935d07b372642b91d6ef04fa8a8c61aed1bc5b17a5e79cdb6a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
vary: Accept-Encoding
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 173
pragma: no-cache
server: nginx
access-control-max-age: 86400
access-control-allow-methods: GET, POST
content-type: text/xml; charset=utf-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Cache-Control, Accept-Encoding, X-Requested-With
expires: -1

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
974 B 52ms
28ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C1584646331545106815576531506%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: dd9de83fe1d97ec17cadcdcdab912ea983da11d5d60b6e57acc19a009b2e2979

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 712
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 39ms
22ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?supportsJavascript=true&supportsFlash=true&_fw_us_privacy=0&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15846463315451068151871146506%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 973041428b5e15839966805c7c7fdf6bc1b0a8643c72dcebca9c1b9fecd50820

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1192
x-sticky-vk: 1639141447175047-331
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 33ms
17ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15489145521584646331545106815,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: bebe245aa09c05341903708aab991707c3c140795433b6ed1dc8bde216f76225

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1158
x-sticky-vk: 1639141446838073-396
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
974 B 56ms
33ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C15846463315451068151224058360%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: a673021a88f7b05128652f2d4c6ab23a5f435ca3766fce7a1a89081af403b0b8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 712
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ 1 KB
976 B 60ms
38ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C1584646331545106815197429403%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: d046ec5e30c5d8e2f88480313f00673851498d6e44921717b18b9ace004ac721

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 713
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 34ms
18ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C19233405451584646331545106815,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 28eab161b0e13c9f2617efd1f9a059a294cfac06031444174207d8ac8801a32a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1158
x-sticky-vk: 1639141447441042-402
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 51ms
17ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?supportsJavascript=true&supportsFlash=true&_fw_us_privacy=0&schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C1584646331545106815634554461%2C%2C
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 2d2ed6fc04aa33a61abd40ab9310de40b2303a2bddb695bdc9abac11719430c3

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1190
x-sticky-vk: 1639141447151069-394
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK 7585793 Show response
ads.stickyadstv.com/vast/vpaid-adapter/ 1 KB
2 KB 68ms
34ms XHR
application/xml 2.18.234.233
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.stickyadstv.com/vast/vpaid-adapter/7585793?schain=1.0%2C1%21vidoomy.com%2C53160%2C1%2C20234739991584646331545106815,,
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.234.233 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-234-233.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 83642f7a635945a744e2963e9b27c171360ee5c5206960655464803baa89eb73

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: nginx
Content-Type: application/xml;charset=ISO-8859-1
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 1158
x-sticky-vk: 1639141447506018-556
Expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H/1.1 200
OK LyoDzRX0cOv8KcvlY2oOQnb1IeL0zelHZZQf70KjSEs= Show response
ads.adaptv.advertising.com/a/h/ 249 B
552 B 457ms
429ms XHR
text/xml 3.66.59.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://ads.adaptv.advertising.com/a/h/LyoDzRX0cOv8KcvlY2oOQnb1IeL0zelHZZQf70KjSEs=?cb=772481229&gdpr=0&gdpr_consent=&pet=preroll&pageUrl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&eov=eov&pi.width=400&pi.height=225&pi.viewable=1&scpid=53160&hp=1

Requested by

Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.66.59.71 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-66-59-71.eu-central-1.compute.amazonaws.com

Software

adaptv/1.0 /

Resource Hash

6c138576e7381d3ab0aa7b511adc3a7cbb7fe3a3d33768bad05577f5dfc60cad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000
content-encoding: gzip
server: adaptv/1.0
content-type: text/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 192
expires: 0

GET
H3 200 PanTextTT-Bold.woff
s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/fonts/ Frame D47F 66 KB
66 KB 41ms
41ms Font
font/woff 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/fonts/PanTextTT-Bold.woff

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/styles/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0bd864a431fb1bc016f717b4fc74b9dfdb4d8dca2d10bca7a97e03cab38ff3d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/5739429/1636390731528/Pandora_Prospecting_Giftsets_Classic_Colours_G_DE_300x250/styles/style.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 09:43:04 GMT
x-content-type-options: nosniff
age: 12063
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 67108
x-xss-protection: 0
last-modified: Mon, 08 Nov 2021 16:58:51 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Dec 2021 09:43:04 GMT

GET
H3 200 GraphikCompact-Regular.woff2
s0.2mdn.net/sadbundle/18393997666045394944/fonts/ Frame DD08 40 KB
40 KB 40ms
40ms Font
application/octet-stream 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/fonts/GraphikCompact-Regular.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8d869e68ded46385086af23181706b5ba29ba4f2c87551fdd28955169a072263

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/style.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 11:26:27 GMT
x-content-type-options: nosniff
age: 92260
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40696
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 09 Dec 2022 11:26:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4663 0
20 B 75ms
75ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BSVWURlCzYaCRKpeu7gP96JXYCwAAAAA4AeAEAg&bg=!8_Cl8LTNAAZKWFskSlg7ACkAdvg8WhSmOD2VgdsZR0KFK5VXUSk_jAHLxFSeT6yCpWfjIWitx2bD3QIAAAC8UgAAABxoAQeZAwjSw_KbIAhP1bL5T6_wLotN5ocTagMUdXd53RZWtNSE8VN7EeJjGes9Mnq6ptTwwUEwCwMYHn8jnQEuDHlGPDgsK1qYVkwg8ch4g2kFL3zIj-XMValUg22emmC2zcvsrEarY7Xes2SbNZk41j3SlKvCmCgDs7Bas1B59qCbhgGo7p2WXa8a-a_g2Vz2QuJhsZgb7DjwX5Cs3zLZiXp-VruJY9qZx6zZCKLiCdnD2vXmnyQuIyw6WtwX9blxuxuEIIFAA7mGXDGqMcuf-zfCFn4Ky6IfI5OcunN9-GpNkkKOGXVe75QNbQTpiKRT7lauMJIsRYQl63PHNGduRKRnXllUXYlfLwMZrCgKCtOIYFqz7jXRbrUFog3YCSt6VgI_wpu_nGqcx0iVdtM_cuh83ZJKxb7qU5mleLSLD_6JSa6F4OiHarYeQethVmFAFKePiF7cUsvp3cAND4nrY7RZAdP8bTX4mgHfcGEmd8dJ_hsW96QxLYNHeI4x2sw1BWYiOI1dz6I6wouUapAK4VSEJMgCia24nN0D0kltgvNBjRX-BvxxIKAp0HaB8yIi5TsTYMIk08gci3ZyqnTDAYPRH0sSPtwwgxAZB4zvABk-Wj0xfqMImGDCKDvfq8fKcWFy6ovNwxQ-EnEhMw2x_Ag6WzofGzTfbfv0xpwbAlnbVTD8G0B0ba35g_1sq1BvA0u1Nc5OxFBSrvMfZZ2OqQQ75Kcb65mkquBvLAItF2VxYlo3o-5Yu63rzIzN9irlJ4tRssWqbDNCk_Sd6p7dhwh9l8reZ0ya4OkPRPLdnsuvSAoUNql3JvnbmTc6ec7ZDwySk12r2ff25d5FvUCxbNLhnjk4sTfPjTjHfKrwe1351yZvDvq1CnVarV4Fgbq6o4f3_XgWHx1vyLVXlQ08Einvr11-k6sE7RqpL3A9SwaNYBE-S2-gjCJOyrAy6dWrph1rJngUqhVcJCcymqizT1KCkbWvoPsPxzxjTssG9dGF9UC4fAMi8T3CqROprxZlshs2tUep2cIBfdKMEw

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6B36 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BAeKSRlCzYYrfKcj5-gagiZDgCwAAAAA4AeAEAg&bg=!UFOlUxfNAAZKWFskSlg7ACkAdvg8Wka8TkJZnH9lQyJPaUi2oBbbjQhZV1AMojrA6SLHt2cVn0HJ9AIAAADVUgAAABtoAQcKABBkEG45fZ_YLQxn0Qc0i41zmQL_azMXguQN5jO75qedbjbdSnbtEwkVnTvBg-V2Vzl5JpDYbYGR6ksR9Uf_suq0hHktTdtI9Ue-P-Kis8y3pB-nCPnrbJOG1xUV8oL9zXlmu-ijw595MeNKL_PZ3z1pVRBd12Ol7sUSHdooFrkg5fS1OWyhUJgMWgJJZ4kUobnyhsY0sSj8F-p-PPEvVzCwk5L5H2H9OKfWjhP_IXKiXHqoiDVwYl9m5qLYAHTQeUFpoTZx3AJxVUa56pSelFuObS7hYukvub5sDguhGF3JFNjAvGLvgGSKj_Q8sk8NeEGIhPOUprEB6cXvmHc6E5LSi5cdevU_VV908BmHsh1olaokNw33gBqrGIPXpaIIiB12T-4JehLfHZbWW8AMYsHi7b9AZpy2GON8OaSJKJ93crZQQYyYgmMG4cHFbL5s_pgFiEIiaaeoc40taBrwtQ2KonToDhK26vVgJ_3v8cRegYjaLq5KcGnkFfg3v8jXsD2E7ncK_aie077g5X111-iYug45vDM_Doonfrc-1l3rr3GJ8wpEuB2xz3ncaul0MCotnstFW2vCPLAOkLD6jBYaOd0Yx92CoSyXH-9Uqv7tq-Koo-CxcJzHVTyPOufUUZcS6JKf270U085z-AsPhw4kbKPIqw5tcM8eC-vTTW0Qt7Ey8ie_VmtMneDjhzgnsMSqd5sHHAnRDJwtKS7gFa_8blaPimV5KIbRwCuRqMILQ9ziSbpiwGkrKFRNbUKfH1vYroZd27z7uGdoflr4fvU8OrE-FAgjV0ZGtZ3TUu2pI8J8NEp5kx9nep-xxv5OSHBNsrfE1TNwPEbZXrnF8utFrH-MygdpH59G9guCKIBdJCaquP6fZ6iyveLgAHR_IIbCExWiBoFzuTson9aV9D7YH6LLKB0rx2lXoP7DvAqd3im9uRM57USiKRC0zAlOTgcPlTllIFgAkBd0KjmQIg1BqSAYRfyTMynL7QlQ6KgmbEJH8gRByXFkf3sxAkhayW9FsS0zk-74-zY4MBkWp5XVmrw

Requested by

Host: 2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
URL: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 617F 0
23 B 121ms
74ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjstMsq9o2VxZKi4NzjcmiBEkvnRt5MjqbLDikPm1cpc4buAnh6ldOIbTR6zai_q9u3QL3040RweXZo0WhwsNke6ZY51INJbB-DW1XsBw41Y3gAOwpW29mrIx729U_oxqF_Emp-2wq_WU4nmTt-mow0K1T8PAAId7M17-H57eSsKkEDJyxbvlSeWlcqx8nL6otbqDYlLjuHlBAxmtpu8BYkuNb8TgyD8JGWXTxW1BtaDrhoa4vPBatQVWXKnnkpySzhwDIGCZlZMIMxqp_P7k9uCjF9NqnaG76MwWFQlZ4I5LQqnvBMpskxW1LH7H54Bb-JPkE9v6t_0Dbq2FMUTB_ft_vEJGxOX2J4ZI6ChoK4wLSRzMi2kBBsNGN6PKIEia0WCstPmff-LRZAyuUyCHIDtAPfmtC6Pw6kFtwpTxnWXdTc7yu6OcWi7tA8vVkC574gDSIJcUHvQORNMk2krNHXPnADJiWk3u_95J-bNI9fQRtiwpOlb7eDQXkF8IkYHKXsZ7uyR52fkGAR_UT_oLkBsYvcxf8Nl_dQhnF_ObiPC9FC3IySO7GahlAgZ85IXycCOMXiImCiFt0JdediAFGTFYGNZkwnJelJLZt9jtuTEmdQNFPXMbbOQY2COCJHzit9LxMnWraiCFSDnEzKMX3HZtTz6enPREByJmyZBx8dNgaARgZFgsupH2GEcRAZkJa5xRuZ1qiE8Y3gs7wZqWnY75PlRos16WBBDehU-pBiglGwuNO0UK3_oX3qw3K50F1ClsNSagJUmhjdpZxyogRlDpi5Qc-K7LHGIFBENtN10x0rga1KnhXJM87bpxEzWlY5g8WA06VdSxwEinxMlFj20qNuM0iRzvFBcFa0Tkd7FkQa2ISotqPuayJo1a7u4wAWh66rWcRefcA0HtdDCEnJXgDNlgwyp1LoZVvGujEiMgnXlSx364gHra_9E_Q42KUQcBVYEXdV9jEShPvVVU5zkI2iogKvaKkgTqNkhXpYgzKCTrm7DUtVkBT6juzkCMxJfv_hrYVXgLnGZBTnp3a0_Xt79zyV7m3whOZ9AYatAQBgpQ6Mi4IHAJCCcxKri4tXXLjZaHseLdbnp59IA8XhJOcmhh2kZq5Z1faRVuFmKfSnVwqpypCHVsKwU72qa_oQsfP2lr1ACch8ybXyKvlOApZ4ZLZ8z_XkLtOZyFAL-Y21SK9ZCy0ZyELsu8WHR1omJaZjvEqChCuDU&sai=AMfl-YQZY1f9uNGPfA3xcLnnL9lD2yLWx7bOx1fnAFIHBnYuLGiAw9hBY1Yj8JlTGel7C1eBuFBfJOIJzRvCI0dcZcCHnnUZ3jacuII9Q4Gt8lCdu-aLllLhfKcouESjb6C0N908Mw1ITmK-bCWANN7-J7gAc8oguKfwevzN4xE&sig=Cg0ArKJSzJTwgbA1m5x5EAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=534&vt=11&dtpt=296&dett=3&cstd=235&cisv=r20211207.99226&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

POST
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame E277 0
23 B 105ms
76ms Ping
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssQlnzRxEbuBW4DZz1wdocUrSo7WAMAVbfVq53ycqtPDfqd0tpJffiLD5Dx2VzZ8Iy3aCRVUT5RqR4cf1pyln_kR4QFQMFlG6_tn1tYiDP9T_Hc7UELX1dDja__WEpSlVl6Wes-SOc-6mmyJAKxEtLzuoCFeA3m5sp60vaxarqwrwi6zpoC0qfbr_pgIdhxewe8NRCl0LWJB_TTua8-p5lvah-Pt-E9koQjkIVWP1V7A-_NJGGixRSVr_XSNFvddZP50lPavluHvzpMYKzHCUwiGGPPL2dEpYlPYjlH1Vz6qG87-VbgHdd3ggPBhyjc2eoHjeKOYaaezqW8JqAKZHbUsEH7FcK-uRell2hxM8052MAZJrRcF59RU9dXd7SFnwybrYOmn3qN9mXMa7jy7iL-IqXx6eqOHLmYYl-P-qHh0qQN4jiHKf_FKMT7B0b3L5-wISXOah_Bmm5nG9WPCWfJbTlaZQGqQ0kQTf_DtSH96i1gmAtYWocX3zHxP4-Won_-UUbl9tcbSO4DOxUTfae_t2JYuA-vLakR5PsS1k07p7Vz1Mu7Qec6Dq3haDSWXXPd5Ri5MG88eeq2_Uj6UHA6pdJh0Res4EvB5xrXqqYsJSj6m1T0nh13xr-t0Keesenwe7OSuXtRRlLAX4TfRDBNmxqYZe7MdYgqQve8050pW3vv78eHVAStoC-rN90LrI-CagAk5hC8EMrlR_ajhHq3TJJt4nQOFbI0zGWkBy3KYY3Uq65W3cWLMQyNDGcWsoSuDvOL51iOCDvZ05K96yJs0Vd77kDCW1ZNsgzDIVj0EXpqNiUCAPNMoCxLTfOgv4RK4s9YjaQdwuepaKC94XYbpBKe8QwN6AMuLc_80B88B8pAQMljHE5GzHBMd_n03NjMJzKG1fLBmj7Wr6nls1AAAj4Fvhf5C2ByBNiftf-QGx-dS5njD5mRwefWmRumxnwEaburOCDbAIl3Ob5rPAHmv3Kvj9NtAMqh1NKmbCQ1STg9NVGLV5YlYt1g4pviVAwYHqI5LuGMykFWVFJ86KiJ29YWfmvq-xmczqL19sos7MVzGMWj7d8sOYL1mJD3TmWGZtvjeQRggOtYyHPqG-QU_MML-a9MPtOl0_dAWussQjXGSH9NYJH-EcX4oFCtVSZ2BAkb3Z5UHnA2jwRJj0PJsYRrWHtx6Ag5hFbvwcc9mS7P&sai=AMfl-YSL_VOeItKFbOMo8faX6TwqTlJqIT_eminZtL5vKpBf_uyXnfcuBoQUCB-PkqgM6aKM8Wem5cP1d5Ngyjx6Iu2jUn4D_zi7_dgZ2sw6ytzHal1fGWVWsVKP_pldeGvPBf1omWRv52-3gYiZKMQ-Dyib3Em4GG02MQnXU40&sig=Cg0ArKJSzKmppzhfUMI6EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=584&vt=11&dtpt=339&dett=3&cstd=239&cisv=r20211207.74056&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0.&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ 11 KB
8 KB 106ms
59ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2021120601&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6717627c923743958a38e1b7c25b5e27caf47a9c17536defe38741c4c9b5e576

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 8598
x-xss-protection: 0

GET
H3 200 Editor-Bold.woff2
s0.2mdn.net/sadbundle/18393997666045394944/fonts/ Frame DD08 22 KB
22 KB 43ms
42ms Font
application/octet-stream 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/fonts/Editor-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

df2d952f361956a74458dc26c18617fe645485d81dcd9d247c4c057d4205bc8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/style.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 03:17:12 GMT
x-content-type-options: nosniff
age: 208015
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 22268
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Thu, 08 Dec 2022 03:17:12 GMT

GET
H3 200 InvescoInterstate-Bold.woff2
s0.2mdn.net/sadbundle/18393997666045394944/fonts/ Frame DD08 23 KB
23 KB 40ms
39ms Font
application/octet-stream 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/18393997666045394944/fonts/InvescoInterstate-Bold.woff2

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/18393997666045394944/style.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4b2f9794cf9a1465f85b132a63e0ec4ff84d58302b7d6d5f553584ac6b0bbc4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/style.css
Origin: https://s0.2mdn.net
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 03 Dec 2021 13:52:52 GMT
x-content-type-options: nosniff
age: 601875
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 23480
x-xss-protection: 0
last-modified: Thu, 24 Jun 2021 03:47:15 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 03 Dec 2022 13:52:52 GMT

GET
H3 200 60015939_20210325063755915_invesco_logo.png
s0.2mdn.net/ads/richmedia/studio/60015939/ Frame DD08 5 KB
5 KB 41ms
40ms Image
image/png 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015939/60015939_20210325063755915_invesco_logo.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

31f736bee908ca92db1f6262d4d9ebcac368766000c48f026b64ae2717d5b8a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 18:15:18 GMT
x-content-type-options: nosniff
age: 67729
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4990
x-xss-protection: 0
last-modified: Thu, 25 Mar 2021 13:37:56 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 18:15:18 GMT

GET
H3 200 60015939_20210325063800504_vermeer_bg_image_728x90.jpg
s0.2mdn.net/ads/richmedia/studio/60015939/ Frame DD08 20 KB
20 KB 40ms
40ms Image
image/jpeg 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60015939/60015939_20210325063800504_vermeer_bg_image_728x90.jpg

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b21a9742605970420c33237b56652b4ab9194f1e09ebb8ea809bb7c969085c84

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/18393997666045394944/index.html?e=69&leftOffset=0&topOffset=0&c=Sm622WeAWW&t=1&renderingType=2
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 09:43:15 GMT
x-content-type-options: nosniff
age: 12052
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20716
x-xss-protection: 0
last-modified: Thu, 25 Mar 2021 13:38:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 11 Dec 2021 09:43:15 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame DD08 6 KB
4 KB 49ms
49ms XHR
application/json 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

191b3a8184ebc23be0ef6e8dbd37b31c7e282a8870a8235022844e2bef8a0c76

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/json; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 4503
x-xss-protection: 0

POST
H2 204 /
684dd32a.akstat.io/ 0
207 B 251ms
249ms Ping
image/gif 2a02:26f0:6c00:287::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://684dd32a.akstat.io/

Requested by

Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/K2F2J-U4J6X-CUK55-UT5LV-F8L4T

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_256_GCM

Server

2a02:26f0:6c00:287::11a6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.elfinancierocr.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-type: image/gif
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ 17 KB
6 KB 52ms
51ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2021120601.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame DD08 17 KB
6 KB 53ms
52ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6386
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:07 GMT

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame ECCF 13 KB
5 KB 39ms
39ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
date: Fri, 10 Dec 2021 13:02:58 GMT
expires: Sat, 10 Dec 2022 13:02:58 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 69
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 36A4 783 B
534 B 51ms
51ms Document
text/html 2a00:1450:4001:801::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:801::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

0ae3b0d98b505d7262ee6c70c2f1c06e48562c5fa47893bfc709a720e0246f7c

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-Wg/f09KDErO3frUy+rIa6Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Fri, 10 Dec 2021 13:04:07 GMT
date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'report-sample' 'nonce-Wg/f09KDErO3frUy+rIa6Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 512
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame 8DEE 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 200 A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js Show response
pagead2.googlesyndication.com/bg/ Frame ECCF 35 KB
13 KB 39ms
38ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/A3sS0H_86Eu8poIaUPJJxUQpsgwPL9Z0aaC7WTcRMFE.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 08:08:39 GMT
content-encoding: br
x-content-type-options: nosniff
age: 104128
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13610
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Fri, 09 Dec 2022 08:08:39 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 36A4 0
0 75ms
75ms Image
text/html 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_2021120601&jk=2761687363296391&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 94ms
93ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:07 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

POST
H2 200 t Show response
t.lkqd.net/ Frame 2313 0
169 B 203ms
202ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H2 200 vpaid_25214542.js Show response
vpaid.springserve.com/production/ Frame A4A5 495 KB
87 KB 24ms
7ms Script
application/javascript 2600:9000:206f:e00:15:6f6c:b180:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:206f:e00:15:6f6c:b180:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6b065f38eaed75574515532e2d687fd23450a662a972d044626b848d6e9d1045

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 19 Nov 2021 18:31:49 GMT
content-encoding: br
last-modified: Fri, 19 Nov 2021 18:30:16 GMT
server: AmazonS3
age: 1794739
etag: W/"185feb14359001049d144410afbeaaa4"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
via: 1.1 cae542650fb32c773cc494fc6e7e71e7.cloudfront.net (CloudFront)
cache-control: max-age=2678400
x-amz-cf-pop: FRA56-C1
x-amz-cf-id: P00PO-4gpP1y1QV10H3_sfAp0-7kU5JlIBtsJNOk2arjoAYRjEVtdg==

GET
DATA 200
OK truncated
/ 35 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/gif

POST
H2 200 t Show response
t.lkqd.net/ Frame 2313 0
169 B 154ms
153ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 102ms
102ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:07 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H2 200 vadtag.html Show response
vpaid.pubmatic.com/ads/video/ Frame A4A5 1 KB
957 B 13ms
12ms XHR
application/xml 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/vadtag.html?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: 07db8bb24ec14bee999808c9e2690dbbcdcf8a61c9b208412ef655890e17cea8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
server: Apache/2.2.15 (CentOS)
etag: "461ced-23ca-5c92d699e808f"
vary: Origin, Accept-Encoding
content-type: application/xml
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
content-length: 694
expires: Fri, 10 Dec 2021 13:04:07 GMT

POST
H/1.1 204
No Content openrtb Show response
ads.adaptv.advertising.com/rtb/ Frame A4A5 0
223 B 220ms
220ms XHR
application/json 3.66.59.71
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.adaptv.advertising.com/rtb/openrtb?ext_id=Vidoomy
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.66.59.71 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-66-59-71.eu-central-1.compute.amazonaws.com
Software: adaptv/1.0 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
access-control-allow-credentials: true
server: adaptv/1.0
Connection: keep-alive
content-length: 0
content-type: application/json

POST
H/1.1 200
OK prebid Show response
ib.adnxs.com/ut/v3/ Frame A4A5 160 B
1004 B 20ms
20ms XHR
application/json 185.33.220.242
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://ib.adnxs.com/ut/v3/prebid

Requested by

Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.220.242 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),

Reverse DNS

724.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.17.9 /

Resource Hash

5287d71a94d956a677a4eed3341271cc0ed7c8666b64c1425cef281a8f3eeaed

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: f4680082-099c-48c5-8280-735283ff665b
Server: nginx/1.17.9
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.elfinancierocr.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 160
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 PMAdMgr.js Show response
vpaid.pubmatic.com/ads/video/ Frame 0F2A 152 KB
36 KB 21ms
20ms Script
text/javascript 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Requested by: Host: blank
URL: about:blank
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: f0f6a8b6c19b0c4d1cab075ab2f4f755cfef747424837668e65f431410f816e8

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
last-modified: Tue, 10 Aug 2021 05:02:46 GMT
server: Apache/2.2.15 (CentOS)
etag: "1408294-25f9a-5c92d699d3c58"
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=10800
accept-ranges: bytes
content-length: 36260

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ 0
20 B 75ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gpt_2021120601&jk=2761687363296391&bg=!KimlKW3NAAZKWFskSlg7ACkAdvg8WndC3nB0n5vpz9ceycQUKr9BxR_SiDHBAuPIL5NQiwySKseWGQIAAACaUgAAAAtoAQeZAsDyO4S1p24LMNfPQA-Nxh_9S8YAbK1Cf2dsmGlrIr-AsHqhzZHWMz9Q0ZbsmRtwojn4oOlCYoWIwLDu-KmD4im6sGnR3rxrFEuJYNDaAnfaj45y0lVeM6MAnQPo5ISMhYTGoxo-kjyLxkqB85dFg6MZtgQb7i_u3SdObtJtWpHdXG113C8MH7f225Gv3MizUouRip0xEC0k8FQoSV1IV2uusJCc3tMb7eW7s1KX7JUips1X3oil-4QgHX3vJZYOPmhWT6h4NfT-FZHo5f0qC-USlQuU15n4Oh6i-eFjM16vB9ZeqqefyolMRDRaP7vkLPxjDKz7JV7pJOF6cUS8TrC7utjYp4eS4Njks8aStDMPchL9S2HNiKNRCFO4enFNJdNahiVX5tR9NaN4wM52xfwlQs6h-5mT8mULOY91Q3GZamsd1t5EuUmOZZeBqOZKyNa-24_KnW8qJSbtY3DyWtbAs1z9ABzSE4ORyGSRlja646dDL_7FSo1Cg1Scq0ekj7oUpG1KqlBH53e52BGaKKkSnYBst6rZdEvuwxXfJYOk_dkyHk4uUTsGNbZSjTFBMDFEMzTMUxxXcmOP_27ANMbb62S739slj7QbQ5otNCAb9RXEYE3qe6EDnmgL9pBi81ILEYaDtn9OtalFSOhfRBFK1CAPeUG-tPPKhO9XaOjl5vEw9UAS1Lzc9fh86wFwlwRkIrBw7SaMNivxa0lFXMPYBwynLfQGlJsS1fJ0MB_se93JxaUHbbYeSMBExvEdSxQdcGUCXbSRpdkdFnMIwbtSyqTXYIVvzT5DFZ46xmgfYrCkoFIdQ8GoerMqfSF4pMHbYRKWcuEzOMhi0GgB9wgHWpDVoh4itdK2ofnjeBUi9z1tQzwbcqR4kOEbX_w9xHMzCIv3XR3DIL-eYNobDbN5v1W5-iOswO6Fl-RFGpKbLw

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 89B4 38 KB
14 KB 8ms
7ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=22231
expires: Fri, 10 Dec 2021 19:14:38 GMT
date: Fri, 10 Dec 2021 13:04:07 GMT
vary: Accept-Encoding

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame 0F2A 38 KB
14 KB 9ms
8ms Script
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Requested by: Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-encoding: gzip
last-modified: Tue, 19 Oct 2021 10:00:01 GMT
server: Apache/2.2.15 (CentOS)
etag: "1302647-96ae-5ceb1b98ba7c4"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: public, max-age=22231
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 13882
expires: Fri, 10 Dec 2021 19:14:38 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame 89B4 2 KB
3 KB 52ms
15ms Script
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=74338037&p=156498&s=399115&a=1801592&ptask=ALL&np=0&fp=0&rp=0&mpc=0&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 6aed5f735fa152456e056b55b251ff9489f06414a708cd6c05dfd9a69a2a30fb

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-type: text/html; charset=UTF-8
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame E277 42 B
64 B 74ms
74ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvDgsLkn94d0f029OQE5BoxTMyEXkqPrmWLWugoXb1xCT-D46U34xHqT2sOyE9PTs4XGJBauin2Z9abTBNcAnc2kZbe6GjQB2xyTKKcHOvIzpZXcPB0Lw&sai=AMfl-YQ2Ai7zhEaPh7gzcnImVrIxr6OiX4gutmJjPXOupYJj-2TQjrxAnHqzYSzbF0_ECtCKvEvlWYH6REfYExqHTldSjIJJJB-VyWaImDj9ahjI6ufzTu8GkF95c59mq4vp&sig=Cg0ArKJSzKJmUrNXt0BCEAE&cid=CAASFeRoKaJqZ5aBY7CthJnXf7dzdm6mOw&id=lidar2&mcvt=1000&p=94,436,184,1164&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=1010108884&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639141446446&rpt=473&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 617F 42 B
64 B 72ms
72ms Fetch
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsulVkC1e4heiKnBI-FhSUqO-cgztv5sL9FrNoJWSBsBA-xLTGzJyH9P2Xb1GagWNSIIMXJXU7SIWnLeWxKtuRezvJWuPbUqerTbQmHO7qa5iynW3w36dQ&sai=AMfl-YTirvOm71vIody8I_f-lMm9dUeEoBYHlyeSvPSRicEE0UeqW3HNP3-DXyJQkXPnbU-purE-bPfJvR8PDjowXdru7CVlth05fQ7yOXZgMXAoLIpUH0XZn34K-hIpYJ2d&sig=Cg0ArKJSzKCSuy1kpLzlEAE&cid=CAASFeRoPhvBrdC5f8VzRqrnt_3idmQs9w&id=lidar2&mcvt=1000&p=299,1043,549,1343&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20211202&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=2218011079&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIl0%3D&vs=4&r=v&rst=1639141446452&rpt=488&isd=0&lsd=0&met=ce&wmsd=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:07 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

match Show response
c1.adform.net/serving/cookie/ Frame 3C3A
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557
https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557

35 B
468 B

19ms
16ms

Document
image/gif

37.157.3.30
ADFORM

General

Check archive.org

Show headers Download Go to

Full URL

https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.3.30 , Denmark, ASN198622 (ADFORM, DK),

Reverse DNS

Software

nginx /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:08 GMT
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

Redirect headers

server: nginx
date: Fri, 10 Dec 2021 13:04:07 GMT
content-length: 0
location: https://c1.adform.net/serving/cookie/match?CC=1&party=14&cid=CA60419D-88C9-444C-969F-AA5BCC10F557
cache-control: no-cache, no-store, must-revalidate, no-transform
pragma: no-cache
expires: -1
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
access-control-allow-methods: GET
access-control-allow-origin: *
access-control-max-age: 86400
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2

200

Pug Show response
image2.pubmatic.com/AdServer/ Frame D8A4
Redirect Chain

https://d5p.de17a.com/getuid/pubmatic?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://d5p.de17a.com/getuid/pubmatic;c?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=$UID
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6201097776656751456

42 B
366 B

14ms
14ms

Document
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6201097776656751456
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 11:07:40 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: amspug0021:0:257
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI3NDUmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=6201097776656751456
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H2 200 usersync.aspx Show response
dis.criteo.com/dis/ Frame A0D3 43 B
335 B 57ms
24ms Document
image/gif 178.250.0.163
ASN-CRITEO-EUROPE

General

Check archive.org

Show headers Download Go to

Full URL: https://dis.criteo.com/dis/usersync.aspx?r=3&p=4&cp=pubmaticUS&cu=1&&gdpr=0&gdpr_consent=&url=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5MjgmdGw9NDMyMDA=&piggybackCookie=uid:@@CRITEO_USERID@@
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software: Kestrel /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
content-type: image/gif
server: Kestrel
cache-control: no-cache
pragma: no-cache
expires: Fri, 10 Dec 2021 00:00:00 GMT
x-errorlevel: 0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cross-origin-resource-policy: cross-origin
server-processing-duration-in-ticks: 8698350

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 7314
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=9
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040058908427090063

42 B
366 B

57ms
16ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040058908427090063
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:08 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug004:0:480
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Server: nginx
Date: Fri, 10 Dec 2021 13:04:07 GMT
Transfer-Encoding: chunked
Connection: keep-alive
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzOTkmdGw9NDMyMDA=&piggybackCookie=7040058908427090063

GET
H2

200

user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 89B4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=ymBBnYjJREyWn6pbzBD1Vw%3D%3D
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=

14 KB
14 KB

11ms
10ms

Image
text/html

2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
content-encoding: gzip
last-modified: Tue, 15 Jun 2021 06:08:03 GMT
server: Apache/2.2.15 (CentOS)
etag: "1300708-3945-5c4c7cc02bd56"
vary: Accept-Encoding
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: max-age=36451
accept-ranges: bytes
content-type: text/html; charset=UTF-8
content-length: 5054
expires: Fri, 10 Dec 2021 23:11:39 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=156578&predirect=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 272
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&redir=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3FpartnerID%3D27%26partnerUID%3D%5BMM_UUID%5D
https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5e9e61b3-5047-4600-8505-4d906c85ad1c

0
260 B

49ms
16ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5e9e61b3-5047-4600-8505-4d906c85ad1c
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: MT3 4133 baa842e master zrh-pixel-x7 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://image4.pubmatic.com/AdServer/SPug?partnerID=27&partnerUID=5e9e61b3-5047-4600-8505-4d906c85ad1c
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2

200

mw
mwzeom.zeotap.com/ Frame 89B4
Redirect Chain

https://pixel.onaudience.com/?partner=214&mapped=CA60419D-88C9-444C-969F-AA5BCC10F557
https://sync.crwdcntrl.net/map/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://sync.crwdcntrl.net/map/ct=y/c=8587/tp=CLOD?https%3A%2F%2Fpixel.onaudience.com%2F%3Fpartner%3D104%26icm%26cver%26mapped%3D%24%7Bprofile_id%7D
https://pixel.onaudience.com/?partner=104&icm&cver&mapped=ed62a075af93b0380e86a4013c8206dc
https://match.adsrvr.org/track/cmf/generic?ttd_pid=xksw9la&ttd_tpi=1
https://pixel.onaudience.com/?partner=147&mapped=c734707d-99bc-4bb1-8322-dcd4d46a7eee&icm
https://spl.zeotap.com/?zdid=1332&zcluid=1fc8a118e810145c
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=3b71d7a0-8f60-499f-778c-1883b819732f&reqId=f61bc459-e1e9-4458-598b-7a7f4ff08f6d&zclui...
https://mwzeom.zeotap.com/mw?google_gid=CAESED84KvOw5Hu-ruuWVCaUeJk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=3b71d7a0-8f60-499f-778c-1883b819732f&reqId=f61bc459-e1e9-4458-598b-7a7...

95 B
164 B

28ms
27ms

Image
image/png

2606:4700:10::6816:1857
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://mwzeom.zeotap.com/mw?google_gid=CAESED84KvOw5Hu-ruuWVCaUeJk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=3b71d7a0-8f60-499f-778c-1883b819732f&reqId=f61bc459-e1e9-4458-598b-7a7f4ff08f6d&zcluid=1fc8a118e810145c&zdid=1332
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
via: 1.1 google
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin
content-type: image/png
access-control-allow-origin: https://ads.pubmatic.com
access-control-allow-credentials: true
cf-ray: 6bb6ad640d93440d-FRA
access-control-allow-headers: *
content-length: 95

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://mwzeom.zeotap.com/mw?google_gid=CAESED84KvOw5Hu-ruuWVCaUeJk&google_cver=1&zpartnerid=1&env=mWeb&eventType=map&id_mid_4=3b71d7a0-8f60-499f-778c-1883b819732f&reqId=f61bc459-e1e9-4458-598b-7a7f4ff08f6d&zcluid=1fc8a118e810145c&zdid=1332
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 469
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_hm=Q0E2MDQxOUQtODhDOS00NDRDLTk2OUYtQUE1QkNDMTBGNTU3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=

42 B
111 B

15ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: no-store, no-cache, private
x-lat: amspug006:0:1085
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MjImdGw9MTI5NjAw&gdpr=0&gdpr_consent=
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=pubmatic&google_cm&google_sc&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKqCC7Sp1bWcyrE3WQ2JDbs&google_cver=1

42 B
438 B

15ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKqCC7Sp1bWcyrE3WQ2JDbs&google_cver=1
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: no-store, no-cache, private
x-lat: amspug002:0:554
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTIxNzcmdGw9MTI5NjAw&gdpr=0&gdpr_consent=&piggybackCookie=CAESEKqCC7Sp1bWcyrE3WQ2JDbs&google_cver=1
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 379
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pubmatic
um.simpli.fi/ Frame 89B4 43 B
616 B 54ms
15ms Image
image/gif 169.50.137.184
SOFTLAYER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODA2JnRsPTUxODQwMA==&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=

Requested by

Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

169.50.137.184 , United States, ASN36351 (SOFTLAYER, US),

Reverse DNS

b8.89.32a9.ip4.static.sl-reverse.com

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
server: nginx
strict-transport-security: max-age=63072000; includeSubdomains; preload
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 09 Dec 2021 13:04:08 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://sync.mathtag.com/sync/img?mt_exid=3&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA%3D%3D%26piggybackCookie%3...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&gdpr=0&gdpr_consent=

42 B
651 B

44ms
16ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug012:0:496
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Date: Fri, 10 Dec 2021 13:04:07 GMT
Server: MT3 4133 baa842e master zrh-pixel-x8 config:1.0.0
Access-Control-Allow-Origin: *
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM2MiZ0bD00MzIwMA==&piggybackCookie=uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&gdpr=0&gdpr_consent=
Cache-Control: no-cache
Connection: keep-alive
Content-Type: image/gif
Keep-Alive: timeout=360
Content-Length: 0
Expires: Fri, 10 Dec 2021 13:04:06 GMT

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=pubmatic&ttd_tpi=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c734707d-99bc-4bb1-8322-dcd4d46a7eee

42 B
293 B

16ms
15ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c734707d-99bc-4bb1-8322-dcd4d46a7eee
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug004:0:518
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NDkmdGw9MTI5NjAw&piggybackCookie=c734707d-99bc-4bb1-8322-dcd4d46a7eee
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 313

GET
H2

200

Pug
simage2.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://c1.adform.net/serving/cookie/match?party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%20COO...
https://c1.adform.net/serving/cookie/match?CC=1&party=14&redirect=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=[PLACE%20YOUR%20PIGGYBACK%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8622795666401676995

42 B
235 B

18ms
16ms

Image
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8622795666401676995
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:07 GMT
cache-control: no-store, no-cache, private
x-lat: lhrpug017:0:785
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
server: nginx
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI4NzUmdGw9NDMyMDA=&piggybackCookie=8622795666401676995
access-control-max-age: 86400
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2

200

Pug
image2.pubmatic.com/AdServer/ Frame 89B4
Redirect Chain

https://ib.adnxs.com/getuid?https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=$UID&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=780122030693327237&gdpr=0&gdpr_consent=

42 B
519 B

47ms
14ms

Image
image/gif

185.64.189.110
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=780122030693327237&gdpr=0&gdpr_consent=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Server: 185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:06 GMT
cache-control: no-store, no-cache, private
x-lat: amspug004:0:360
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:07 GMT
X-Proxy-Origin: 185.213.155.162; 185.213.155.162; 724.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid: 9f55c526-f564-4047-838a-2f8482476757
Server: nginx/1.17.9
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=780122030693327237&gdpr=0&gdpr_consent=
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 AdServerServlet Show response
vid.pubmatic.com/AdServer/ Frame 0F2A 9 KB
5 KB 182ms
143ms XHR
application/xml 185.64.190.75
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://vid.pubmatic.com/AdServer/AdServerServlet?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+7+9+1+1+6&gdpr=0&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,&us_privacy=&cb=1639141447874&SAVersion=2&inIframe=1&pageURL=https%253A%252F%252Fwww.elfinancierocr.com%252Fnegocios%252F%253Futm_source%253DEmail%2526utm_medium%253Dnewsletter%2526utm_campaign%253DEdici%2525C3%2525B3n%252BVespertina%252B2021-12-09%252B19%25253A06%25253A10%2526utm_content%253D-2021-12-10-02&screenResolution=1600x1200&kdntuid=1&vwndh=0&vwndw=0&vwndurl=https%253A%252F%252Fwww.elfinancierocr.com%252Fnegocios%252F%253Futm_source%253DEmail%2526utm_medium%253Dnewsletter%2526utm_campaign%253DEdici%2525C3%2525B3n%252BVespertina%252B2021-12-09%252B19%25253A06%25253A10%2526utm_content%253D-2021-12-10-02&vwndref=https%3A%2F%2Flinks.elfinancierocr.com%2F&vc=2&js=1&sec=1&kltstamp=2021-12-10%2013:4:8&ranreq=0.9089886069782123&timezone=0&depth=0
Requested by: Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.75 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 095b731da6ad661d718f867d71f4634b1dfcdd50af1ac8437d6b28e5fa7c6f62

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
content-encoding: gzip
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-vdbg: 0:16514/243:0
content-type: application/xml; charset=utf-8

GET
H2 200 showad.js Show response
ads.pubmatic.com/AdServer/js/ Frame A747 38 KB
14 KB 10ms
9ms Document
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://ads.pubmatic.com/AdServer/js/showad.js
Requested by: Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: Apache/2.2.15 (CentOS) /
Resource Hash: e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9

Response headers

last-modified: Tue, 19 Oct 2021 10:00:01 GMT
etag: "1302647-96ae-5ceb1b98ba7c4"
server: Apache/2.2.15 (CentOS)
accept-ranges: bytes
content-encoding: gzip
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 13882
content-type: text/html; charset=UTF-8
cache-control: public, max-age=22230
expires: Fri, 10 Dec 2021 19:14:38 GMT
date: Fri, 10 Dec 2021 13:04:08 GMT
vary: Accept-Encoding

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 0F2A 37 KB
15 KB 95ms
56ms XHR
text/xml 74.125.133.157
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-BAcU-6TVVL1GABReSC2eRQd94BWIThmzfUi1rDTkcUkJZFut6It6x_TNQp1aO91WxPVCiBIxy4T278ZDoxA-RDP-4bqg&dbm_d=AKAmf-AWU-_-3m_5RiVDAUhGlDXnfY_-hRX9iqF3H-NnPOikaUpCWRTb0R_hFMfafXlssPhkEhS2d635nQLIusx_0yKw5w9w8XBwQbFM2C2j1YoV_uWiprSoPOhQsdw3rl2nryr6psE0_sVDwUK1GS1orQzGrBLnZzEhJJP45Nz12pVrO-GebwrADlbE8doXUT_zlg8d-f3vcuP90yX-8ri86axFZ2xYBCzxY22H8IVXjRZKOsEBZc3bM061How_Ous7QDE-GPUkh-h950bWVRYKOsrQScE3-ZSVExFfBa4RTdp7BAWrWRN57Blba8m-q1wDA_rluHVCqqkLDJZFKvzRgdVn7ygYSYrO_P6bsBYdPQqEjQKjUQ-1iSfL-w5w8N4veXGR1D1TbHKEjnVNjE2Rk2u3K6bz32GlCe_JbiT-4XMQaFo3JXSvP2cFptMxki6fOPuQT1y8RRDlkK9pKpXvpbAzytlr_9Ntx9EzS6x4dBpsPdwsc71DAjXkfNl6a6xdlu6dE2P396GI_zHUbKBZqRSrZtA4UjN0Fgwr1wn7gXTr8NGF8W4HFTzr2OuYdk5GyLrZ7eOe7SxO2Gq5TxIOS8U2bd9Qu5CgGtHTgFjRzOXvuv2sr6jS0CTsafRSSQtm7o_iBqRFHA5phyZ6ihtHbUduMsaONLHxLQLgk8X3XwTahhjAyhwih7ESiS58SeLGEcjaTOeo4-jnbuN4P62I7uZZXSGfH2NMv4OF0G8L0rUYLbyc1xOJkFBwzHDONhpa1eBqUQrl6eDtUFxAKuivon3gfFPkk_CKDOuuxomPyjVRtsvf1Ul03j1gT8FhFiQ8EIyL1fB39KZ5SNGnawqFP8PLn_2T4LIUoDN9ybrn9RV1tSmj867uGFYQwzqSdbo4qr9l0DtV7LETp_dvLYD0T5mSA8j9JiS25eK3bcVQJ0hiTKwg7MMdXQZUrY6g6hrFJKLDH8c53SNWnKPhvhVoRTtoJK-arrVyQafY71joDxebGzmF2KT2KvYdd7apRWVongaNeEjNF-LJhJC1oc0dxvmdHbMk63zslEqD6yrcjSLaDzS-YNbp8ZDSQHG2ZukB2xCXvcKK9I1vi2MuXg5wzX8MiBHKzjA-9b_oa41N9BJzi53hlQFvUF2kxiGN0Q5e9jjgs4tlcqdkMreLNBH92sNyEczRDLm6BQLRpDN2yutOK6qwdApyYtOG111hjzexxOx-fIAbG70UrqSMwGDzqGjIi0zndH4wn03BNn_cFGOx1DFs_SvwdHpzVSQTkwDECY2R1Wi-eDZaWGGsymCbG0XmKHPaU_qHM_60xHdMhT_80HFvq_PhKGvK_CMl64YhWmuutVwPeqgC1YcIU_QPJcvcMuiaiVZ0a_9eatj3ruUBncuBhb4zrQ78TexwuHSZXwp2Tnlk95zsUiK74ZR3JH_uuS-kUFKq_Ezet7ABctY84Cecqc60ZQzkR6PR-QwbleKLGbzQ4Ty3KgNeutfk4ZRWERNc9osF-eVcMB_irAfn3tCTebh0RKNzfvR4Lz27NP9Rm7kpz80qJBf4BTKf3o9JkBEEcVbhZWHeTKUAHNrdgS2n5yEqWXzziUQNHfOsCM3LvUunmWNodfyeKE9jin36EK5rhqDyLPF8QNm2Ty3Xv1EZ8MIAj-P_s97pFdQsIBaQNOSQjcdbckelWUgTdp9YmTvrN6twH6XRSQJAuwvXZWH7t0DmLdU7RjwLopFhTWNLDSyTYQtISdXsSNSqmGrhjSmjL6LOdccsk-gdWhIHtp5NqnSR1bwtRCEHnloNhi3FvkVsjLuRV9Ii9o4PLlioeDJXH3_G4HCDkoEh6LVbsIzbRKd2T8mUi5CWZnHVhrR38GlBdPo9K5u888D9yEfQ4kUt68qhmwP5I3vNdta6o-kPlgIHQ9I0Wa41jAWLvDU3-4VRjUEHOaS-BLrN4UKhAfeCLEtovwkU55ZH2pC2rfZtxXb8IJJw8T6b9noHKqRZK4XdPQZSHMsSDNqZp5nVK5sUu6FVKKDINz8sufx_H8OeYxBR6OdrSK77Owyel37WS6zi_iirM8G-naaW-38zkdKp5xaJmCeUg8Yy2PpcprNNQFBdNuVeRjiQiEMavl_GPzYB9uaNZilvXeJ7yxKbMTaaHDEv_7ocT7saHgcGm1Umw-18ubm2wsO_AdS5VxMcELV-BkDKsZurRILUb_xQmXuTVjhVcg5QKfpaobolIUNYylIs7Xrvw733Wz8yqVeiiLuu6kSid2wbK--0rt43yvYeKscmzv-lauvnltSQhynlOFwJq4PaiFj54OafP8JTSvlr3-dHRlVFBoGHedHLcREbT0HVNKqarRagWVs4sF6htSfmISNcylBzYO6Ys-B7a7qc-JQggmxal4qbsqekR2AnFX6dmsUig2i8bPzuaQQalWUf_xg8P9Vf20DgOl6INlSgHF7GMd4vDvhMavHV4LxvLgJ8u4xJ_gxr7iDfwe9B-jSQUcwioFuMTpNZ9DYpk614xSkGoulknzfJvDYRvAPfQHoC3b7_FNxf-gmyDmEa0Qz2zABKZAv1dZzhAo8dI1NumEUQeRNYEE3jYlIPS4k-1u5I8mBvkhhsWat9qUeypX7ROuMYzISCfcLM4ZwuY3F6SNLY4v-L1WAFZIqgp1A_cmDQTWxprttEACLLA7ZIKpXkDU9yN969u0NtBOehr14gYAFvnLfHk7S3j0l9P9kdmNPXedFXkGMgbl6WFDwDbn25K7kTgR5s1zc_A01SM6gJ2j-9UWrDVTZfY0L7GaXU3xbZqsRTMLJV_S0KbspVQKNdK17bciqabBO38F3CtsAn0I-cArZXiH-WEduOxySQuaBsrAOuH83NTv0HQaV8TgJkk9LQfNCON29OzN4zKnElNDNIqlruATcZaycEFugPquU6UEFSFAo8txmDkg18b3-03O0Huh7OEfDhsR5eaJfdKPXYafwQGkFVtv-YH2Xs4h2RU0ARswhsk-Y0Xtf-Yp9b2iJ0OpgvwYEchpym5ciJG_lM0nY_4tz-f3wemHh5XUcU4Lv5TjhAS42wxCYV5woeUW5OpJxQlcD4YiFRJRJ_T_SB1w9cl21JT996YwmmQYKPl_nv1BafAYA3-3UA6KH6KgbVm8vMeck60IUOThkKIF7G9fbt_1fUvxzHNdnmRwQabrQvE2b7xnSlZbBusaPEAkUeDnfgn6MqvmDiYfh9SZWmfglH9I_g3KoXd9d4LDUPNRtL6SxEfNjCfJVhKja2PYVhEflEfe4mwORXmSMC9a5e--fg7ay0XK54jQxUfHbpN2eGAac-T59scNWqYIUez0hpUS13TrXr-d6sbNjWQL2EUh_CdLluklPq40lz7bFm4wyig51cnND-tzshxxwU6JaqRsTzY3ejYzJxWDux&cid=CAASEuRozComQ9Xx41O3J0L58i5J6g&pr=6:14.088533

Requested by

Host: vpaid.pubmatic.com
URL: https://vpaid.pubmatic.com/ads/video/PMAdMgr.js?adtype=13&pubId=156498&siteId=399115&adId=1801592&vadFmt=2&vapi=2&vminl=1&vmaxl=181&vh=225&vw=400&placement=1&vtype=1&vpos=1&vplay=2&vskip=0&vcom=0&vfmt=1+3+5+6+7+9+11&sec=1&gdpr==&gdpr_consent=&kadpageurl=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02&schain=1.0,1!vidoomy.com,53160,1,1639141447117,,

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.157 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f157.1e100.net

Software

cafe /

Resource Hash

690a8cb599db5bbfbf7bb8571718c44f8e5dd3f8c9ebad62f391fd1c4be3c4e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14501
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://www.elfinancierocr.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vpaid_adapter.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 1D29 44 KB
16 KB 126ms
37ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

417ba261610ea9dc3cde9f4398825a6afb2c20f965f8b2471d4b990b9cb9bfb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:49:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 872
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16293
x-xss-protection: 0
last-modified: Wed, 08 Dec 2021 17:49:31 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=900
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:04:36 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 1D29 375 KB
124 KB 97ms
48ms Script
text/javascript 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b666cd4fde0554c6dbd946339abca10c1aba4fd4ebebc434e7fe38aa32b301e6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 126530
x-xss-protection: 0
expires: Fri, 10 Dec 2021 13:04:08 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 1D29 0
20 B 73ms
72ms Ping
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=vpaid_adapter_js&event=init&vps=0.24586635328641515&wt=1639141448890&sdkv=h.3.491.0&xai=AKAOjssz7SQ1cG1aDmkoWfwdBFuyceQRelidKzbDYBhrKCeCzUOPVIJzQG3Bz1C__L3xlc5L_qzXP_xGG5Ut09M7tU2XzKq2-YbsYB_9vgre0s4wHB5V6RbX6-fjuM58m3RUD8ibc6hOHH1Hxr_vlJFwpOFc1MGCQpVURqCiLn-qTZ05nAAXis6oPR4ot-9ZTr07nSYjAf3IJczu2vwxH2WsMG7feJW9j2zKCEGw0449agx12cdg8AS3idjcmU7R_Upizg4PeGb_YS9eYePrlb3tcPGIIpCBzwIkcjkPND3D2qE8kINTx3Z_h16QBWAX6AxeDTfMQV-tL5PA0Z58jyZwYa6wLyx0lFNIuQ6zA3ilA_3VbpzNIgQmM5AsQFWBnhjTxhTQw7IAKP1_7t1Gaw-GoXvxKe8wLvwBpsHr_-PjJWUlmnmMZAX1i9NOiqHFpwmaKaNSMbTryW5WzAIs2oFVYaCL-iKrtQGnsdpJtZDGM-63Htlwj2crT-VikZBq2Nx0t8gn0o-4XZ3EdeTjvtTUZSAH3SyTtJCUPUE2pGC5e3u3annh37b5rMPEtFSvGL5jmfRrUmlDGamrrIj7o_ZGdA6WJ92_xLw9Ehgo8J1LehPlk6PvWFraSBj37pDdiSBWfdknrAHneO9bOxNOWmeuLQA8gp__XSm7rfMTWfJCWNs4TLFB93QE4Xtw-1oLN8-ULm0BSyroFqGs6b2I--6VS62KAZlkYupHUuCuEnVsrr1rCClXqWWPmoj_xhOtDuKyeumgKMhnPQBzi3M41T1yV8zKH84pUzfU5sVT42AmIYixkQTEp1eNB3EzCqEPdrUYXswUGQmgTJwRvs8ca-anyQYiQfRb0LXA2OgSHGmgsZ24gWFMXf7UerHEbWhBPJp61ozUQGu6ylssA6T67sT9vhbDxMJ7J47QhpnC_pztVE0WKoXcXET6Yeuh0N3Ecq1170nseQT7Fu6S7ZbypSMLQlFhjx_RmtpDcsxIkB1IPf4iIIlg5YL_EFry1iPFcl5yrK6p5yL8xySrhPL7UyjtvFK0TdjMUOKb-wA3t-OCUEMCQPax5ZXLK6js42AR203G3cIkXRmUD0q44lNw7_gu59KsUotwZ7o31dW7GChwbRqKEn0EdAFRw--7HO1UfMgA2WRHQN0nk1iC68V5znxiS1-py0bV4wv-xS-Q9WAGA7N4U_MM84tQqftWTDKTpGaK-ssaYHaTdA&aid=512137207&len=00%3A00%3A12&url=3,https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail%26utm_medium%3Dnewsletter%26utm_campaign%3DEdici%25C3%25B3n%2BVespertina%2B2021-12-09%2B19%253A06%253A10%26utm_content%3D-2021-12-10-02$0

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:08 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.491.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame D0D5 596 KB
194 KB 41ms
40ms Document
text/html 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.491.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1edd14d473b4324cdc826ba38954236bc9ae02440f0a87a8406fb1cb0f8272a9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-length: 198240
date: Wed, 08 Dec 2021 06:43:36 GMT
expires: Thu, 08 Dec 2022 06:43:36 GMT
last-modified: Wed, 08 Dec 2021 06:40:51 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
cache-control: public, max-age=31536000
age: 195633
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 1D29 44 KB
16 KB 47ms
47ms Script
text/javascript 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:04:09 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 1D29 107 B
122 B 101ms
50ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
date: Fri, 10 Dec 2021 13:04:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: application/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 100
x-xss-protection: 0

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame 9711 37 KB
13 KB 40ms
40ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: srcdoc
URL: about:srcdoc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:35:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1743
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 12861
x-xss-protection: 0
last-modified: Tue, 26 Oct 2021 20:08:54 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Fri, 10 Dec 2021 13:35:06 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D0D5 0
327 B 341ms
124ms Ping
image/gif 2607:f8b0:4009:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kx0ehwre&c=7609775681841&slotId=3804887840920.5&fb=ima_html5-lima&sdkv=h.3.491.0%2Fvpaid_adapter&mrd=4&aab=1&itv=1&eee=missing-element&bi=missing-id&vmfc=14&vhc=0&ghmsh_eids=44753925
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.491.0_en.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:81b::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 1D29 0
54 B 304ms
124ms Ping
image/gif 2607:f8b0:4009:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~kx0ehwn6&c=7609775681841&slotId=3804887840920.5&eee=missing-element&bi=missing-id
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4009:81b::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

206
Partial Content

48
r1---sn-5hnekn7d.c.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mi...
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/id,itag,source,ctier,acao,ip,ipbits,expire/sign...
https://r1---sn-5hnekn7d.c.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/acao,ctier,expire,id,ip,ipbits,it...

972 KB
972 KB

100ms
41ms

Media
video/mp4

2a00:1450:400e:1::6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r1---sn-5hnekn7d.c.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7CB74D1AFA55EFF6A0EC6C41C71CE86F7DF8BD09.04ED49BC0380ED26B5E23C331410856A60FF5B04/key/cms1/cms_redirect/yes/mh/Gy/mip/2a03:1b20:6:f011::2e/mm/42/mn/sn-5hnekn7d/ms/onc/mt/1639140738/mv/u/mvi/1/pl/48?cpn=gMcZRsj-13ZHwBi2&file=file.mp4

Protocol

HTTP/1.1

Server

2a00:1450:400e:1::6 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

54cddf826b355b966e968f4711236e08828ae88b310b46957a0827611695aafc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:09 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 21 Jun 2021 08:34:50 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Content-Range: bytes 0-995220/995221
Cache-Control: private, max-age=86400
Connection: close
Accept-Ranges: bytes
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Content-Length: 995221
Expires: Fri, 10 Dec 2021 13:04:09 GMT

Redirect headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
x-content-type-options: nosniff
server: ClientMapServer
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
location: https://r1---sn-5hnekn7d.c.2mdn.net/videoplayback/id/156f943f501aee9e/itag/22/source/doubleclick_dmm/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/3768712491/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7CB74D1AFA55EFF6A0EC6C41C71CE86F7DF8BD09.04ED49BC0380ED26B5E23C331410856A60FF5B04/key/cms1/cms_redirect/yes/mh/Gy/mip/2a03:1b20:6:f011::2e/mm/42/mn/sn-5hnekn7d/ms/onc/mt/1639140738/mv/u/mvi/1/pl/48?cpn=gMcZRsj-13ZHwBi2&file=file.mp4
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 676
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame D0D5 41 KB
15 KB 42ms
41ms Script
text/javascript 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.491.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 08 Dec 2021 01:21:32 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 214957
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 08 Dec 2022 01:21:32 GMT

GET
H3 200 dot.gif
s0.2mdn.net/ Frame D0D5 43 B
73 B 40ms
39ms Image
image/gif 2a00:1450:4001:830::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/dot.gif

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Thu, 09 Dec 2021 13:17:08 GMT
x-content-type-options: nosniff
age: 85621
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43
x-xss-protection: 0
last-modified: Sun, 01 Feb 2009 08:00:00 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Fri, 10 Dec 2021 13:17:08 GMT

GET
H3 200 activeview
pagead2.googlesyndication.com/pcs/ Frame D0D5 42 B
64 B 76ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjstffuwp0rjaw5vOaFN1Tw-UbDwjp8syxJ-OppuwSwbaSIWZhjhi5o65LminkDGKfHsetU1_7r6oD0lb45LgIxHxUzff4oDdtV8&sig=Cg0ArKJSzOHodzMB_lk7EAE&id=lidarv&acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D960,1645,1185,2045%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D12010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D90%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D264192484%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D555%26pngs%3D9,14,15%26ssb%3D0,0,0,0,0,0,0,0,0,0,0&gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639141449331&avm=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 dc_oe=ChMIlaCi3qXZ9AIVyMwbCh2h8QzVEAAYACC8jPxIOhoIy4j9zwIQwOe8nOsDGNn6294DIN780NzcDkITCLiVl96l2fQCFdGqewodP2ADyg;dc_rmcid=CAASEuRozComQ9Xx41O3J0L58i5J6g;eps=CIBhEAEYHw;av=1;acvw=sv%3D914%26cb%3Dima...
ade.googlesyndication.com/ddm/activity/ Frame D0D5 42 B
107 B 179ms
78ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlaCi3qXZ9AIVyMwbCh2h8QzVEAAYACC8jPxIOhoIy4j9zwIQwOe8nOsDGNn6294DIN780NzcDkITCLiVl96l2fQCFdGqewodP2ADyg;dc_rmcid=CAASEuRozComQ9Xx41O3J0L58i5J6g;eps=CIBhEAEYHw;av=1;acvw=sv%3D914%26cb%3Dima%26e%3D15%26nas%3D1%26sdk%3Dh%26p%3D960,1645,1185,2045%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D12010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26ic%3D18%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D90%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D264192484%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D555%26pngs%3D9,14,15%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639141449331;ecn1=0;etm1=0;eid1=200101;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlaCi3qXZ9AIVyMwbCh2h8QzVEAAYACC8jPxIOhoIy4j9zwIQwOe8nOsDGNn6294DIN780NzcDkITCLiVl96l2fQCFdGqewodP2ADyg;dc_rmcid=CAASEuRozComQ9Xx41O3J0L58i5J6g;eps=CIBhEAEYHw;av=1;acvw=sv%3D914%26cb%3Dima%26e%3D0%26nas%3D1%26sdk%3Dh%26p%3D960,1645,1185,2045%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D0%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D0%26pst%3D-1%26dur%3D12010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D0%26is%3D18%26i0%3D18%26ic%3D0%26cs%3D18%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D90%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D264192484%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D557%26pngs%3D9,14,15s%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639141449331;dc_rfl=3,https%253A%252F%252Fwww.elfinancierocr.com%252Fnegocios%252F%253Futm_source%253DEmail%2526utm_medium%253Dnewsletter%2526utm_campaign%253DEdici%2525C3%2525B3n%252BVespertina%252B2021-12-09%252B19%25253A06%25253A10%2526utm_content%253D-2021-12-10-02%240;ecn1=0;etm1=0;eid1=210001;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/dc_oe=ChMIlaCi3qXZ9AIVyMwbCh2h8QzVEAAYACC8jPxIOhoIy4j9zwIQwOe8nOsDGNn6294DIN780NzcDkITCLiVl96l2fQCFdGqewodP2ADyg;dc_rmcid=CAASEuRozComQ9Xx41O3J0L58i5J6g;eps=CIBhEAEYHw;av=1;acvw=sv%3D914%26cb%3Dima%26e%3D10%26nas%3D1%26sdk%3Dh%26p%3D960,1645,1185,2045%26tos%3D0,0,0,0,0%26mtos%3D0,0,0,0,0%26amtos%3D0,0,0,0,0%26mcvt%3D0%26ps%3D-12245933,-12245933%26scs%3D1600,1200%26bs%3D0,0%26vht%3D0%26mut%3D0%26a%3D0%26ft%3D0%26dft%3D0%26at%3D0%26dat%3D0%26as%3D0%26vpt%3D11%26gmm%3D4%26efpf%3D2%26nmt%3D1%26tcm%3D0%26bt%3D11%26pst%3D-1%26dur%3D12010%26vmtime%3D-1%26dvs%3D0%26dfvs%3D0%26dvpt%3D11%26is%3D18%26i0%3D18%26ic%3D4096%26cs%3D4114%26c%3D0%26mc%3D0%26nc%3D0%26mv%3D0%26nv%3D0%26lte%3D0%26ces%26femt%3D90%26femvt%3D0%26emc%3D2%26emuc%3D0%26emb%3D0,0,0,0,0%26avms%3Dexc%26qi%3D264192484%26psm%3D-2147483648%26psv%3D0%26psfv%3D0%26psa%3D0%26ptlt%3D561%26pngs%3D9,14,15s%26ssb%3D0,0,0,0,0,0,0,0,0,0,0;gv=atos%3D0,0,0,0,0%26avt%3D0%26davs%3D0%26dafvs%3D0%26ss%3D0%26t%3D1639141449331;ecn1=0;etm1=0;eid1=210006;

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK analytics.js Show response
s.update.rose.pubmatic.com/2/925744/ Frame 0F2A 85 KB
29 KB 179ms
76ms Script
text/javascript 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.rose.pubmatic.com/2/925744/analytics.js?dt=9257441496860488980012&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-7-190.eu-west-1.compute.amazonaws.com

Software

Resource Hash

4c719658fe8b3e830a861304b318ed9515b8086dec166e92253905565af2feda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:09 GMT
Content-Encoding: gzip
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 29648
Expires: 0

POST
H2 200 i Show response
vid-io-cle.springserve.com/vd/ Frame A4A5 0
121 B 351ms
118ms XHR
text/plain 3.20.211.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-cle.springserve.com/vd/i?suuid=bae7938d&ps_id=356921&batch=1&imp=1
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.20.211.8 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-20-211-8.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:09 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0

POST
H2 200 i Show response
vid-io-cle.springserve.com/vd/ Frame A4A5 0
122 B 349ms
117ms XHR
text/plain 3.20.211.8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vid-io-cle.springserve.com/vd/i?suuid=bae7938d&ps_id=356921&batch=2
Requested by: Host: vpaid.springserve.com
URL: https://vpaid.springserve.com/production/vpaid_25214542.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.20.211.8 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-20-211-8.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:09 GMT
access-control-allow-credentials: true
server: nginx
content-length: 0

GET
H2 200 track
aktrack.pubmatic.com/ Frame 0F2A 0
61 B 30ms
27ms Image
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aktrack.pubmatic.com/track?operId=7&p=156498&s=399115&a=1801592&wa=243&ts=1639141448&wc=16514&crId=390557566&ucrid=6250493520600702575&impid=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ecpm=14.604280&e=1&vc=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:09 GMT
content-length: 0
content-type: text/html

GET
H/1.1 200
OK analytics.gif
s.update.rose.pubmatic.com/2/925744/ Frame 0F2A 49 B
384 B 131ms
32ms Image
image/gif 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.update.rose.pubmatic.com/2/925744/analytics.gif?dt=9257441544206325357000&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&ap=&di=elfinancierocr.com&ac=16514&cr=6250493520600702575
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: d8eb0eea39a37b88dc5af05c475212e7a86814b77e9f9814e88ab458e3b7111a

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:09 GMT
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: *
Content-Type: image/gif
Cache-Control: no-cache, no-store, must-revalidate, no-transform, private, max-age=0
Timing-Allow-Origin: *
Content-Length: 49
Expires: 0

GET
H2 200 AdDisplayTrackerServlet
aktrack.pubmatic.com/AdServer/ Frame 0F2A 0
61 B 32ms
31ms Image
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aktrack.pubmatic.com/AdServer/AdDisplayTrackerServlet?operId=1&pubId=156498&siteId=399115&adId=1801592&adType=13&adServerId=243&kefact=14.604280&kaxefact=14.604280&kadNetFrequecy=0&kadwidth=0&kadheight=0&kadsizeid=97&kltstamp=1639141448&indirectAdId=0&adServerOptimizerId=2&ranreq=0.9089886069782123&kpbmtpfact=14.088533&dcId=3&tldId=54557229&passback=0&svr=ADS23006U&adsver=_3437831632&adsabzcid=0&cls=ADS&ekefact=SFCzYVK-CABd2nIMks5rQjfOFlkjjW1B3IYM6tzZZDwbs72a&ekaxefact=SFCzYW--CAAGzeJzOI9y5kug5bDeMLI2C2f0oW_kxFYKhPqI&ekpbmtpfact=SFCzYY6-CAD2vDiIFmT5DG3Uux5E0Crmr11L97Yu74hT8R3O&enpp=SFCzYam-CAA-VZ_E5MsxJ2W_zEqlpjZeQI_UEJJLx-afVL3o&pfi=1&domId=17233846853271201187&dc=lhr19&crID=390557566&lpu=yokoy.ai&ucrid=6250493520600702575&campaignId=16514&creativeId=0&pctr=0.000000&wDSPByrId=699797686&wDspId=80&wbId=0&wrId=0&wAdvID=1&wDspCampId=15154007685&isRTB=1&rtbId=403E507F-31B6-4930-8A45-B0AB99A325A6&imprId=E9E54128-353B-4AED-946E-D84D8A9F6CB7&oid=E9E54128-353B-4AED-946E-D84D8A9F6CB7&cntryId=58&domain=elfinancierocr.com&sec=1&pAuSt=2&wops=0&sURL=elfinancierocr.com&BrID=5&tpb=2&vc=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:09 GMT
content-length: 0
content-type: text/html

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame 0F2A
Redirect Chain

https://image8.pubmatic.com/AdServer/ImgSync?&fp=1&mpc=10&p=156498&gdpr=0&gdpr_consent=&pmc=-1&pu=https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fpmc%3D-1%26partnerID%3D156498%26partnerUID%3D...
https://pixel.quantserve.com/pixel/p-5aWVS_roA1dVM.gif?idmatch=0&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?gdpr=0&vcode=bz0yJnR5cGU9MSZjb2RlPTExMTMmdGw9NDMyMDA=&piggybackCookie=v4kZJbyITy-k2hkg74BWJ7iIHS6kixl374hv4kM4
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/58292/sync?_origin=1&uid=CA60419D-88C9-444C-969F-AA5BCC10F557&redir=true&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dzG1KBBE2uVch.qgEc13SV3Vd3wIT0c-~A&gdpr=0&gdpr_consent=

0
128 B

21ms
20ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dzG1KBBE2uVch.qgEc13SV3Vd3wIT0c-~A&gdpr=0&gdpr_consent=
Protocol: H2
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:09 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?partnerID=156078&xid=y-dzG1KBBE2uVch.qgEc13SV3Vd3wIT0c-~A&gdpr=0&gdpr_consent=
date: Fri, 10 Dec 2021 13:04:09 GMT
server: ATS/9.1.0.33
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame 0F2A 0
24 B 84ms
83ms Image
image/gif 142.250.186.66
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuep3QFjdeN5xPx9C2iu3YMMpH0WTsmDG6fBlDkXhvnQGcV_agcis9212kOqtkBlXo0xvhLNEG7qltFFjzQ9gNem_XuwUrMhDMErIK5mOyfx0gpxdC3Xudc5LxgYuxtpbfP7-OZ8UXH7XLWSnLltvyV3u3X19xRBtr-jmVOEVfnr1Q4HQ1RKXflpvCkqN6dWbJmbB3MbTy0yLNtCLTIj2AZiaDQsa_0vDshBZYKhz8yzIbhrbGwqKok4EXaCt10O7biXqER0KN-CoFl8mv5OQynnVF0tDe6_Oh43le1FZEQu8uUirhnf0hpONRP3T0_SqgpxhJ0LeUemBagaDrTGNHupD_sBOqwacjXKL9FuOZOKelXtMVY9cJ_yk9hKXnp9SonmHrJp9NPvnUXZ5cDKdBeuVFlj3BW2WDqgayzoJ2a-zIu_ZzhoheF3ZwBd9RoPos5zvxLVRjMechFpfVxImNVHUA1osW2YLPyCUcigaLQpuxXFvUYuVijCL-unzJteiNbCb3HAaJCJu7UUifNZca-awRxXs_wc53j2QLBg7GbSHyQsAxunxIbGRwANzrveO1-45mf9rxPxVh8gqbXPyUHMtLcc48AUVWTUlNeZ11lSlLDJi9fbs5IV-MDdWPHm8bhrDrhiPFBEcKnIIqYNciwYiVnvybrAl-hEh392q3Ocedto1sHo3xuhlw3YChKo95Ny5WXl1a__Txur27vYvPOVrIt88bpgMrHgiB4p-kGE3_h__3_HTNRLjoe2HuM2ME5B10q91HbZew3PkZgk9sIO1p6uIYaIuOYUvBbWZk4rGUgtYq4Wc5aizENC1CqMkN9tIAXsPGmpStMpCYjOIoReDaJ7Q5GyDr6u4_CxwK5QX1f9Gr4_3i_NvRVU03D-zLsIS4coi6zbe2FSDnaVTPl9CkdkwC9JegEEYq4dNi8ZleJg_QF3eSXg9VCQCTLjsWXn1BBS90yce6nGaZpzLNZIv31DvwcRBhIPW1wY6XUPtb0r-lCU-tCElnZTQOLVeq5nOqgEvK97XlB80oDx8KGfeyZGPJ9JK3JwqIq3fcZgRHIMu1MV6TD_cUv1puVYsvvd7JCI9F68hTOU4GaPXOdF1wUgkkzc06nihcFGDzL5DQ5VeAfKwPbfge7z3_H9b9EAFXhADjj18QDnEaNMyPNZpM4U0yII-ngiiVQNRTLfKef8NF5meFTAhtXfu34C9LJHt3cQdjJ8K8&sai=AMfl-YQWlcVFE6oFPCvfNzLAlyBW6_ec4pNzaUKHs5aala8gpb7HiUSoSdojBgKXP9soTxtsa0z6rolAqZFg753wNxRGJ7IrZPnjWYC3OC-r1Vw7WDI0rlnV-oD5QtpbRxQ6CAPlyh0r5rmqm1YgkkToJEWweFcG_A&sig=Cg0ArKJSzCkZSkV3neOnEAE&uach_m=[UACH]&pr=6:14.088533&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&adurl=

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f2.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

timing-allow-origin: *
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date: Fri, 10 Dec 2021 13:04:09 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: private
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
server: cafe

GET
H/1.1

200
OK

/
cm.adsafety.net/ Frame 0F2A
Redirect Chain

https://googleads.g.doubleclick.net/xbbe/pixel?d=CLah2M0CEMuI_c8CGP7enboBIAEwAQ&v=APEucNXO9nhDnRjPbll2uPolNtJunBGqmh2muvqCfXgjxfMVmtaj0DxU6h5jn4bNGFnSrmzl_rPd6xtQJ11yoZhPI6s42ZKqg4zlf_fu0FnzYeHTo_K...
https://cm.g.doubleclick.net/pixel?google_nid=smartstreamtv_dbm&google_cm&google_dbm&gdpr=0
https://ads.smartstream.tv/cm/?cmsrc=dcm&gdpr=0&google_gid=CAESELqJ-QRPWeUy1YIARnEzgvw&google_cver=1
https://cm.adsafety.net/?_cmsrc=dcm&testmidt=1&testdid=CAESELqJ-QRPWeUy1YIARnEzgvw&idt=0&did=0&data[stv][midt]=100&data[stv][mdid]=242c29d0275d9a76f624ec04ae107660&uid=242c29d0275d9a76f624ec04ae107...
https://match.adsrvr.org/track/cmf/generic?ttd_pid=admans&ttd_tpi=1
https://cm.adsafety.net/?_cmsrc=ttdx&idt=100&did=c734707d-99bc-4bb1-8322-dcd4d46a7eee
https://tags.adsafety.net/v1/cm?cm_uid=CM1202112101329e93555c48606f3603&redirect=https%3A%2F%2Fcm.adsafety.net%2F%3F_cmsrc%3Dct%26_chainsrc%3Ddefault%26idt%3D%5B%25IDT%25%5D%26did%3D%5B%25DID%25%5D
https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=default&idt=100&did=242c29d0275d9a76f624ec04ae107660

43 B
2 KB

46ms
46ms

Image
image/gif

85.90.244.253
LINODE-AP Linode

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=default&idt=100&did=242c29d0275d9a76f624ec04ae107660
Protocol: HTTP/1.1
Server: 85.90.244.253 Frankfurt am Main, Germany, ASN63949 (LINODE-AP Linode, LLC, US),
Reverse DNS: li1427-253.members.linode.com
Software: nginx /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:10 GMT
Last-Modified: Fri, 10 Dec 2021 13:04:10 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
Connection: keep-alive
Expires: Mon, 28 Jul 1997 05:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Fri, 10 Dec 2021 13:04:10 GMT
Last-Modified: Fri, 10 Dec 2021 13:04:10 GMT
Server: nginx
Location: https://cm.adsafety.net/?_cmsrc=ct&_chainsrc=default&idt=100&did=242c29d0275d9a76f624ec04ae107660
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: post-check=0, pre-check=0
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H2 200 track
aktrack.pubmatic.com/ Frame 0F2A 0
61 B 51ms
50ms Image
text/html 2.18.233.180
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://aktrack.pubmatic.com/track?operId=7&p=156498&s=399115&a=1801592&wa=243&ts=1639141448&wc=16514&crId=390557566&ucrid=6250493520600702575&impid=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ecpm=14.604280&e=2&pfi=1&plmt=1&vps=1&ch=3&it=1&vadFmt=5&vapi=2&sURL=elfinancierocr.com&vc=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.180 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a2-18-233-180.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:09 GMT
content-length: 0
content-type: text/html

GET
H2 200 dc_oe=ChMIlaCi3qXZ9AIVyMwbCh2h8QzVEAAYACC8jPxIOhoIy4j9zwIQwOe8nOsDGNn6294DIN780NzcDkITCLiVl96l2fQCFdGqewodP2ADyg;dc_rmcid=CAASEuRozComQ9Xx41O3J0L58i5J6g;eps=CIBhEAEYHw;met=1;ecn1=1;etm1=0;eid1=11;
ade.googlesyndication.com/ddm/activity/ Frame 0F2A 42 B
494 B 170ms
77ms Image
image/gif 172.217.16.130
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f130.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 4444 23 KB
9 KB 39ms
39ms Document
text/html 2a00:1450:4001:808::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/

Response headers

accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin: *
content-length: 8727
date: Wed, 08 Dec 2021 18:15:13 GMT
expires: Thu, 08 Dec 2022 18:15:13 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
age: 154136
cache-control: public, max-age=31536000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H3 200 b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js Show response
pagead2.googlesyndication.com/bg/ Frame 4444 35 KB
13 KB 39ms
39ms Script
text/javascript 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/b_8rsBg2pSAE7OSEuXeXkmKAJRzK7XLbOE8Wp2RNR2Q.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 11:59:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 3859
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 13622
x-xss-protection: 0
last-modified: Mon, 06 Dec 2021 19:18:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 10 Dec 2022 11:59:50 GMT

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 118ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?oz_pl=1&pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&_x=1
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/925744/analytics.js?dt=9257441496860488980012&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:09 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H/1.1 200
OK main.js Show response
s.update.rose.pubmatic.com/2/2.42.0/ Frame 0F2A 154 KB
48 KB 29ms
28ms Script
text/javascript 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://s.update.rose.pubmatic.com/2/2.42.0/main.js

Requested by

Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/925744/analytics.js?dt=9257441496860488980012&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-17-7-190.eu-west-1.compute.amazonaws.com

Software

Resource Hash

537af3e7035e7f334c4414cf45d25f378f279843c35eeb375675639f24202ee8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Fri, 10 Dec 2021 13:04:09 GMT
Content-Encoding: br
Accept-Ch: Viewport-Width, Width, DPR, RTT, ECT, Device-Memory, Downlink, Save-Data
Vary: Origin, Accept-Encoding
Content-Type: text/javascript; charset=utf-8
Cache-Control: public, no-transform, immutable, max-age=999999999
Strict-Transport-Security: max-age=31536000; includeSubDomains
Timing-Allow-Origin: *
Content-Length: 48512
Expires: Mon, 18 Aug 2053 10:21:40 GMT

POST
H/1.1 200
OK postback
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
214 B 30ms
29ms Ping
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?oz_pl=1&pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&_b=1
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/925744/analytics.js?dt=9257441496860488980012&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.elfinancierocr.com
Date: Fri, 10 Dec 2021 13:04:09 GMT
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
214 B 28ms
28ms Ping
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?oz_pl=1&pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&_b=1
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/925744/analytics.js?dt=9257441496860488980012&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://www.elfinancierocr.com
Date: Fri, 10 Dec 2021 13:04:09 GMT
Access-Control-Allow-Credentials: true
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 94ms
93ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:10 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
DATA 200
OK truncated
/ 477 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f9a8536bd32bcd9ecba5f08463ea344cfbcf4a2e0c1af51ce14089dcd4dbac51

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 t Show response
t.lkqd.net/ Frame 2313 0
169 B 102ms
102ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:10 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

GET
H2 200 imp
stg.vidoomy.com/api/rtbserver/ Frame 2B9D 9 B
89 B 8ms
8ms Image
application/json 99.83.189.147
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stg.vidoomy.com/api/rtbserver/imp?ad_type=Video&adomain=&c=DE&crid=&deal=&domain=elfinancierocr.com&dsp=1010002&dsp_ssp=&dt=2&gdpr=0&gdprcs=1&money=0&os=&p=&p_id=&s=&seat=&size=&sspid=&sync=&zid=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 99.83.189.147 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ae6a0aaac8071ff4b.awsglobalaccelerator.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:10 GMT
content-length: 9
vary: Origin
content-type: application/json

POST
H2 200 t Show response
t.lkqd.net/ Frame 2313 0
169 B 100ms
99ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:10 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 223ms
223ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:10 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
H2 200 SPug Show response
simage4.pubmatic.com/AdServer/ Frame 89B4 0
260 B 52ms
15ms Script
text/plain 198.47.127.20
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage4.pubmatic.com/AdServer/SPug?partnerID=156498&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js?
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.20 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:08 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2

200

p2
sb.scorecardresearch.com/ Frame 2B9D
Redirect Chain

https://sb.scorecardresearch.com/p?C1=1&C2=23229166&C3=platform&C5=01&C7=https://www.elfinancierocr.com/negocios/?utm_source=Email&utm_medium=newsletter&utm_campaign=Edici%C3%B3n+Vespertina+2021-12...
https://sb.scorecardresearch.com/p2?C1=1&C2=23229166&C3=platform&C5=01&C7=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail&utm_medium=newsletter&utm_campaign=Edici%C3%B3n%20V...

64 B
329 B

12ms
12ms

Image
image/gif

13.35.253.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?C1=1&C2=23229166&C3=platform&C5=01&C7=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail&utm_medium=newsletter&utm_campaign=Edici%C3%B3n%20Vespertina%202021-12-09%2019%3A06%3A10&utm_content=-2021-12-10-02
Protocol: H2
Server: 13.35.253.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-71.fra6.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:10 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: 1zEQ8CrPjRkJ_F27qw-BLc2TkJpH4dc9KUVanFEDTL-mwh7kSIp5tQ==

Redirect headers

date: Fri, 10 Dec 2021 13:04:10 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?C1=1&C2=23229166&C3=platform&C5=01&C7=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F%3Futm_source%3DEmail&utm_medium=newsletter&utm_campaign=Edici%C3%B3n%20Vespertina%202021-12-09%2019%3A06%3A10&utm_content=-2021-12-10-02
content-length: 283
x-amz-cf-id: KKEy3Caek65IAO9YoLqInVYOSMrW94HMr96gVEf1RCZD9hiMdv_asg==

GET
H2

200

p2
sb.scorecardresearch.com/ Frame 2B9D
Redirect Chain

https://sb.scorecardresearch.com/p?c1=2&c2=23229166&c3=platform&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1639141447&ns_st_ec=1&ns_st_cn=1&ns_st_ev=...
https://sb.scorecardresearch.com/p2?c1=2&c2=23229166&c3=platform&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1639141447&ns_st_ec=1&ns_st_cn=1&ns_st_ev...

64 B
330 B

11ms
11ms

Image
image/gif

13.35.253.71
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sb.scorecardresearch.com/p2?c1=2&c2=23229166&c3=platform&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1639141447&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=30000&ns_st_pt=0&ns_ts=1639141447
Protocol: H2
Server: 13.35.253.71 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-35-253-71.fra6.r.cloudfront.net
Software: /
Resource Hash: 831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:10 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
etag: W/"40-jHLN3x5dWpBzaQm4lkBmDWvrjrg"
x-cache: Miss from cloudfront
content-type: image/gif; charset=utf-8
content-length: 64
x-amz-cf-id: jrEA1pFBaKHVJWNb4VH8KnYXVE7f4XPKtR1EZvQx0FM3byx2Wmfsww==

Redirect headers

date: Fri, 10 Dec 2021 13:04:10 GMT
via: 1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
vary: Accept
x-cache: Miss from cloudfront
content-type: text/plain; charset=utf-8
location: https://sb.scorecardresearch.com/p2?c1=2&c2=23229166&c3=platform&ns_ap_sv=2.1511.10&ns_type=hidden&ns_st_it=a&ns_st_sv=4.0.0&ns_st_ad=1&ns_st_sq=1&ns_st_id=1639141447&ns_st_ec=1&ns_st_cn=1&ns_st_ev=play&ns_st_ct=va&ns_st_cl=30000&ns_st_pt=0&ns_ts=1639141447
content-length: 279
x-amz-cf-id: f-lDSVz8gSVoEOu5enJZbBEynSWxtPyLuMXlmmok5wn4-XXSpYvDEg==

GET
H2 200 i
vid-io-cle.springserve.com/vd/ Frame 2B9D 43 B
120 B 110ms
110ms Image
image/gif 3.20.211.8
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://vid-io-cle.springserve.com/vd/i?event=vast_flash_impression
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.20.211.8 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-20-211-8.us-east-2.compute.amazonaws.com
Software: nginx /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:10 GMT
server: nginx
content-length: 43
content-type: image/gif

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?oz_pl=1&pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&_x=1
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/925744/analytics.js?dt=9257441496860488980012&c3=1&pv=&pp=156498&si=399115&pi=1801592&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:09 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 48ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141450293&oz_l=116&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:09 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H3 204 csi
csi.gstatic.com/ Frame D0D5 0
17 B 235ms
122ms Ping
image/gif 2607:f8b0:4009:81b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~kx0ehwsj&c=7609775681841&slotId=3804887840920.5&fb=ima_html5-lima&sdkv=h.3.491.0%2Fvpaid_adapter&mrd=4&aab=1&itv=1&gpm_i=14&gpm_c=14&gpm_a=14&smb=1000&br=467&mt=video%2Fmp4&vs=1280x720&webm=4&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm%2Cvideo%2Fwebm&hvmf=false&vms=1&bit=22&vsrc=doubleclick_dmm&met.4=ff.kx0ehx2p
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.491.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4009:81b::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://imasdk.googleapis.com/
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:10 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4444 0
20 B 74ms
74ms Image
image/gif 2a00:1450:4001:82f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.3.491.0&bgai=BaXWjSFCzYZXcJ8iZb6Hjs6gNAAAAADgB4AQC&bg=!5Oel56PNAAZKWFskSlg7ACkAdvg8WgDIKxzVnQrPy69NsH3v4R2mp26O62tB7Dgkp1l3ybRmlVI4eQIAAAIvUgAAAA5oAQeZAtivkRwvJmh7_yrI_EWKXYvzigG_JnZTiHn9UM6lE82kOQcAhkFDnb2BQzwc7juPvpqCiDI0a890PCBI61BotT-wH6lh8N-cI4h6mgF_SrIJkimAiOP9W26wsnOY0r-IzeGZUs9djTsqmsWfUujp3vxSfVSe2lu07nduAXJOcSlPKTKhZyNvy9JyxErPEB6MiU9AfPWu8ed3Yks0aO9M-gzqzsrrlWI6FrzY5f4KE2B-J4o7sqY0Obri9xgEVJUGk1P_0eSFKHIEEAnvXyDwh_TA-fOWt-26yYKiwB7NbIgkKxXxdq58Td4K7SkdIx_WpgIw-ANDGLWvQq8qREc7MGyiWJg8FwqfSZonzvue8lWz2HRsrnRU90BO50egGFTcJE0QMvU7wZTg3PlPGzLGTltPZEBdWTvK62rNH8krF4ZhrgiDIpx9dM6QpqM27e2-pMtqLzNgn8Y4gTs27RLf0GNFEfhT_tfVxd3I5bXLdNezDZWKwOyhGxO7iNfgC0Jc26m8WmNv58749IvdRQ0O8BhaMEr_X5IUM3bicikxAhZaJuEhhiv2Jer3Wo6qmI-JRhKBXxptzDVx2uoqShEuiEuDVrxfPeXnXul2T1mdsnYHjtUS9Q5CqveYDdVx8d14L_YimkDerA73mbJsiaLRs9BbIosxmUKYGfy2p9inqbKvzvcqHYgLwwqjd35GxIq_-awYb9CIXCxQakZ56i6V1X1K9drvP53dwQS5KKisDgH7YYXSIl8lmgNkqb1_rv0OyRqNFfAqLCddZq_bxoZvZSKq-9HKA7TvwD5ee1NPEvVkSRyiEjwI1uXQEHEnVRgDj7Gea9SYFmazYBIZzKZxpfLcyvw_E1k9wkFuORWHuZ1FcyNCKELfB1gbky2bwjrhl6tUGVlhXIA4O0fkirBbOCTAfN7D3OD30Py6WoO_p3l9LBFJtQlO3Sr_NVxVcko-61z13FD9-cFngQ

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:10 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 30ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141450470&oz_l=5544&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:09 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 OneSignalSDKStyles.css
onesignal.com/sdks/ 82 KB
9 KB 21ms
21ms Stylesheet
text/css 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://onesignal.com/sdks/OneSignalSDKStyles.css?v=2
Requested by: Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:10 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 3091
etag: W/"4e9aaefffd5f8ae7dc83361aa2294190"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=259200
cf-ray: 6bb6ad71ce3e4a61-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
expires: Mon, 13 Dec 2021 13:04:10 GMT

POST
H2 200 t Show response
t.lkqd.net/ Frame 2313 0
169 B 98ms
97ms XHR
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Requested by: Host: ad.lkqd.net
URL: https://ad.lkqd.net/vpaid/vpaid.js?fusion=1.0
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: https://www.elfinancierocr.com
date: Fri, 10 Dec 2021 13:04:10 GMT
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: true
server: nginx
content-length: 0
content-type: text/plain; charset=UTF-8

OPTIONS
H2 200 t
t.lkqd.net/ Frame 0
0 94ms
94ms Preflight
text/plain 146.20.128.41
RACKSPACE

General

Check archive.org

Show headers Download Go to

Full URL: https://t.lkqd.net/t
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.20.128.41 , United States, ASN27357 (RACKSPACE, US),
Reverse DNS
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Origin: https://www.elfinancierocr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:10 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-credentials: true
access-control-expose-headers: Content-Type, Content-Disposition
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, OPTIONS, POST
cache-control: max-age=300
access-control-max-age: 300
access-control-allow-origin: https://www.elfinancierocr.com

GET
DATA 200
OK truncated Show response
/ Frame 54C0 13 B
13 B Document
text/html

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Request headers

Upgrade-Insecure-Requests: 1
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type: text/html;charset=utf-8

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141450670&oz_l=1445&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:10 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141450868&oz_l=36&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:10 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141451100&oz_l=190&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:10 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H3 200 icon Show response
onesignal.com/api/v1/apps/ed42b0eb-86e1-445d-b83e-a6cf15f859cb/ 184 B
618 B 312ms
301ms Fetch
application/json 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://onesignal.com/api/v1/apps/ed42b0eb-86e1-445d-b83e-a6cf15f859cb/icon

Requested by

Host: cdn.onesignal.com
URL: https://cdn.onesignal.com/sdks/OneSignalPageSDKES6.js?v=151510

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c80018b097710f6a08e8187167a7faf5182277391e7bf25652a1a67c26a7a4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:11 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: REVALIDATED
status: 200 OK
x-envoy-upstream-service-time: 17
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-xss-protection: 1; mode=block
x-request-id: d58b0849-5e81-4fd7-b09f-56a52f43497c
x-runtime: 0.014453
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"1c80018b097710f6a08e8187167a7faf"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=0, private, must-revalidate
cf-ray: 6bb6ad769c702b7d-FRA
access-control-allow-headers: SDK-Version

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141451284&oz_l=265&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:10 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141451451&oz_l=811&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:10 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 200 a08bd2d7-45de-46e1-9a0e-01855e3fc557
img.onesignal.com/permanent/ 4 KB
4 KB 25ms
16ms Image
image/jpeg 2606:4700::6812:e234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.onesignal.com/permanent/a08bd2d7-45de-46e1-9a0e-01855e3fc557
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8565b1d1130c05a72e483ffe39c687cbc9df7a99151befedd5433b291d182d22

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://www.elfinancierocr.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:11 GMT
cf-cache-status: HIT
age: 1452
x-amz-meta-cache-control: public, maxage=604800
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
content-length: 4216
x-amz-id-2: RRxtYJs8VDnlIoAZ63M7i6x+PSix1CF0FUyEiRl1gYqywso5twiq28IkNbtwkrU7rOk9Im1Kk7g=
last-modified: Fri, 12 Nov 2021 21:50:50 GMT
server: cloudflare
etag: "730683334d8f8657e797658e53cde8e6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
x-amz-request-id: X1PK3WERX28CB20A
cache-control: public, max-age=2678400
accept-ranges: bytes
cf-ray: 6bb6ad78cd514a8c-FRA
expires: Mon, 10 Jan 2022 13:04:11 GMT

GET
H2 200 PugMaster Show response
image6.pubmatic.com/AdServer/ Frame A747 1 KB
2 KB 15ms
14ms Script
text/html 198.47.127.19
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://image6.pubmatic.com/AdServer/PugMaster?sec=1&async=1&kdntuid=1&rnd=15521954&p=156498&s=399115&a=0&ptask=DSP&np=0&fp=1&rp=1&mpc=10&spug=1&coppa=0&gdpr=0&gdpr_consent=&us_privacy=
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 198.47.127.19 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: /
Resource Hash: 92d88f0cef95bdf0ab91902d79bb5b1b4e2a79e2e22d8eedb89ca9eb47f0ce14

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 1386
content-type: text/html; charset=UTF-8

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141451655&oz_l=1233&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:11 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

GET
H2 503 b9pj45k4 Show response
sync-tm.everesttech.net/upi/pid/ Frame 8A43 0
177 B 24ms
7ms Document
text/plain 151.101.194.49

General

Check archive.org

Show headers Download Go to

Full URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.194.49 -, , ASN (),
Reverse DNS
Software: Varnish /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: Varnish
retry-after: 0
accept-ranges: bytes
date: Fri, 10 Dec 2021 13:04:11 GMT
via: 1.1 varnish
x-served-by: cache-hhn4052-HHN
x-cache: MISS
x-cache-hits: 0
x-timer: S1639141452.861445,VS0,VE0
cache-control: no-cache
pragma: no-cache
content-length: 0

GET

redir
rtb-csync.smartadserver.com/ Frame 15F4
Redirect Chain

https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=
https://match.prod.bidr.io/cookie-sync/pm&gdpr=0&gdpr_consent=?_bee_ppp=1
https://cm.g.doubleclick.net/pixel?google_nid=beeswaxio&google_sc=&google_hm=QUFGbkJrN0RacUVBQURzeE1qYW1FZw&bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sy...
https://match.prod.bidr.io/cookie-sync/adx?bee_sync_partners=sas%2Cpp%2Cpm&bee_sync_current_partner=adx&bee_sync_initiator=pm&bee_sync_hop_count=1
https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFnBk7DZqEAADsxMjamEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_curre...

0
0

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 1287
Redirect Chain

https://sync.1rx.io/usersync2/pubmatic&gdpr=0&gdpr_consent=
https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=7703576983
https://sync.1rx.io/usersync/tradedesk/c734707d-99bc-4bb1-8322-dcd4d46a7eee
https://sync.targeting.unrulymedia.com/csync/RX-0ffe19a1-9819-4799-b038-740962339c79-003?redir=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA%...
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0ffe19a1-9819-4799-b038-740962339c79-003

42 B
383 B

16ms
15ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0ffe19a1-9819-4799-b038-740962339c79-003
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:12 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug011:0:487
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

server: Tengine
date: Fri, 10 Dec 2021 13:04:11 GMT
content-type: text/html
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMyMDMmdGw9NDMyMDA=&piggybackCookie=RX-0ffe19a1-9819-4799-b038-740962339c79-003
etag: RX0ffe19a198194799b038740962339c79003

GET
H2

200

Pug Show response
simage2.pubmatic.com/AdServer/ Frame 902A
Redirect Chain

https://sync.srv.stackadapt.com/sync?nid=11
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=UYceiszMT3pEZypcw2GbQbnVm6I

42 B
218 B

16ms
15ms

Document
image/gif

185.64.190.80
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to

Full URL: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=UYceiszMT3pEZypcw2GbQbnVm6I
Requested by: Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/showad.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.64.190.80 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: 1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/

Response headers

server: nginx
date: Fri, 10 Dec 2021 13:04:12 GMT
content-type: image/gif; charset=utf-8
content-length: 42
x-lat: lhrpug011:0:434
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-store, no-cache, private

Redirect headers

Content-Type: text/html; charset=utf-8
Date: Fri, 10 Dec 2021 13:04:12 GMT
Location: https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MzEmdGw9MTI5NjAw&piggybackCookie=UYceiszMT3pEZypcw2GbQbnVm6I
Content-Length: 159
Connection: keep-alive

GET
H2 200 CA60419D-88C9-444C-969F-AA5BCC10F557
pr-bh.ybp.yahoo.com/sync/pubmatic/ Frame A747 43 B
872 B 38ms
37ms Image
image/gif 2a05:d018:d29:3605:7ea4:f1cc:2176:cd9d
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pr-bh.ybp.yahoo.com/sync/pubmatic/CA60419D-88C9-444C-969F-AA5BCC10F557?gdpr=0&gdpr_consent=

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a05:d018:d29:3605:7ea4:f1cc:2176:cd9d Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

ATS /

Resource Hash

48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:11 GMT
referrer-policy: strict-origin-when-cross-origin
server: ATS
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security: max-age=31536000
content-type: image/gif
x-xss-protection: 1; mode=block
content-length: 43
x-content-type-options: nosniff

GET
H2

200

d1ba4609
rtb.gumgum.com/getuid/ Frame A747
Redirect Chain

https://x.bidswitch.net/sync?ssp=pubmatic&gdpr=0&gdpr_consent=
https://inv-nets.admixer.net/adxcm.aspx?ssp=D41B0D84-4DB7-4D9C-81CC-3A497DB5D0A6&rurl=%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D354%26user_id%3D%24%24visitor_cookie%24%24%26ssp%3Dpubmatic%26bsw_param...
https://x.bidswitch.net/sync?dsp_id=354&user_id=ae82db4a22d9433f8948fcb7ec5910c8&ssp=pubmatic&bsw_param=5a4c075d-d4fb-4523-bf42-ad719d4e9937&gdpr=0&consent=&gdpr_pd=&expires=7
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9Mjk0NSZ0bD0xMjk2MDA=&piggybackCookie=5a4c075d-d4fb-4523-bf42-ad719d4e9937&gdpr=0&gdpr_consent=&gdpr_pd=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D

35 B
237 B

101ms
31ms

Image
image/gif

52.208.210.171

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Protocol: H2
Server: 52.208.210.171 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:12 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
date: Fri, 10 Dec 2021 13:04:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 216
content-type: text/html; charset=utf-8

GET
H2

200

SPug
image4.pubmatic.com/AdServer/ Frame A747
Redirect Chain

https://ad.turn.com/r/cs?pid=1&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=2618085273817272950&gdpr=0&gdpr_consent=&us_privacy=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://ads.playground.xyz/usersync/apn?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://secure.adnxs.com/getuid?https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=$UID
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTM0MDEmdGw9NDMyMDA=&piggybackCookie=780122030693327237
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://image4.pubmatic.com/AdServer/SPug?pmc=-1&partnerID=156498&partnerUID=(null)

0
128 B

17ms
16ms

Image
text/plain

185.64.190.81
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image4.pubmatic.com/AdServer/SPug?pmc=-1&partnerID=156498&partnerUID=(null)
Protocol: H2
Server: 185.64.190.81 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 12:40:51 GMT
cache-control: no-store, no-cache, private
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image4.pubmatic.com/AdServer/SPug?pmc=-1&partnerID=156498&partnerUID=(null)
date: Fri, 10 Dec 2021 13:04:10 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 114
content-type: text/html; charset=utf-8

GET
H2

200

ImgSync
image8.pubmatic.com/AdServer/ Frame A747
Redirect Chain

https://pixel-sync.sitescout.com/dmp/pixelSync?nid=3&gdpr=0&gdpr_consent=
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTE5NjkmdGw9MjU5MjAw=&piggybackCookie=no-consent&gdpr=1&gdpr_consent=
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=

0
39 B

14ms
14ms

Image
text/plain

198.47.127.18
GTT-BACKBONE GTT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
Protocol: H2
Server: 198.47.127.18 , United States, ASN3257 (GTT-BACKBONE GTT, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 10 Dec 2021 13:04:10 GMT
content-length: 0

Redirect headers

location: https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=1&gdpr_consent=
date: Fri, 10 Dec 2021 13:04:10 GMT
cache-control: no-store, no-cache, private
x-lat: amspug006:0:431
server: nginx
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

GET
H2 204 current
pubmatic-match.dotomi.com/match/bounce/ Frame A747 0
104 B 149ms
26ms Image
text/plain 2a02:fa8:8806:13::1400

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pubmatic-match.dotomi.com/match/bounce/current?networkId=17100&version=1&nuid=CA60419D-88C9-444C-969F-AA5BCC10F557&gdpr=0&gdpr_consent=
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:fa8:8806:13::1400 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:11 GMT
cache-control: no-cache, private, max-age=0, no-store
server: nginx
expires: 0

GET
H2

200

d1ba4609
rtb.gumgum.com/getuid/ Frame A747
Redirect Chain

https://match.adsby.bidtheatre.com/pubmaticmatch?redir=https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw&piggybackCookie=uid:$UID&gdpr=0&gdpr_consent=
https://simage2.pubmatic.com/AdServer/Pug?piggybackCookie=uid:d8a5c696-ce0d-4440-adde-0d3ca5f3a48d&vcode=bz0yJnR5cGU9MSZjb2RlPTMwNjImdGw9MTI5NjAw
https://image8.pubmatic.com/AdServer/ImgSync?sec=1&gdpr=0&gdpr_consent=
https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D

35 B
238 B

101ms
30ms

Image
image/gif

52.208.210.171

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
Protocol: H2
Server: 52.208.210.171 -, , ASN (),
Reverse DNS
Software: nginx /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language: de-DE,de;q=0.9
Referer: https://ads.pubmatic.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 10 Dec 2021 13:04:12 GMT
content-type: image/gif;charset=UTF-8
server: nginx
p3p: CP="This is not a P3P policy"
cache-control: private, no-store, must-revalidate, max-age=0
timing-allow-origin: *
content-length: 35
expires: 0

Redirect headers

location: https://rtb.gumgum.com/getuid/d1ba4609?gdpr=0&gdpr_consent=&r=https%3A%2F%2Fsimage2.pubmatic.com%2FAdServer%2FPug%3Fvcode%3Dbz0yJnR5cGU9MSZjb2RlPTMzNDImdGw9MTI5NjAw%26piggybackCookie%3D
date: Fri, 10 Dec 2021 13:04:11 GMT
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length: 216
content-type: text/html; charset=utf-8

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 30ms
30ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141451952&oz_l=6406&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:11 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141452118&oz_l=405&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:11 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

POST
H/1.1 200
OK postback Show response
s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/ Frame 0F2A 0
145 B 29ms
29ms XHR
text/plain 52.17.7.190
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.update.rose.pubmatic.com/2/2.42.0/925744/APPeMNEKEeouvpzd/postback?pi=1801592&di=https%3A%2F%2Fwww.elfinancierocr.com%2Fnegocios%2F&ci=925744&pp=156498&si=399115&pv=&ti=E9E54128-353B-4AED-946E-D84D8A9F6CB7&ui=CA60419D-88C9-444C-969F-AA5BCC10F557&dt=9257441496860488980012&c3=1&sid=APPeMNEKEeouvpzd&oz_sc=2bbb91e0776ff9080f59fae9&oz_df=1639141452334&oz_l=527&cv=3
Requested by: Host: s.update.rose.pubmatic.com
URL: https://s.update.rose.pubmatic.com/2/2.42.0/main.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 52.17.7.190 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-17-7-190.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
Accept-Language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: text/plain

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 10 Dec 2021 13:04:11 GMT
Timing-Allow-Origin: *
Content-Length: 0
Vary: Origin

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: rtb-csync.smartadserver.com
URL: https://rtb-csync.smartadserver.com/redir?partnerid=127&partneruserid=AAFnBk7DZqEAADsxMjamEg&redirurl=https%3A%2F%2Fmatch.prod.bidr.io%2Fcookie-sync%3Fbee_sync_partners%3Dpp%252Cpm%26bee_sync_current_partner%3Dsas%26bee_sync_initiator%3Dadx%26bee_sync_hop_count%3D2%26userid%3DSMART_USER_ID

Verdicts & Comments Add Verdict or Comment

121 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

103 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.elfinancierocr.com/	1970-01-19 23:19:05	Name: AKA_A2 Value: A
www.elfinancierocr.com/	1970-01-25 20:31:23	Name: akaas_AS_gruponacion_el_financiero_prod Value: 2147483647~rv=32~id=c3dcc102f7b1711896036f1a5c5ec958
.elfinancierocr.com/	1970-01-19 23:29:06	Name: RT Value: "z=1&dm=elfinancierocr.com&si=kgozyqw2df&ss=kx0ehtmb&sl=0&tt=0"
.elfinancierocr.com/	1970-01-20 08:04:37	Name: cX_P Value: kx0ehtwhgsnn4csd
.elfinancierocr.com/	1969-12-31 23:59:59	Name: cX_S Value: kx0ehtwk8uvmx4l5
.cxense.com/	1970-01-19 23:20:27	Name: cX_T Value: kx0ehtywp868o0sk
.piano.io/	1970-01-19 23:19:03	Name: __cf_bm Value: dV_FMp8c2jEe7eyM9afCGiZYmEFM8aUI49rWsRX0vBM-1639141445-0-Abdf9BumrK3BoJkcpDAmDfGuCuLCu+EbvvWQ4tQPEPsY28jhrGQbBIW5kVScX9IlFteAx2WSimGC6P6PeNYicrU=
.elfinancierocr.com/	1970-01-20 16:50:13	Name: __tbc Value: %7Bkpbx%7DU6BSHV7H5BTxU5zpwgDWBLNOdWm_JFL7apv5teuLY9i3wQzSLusvt9zVXI9k6ktCJt4EXu_-RCiVWqae-rMJNhGC32RPmr0tP4hv4FNouc8
.elfinancierocr.com/	1970-01-20 00:02:13	Name: __pat Value: -21600000
.elfinancierocr.com/	1970-01-19 23:20:27	Name: __pvi Value: %7B%22id%22%3A%22v-2021-12-10-13-04-05-484-wlYH8fQz13pnsLI6-b61a90587c550075d1f5031c8955ae74%22%2C%22domain%22%3A%22.elfinancierocr.com%22%2C%22time%22%3A1639141445657%7D
.elfinancierocr.com/	1970-01-20 16:50:13	Name: xbc Value: %7Bkpbx%7DPxudHPWsIPuqnkGJIMyjaGrONgAydnyNJOB_Hq-Q-qDiUlrmEef7gCkAdYqz5FJkcFWxyUUsIbUsvBBWZIZIwfBNcLhV7bhQorx0Pun7U_mqjt3EcXZEJUWOsaFZv0_4r-PXNqAGYKG3DMvMp7-pTHupLnuCjL8QnY8mDsPHoGzmU9fAROST06kZX-_MXA0kzagT7gJxIFAom3J-On9WrDemK499cZRadhR8NOg18aQMeYDYe40acrBDPjxlykW1JFp6MwrW_jL1lOHpsMs5xSJ0EI1floXedeLsSDPb2v10JPQxVWVEPecVKKqOShFytGiXtQDOA6wW0_ZwlqqQkmOIxxoz0Xh2y6pSBTqTzj4fHqLg1mRynnTSoBwy7zQt
.cxense.com/	1970-01-20 08:04:37	Name: gckp Value: nl880dt78r312s8vjbeebyuib
.elfinancierocr.com/	1970-01-20 08:04:37	Name: cX_G Value: cx%3A2rn5snqb3vr1j1exkvvixwww8i%3A14vzi9t6tn9w1
.tinypass.com/	1970-01-21 11:19:01	Name: LANG Value: es_MX
.elfinancierocr.com/	1970-01-20 01:28:37	Name: _gcl_au Value: 1.1.608994052.1639141446
www.elfinancierocr.com/	1970-01-20 08:47:49	Name: _cb_ls Value: 1
www.elfinancierocr.com/	1970-01-20 08:47:49	Name: _cb Value: DLpdmUBHwIZ_CM31mg
www.elfinancierocr.com/	1970-01-20 08:47:49	Name: _chartbeat2 Value: .1639141445936.1639141445936.1.ChQ2Y0CgnW_BCxTeVpDT8RctCrzu4X.1
www.elfinancierocr.com/	1970-01-19 23:19:03	Name: _cb_svref Value: https%3A%2F%2Flinks.elfinancierocr.com%2F
.google.com/	1970-01-20 03:42:32	Name: NID Value: 511=M_aiGyAZHRBIB50qreoSAPZWLXEolYc2ziWTF9FGCzXxBUzK5FjB8ueLpVChgFuwP0pNfwomjJqhczhwYIkJKT0YsWU-865vR-lc46C_RXJ7kbPA4ScItN5T9E-hur3aExne3hn0hb9bUVQ41Ms_7OGYBzthF0SevpExTg8evww
.tinypass.com/	1970-01-19 23:20:27	Name: LANG_CHANGED Value: es_MX
.elfinancierocr.com/	1970-01-19 23:20:27	Name: _gid Value: GA1.2.1931113255.1639141446
.elfinancierocr.com/	1970-01-19 23:19:01	Name: _dc_gtm_UA-3958088-1 Value: 1
.elfinancierocr.com/	1970-01-20 16:50:13	Name: _ga_619EW470MQ Value: GS1.1.1639141445.1.0.1639141445.60
.elfinancierocr.com/	1970-01-20 16:50:13	Name: _ga Value: GA1.1.237038539.1639141446
.elfinancierocr.com/	1970-01-20 01:28:37	Name: _fbp Value: fb.1.1639141446155.353750500
.bidswitch.net/	1970-01-20 08:04:37	Name: tuuid Value: 5a4c075d-d4fb-4523-bf42-ad719d4e9937
.bidswitch.net/	1970-01-20 08:04:37	Name: c Value: 1639141446
.bidswitch.net/	1970-01-20 08:04:37	Name: tuuid_lu Value: 1639141446
ads.stickyadstv.com/	1970-01-20 00:02:13	Name: UID Value: eec8c190c3b6fce5de9086cb814342
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: sessionId Value: 5798a9b67c14d5e9f6b73f5371fdc67b
.turn.com/	1970-01-20 03:38:13	Name: uid Value: 2618085273817272950
.elfinancierocr.com/	1970-01-20 08:40:37	Name: __gads Value: ID=d07821d0c2c317b3-222465db03cd006b:T=1639141445:S=ALNI_MZbNmnPfUP1tE5bK8tK-Yf2AQICwg
.vidoomy.com/	1970-01-20 08:04:37	Name: vidoomy-uids Value: eyJ1aWRzIjp7IkJTIjp7InVpZCI6IjVhNGMwNzVkLWQ0ZmItNDUyMy1iZjQyLWFkNzE5ZDRlOTkzNyIsImV4cGlyZXMiOjE2NDE3MzM0NDZ9LCJDRU4iOnsidWlkIjoibm8tY29uc2VudCIsImV4cGlyZXMiOjE2NDE3MzM0NDZ9fX0=
.casalemedia.com/	1970-01-20 01:28:37	Name: CMPS Value: 3267
.casalemedia.com/	1970-01-19 23:20:27	Name: CMST Value: YbNQRmGzUEYA
.doubleclick.net/	1970-01-20 08:40:37	Name: IDE Value: AHWqTUn0qtPuALLu_8VaNJFT9trmy0uo_2LkkXpUwg3EFfLvXVictIbxzA5Z0CKsVLU
.casalemedia.com/	1970-01-20 08:04:37	Name: CMID Value: YbNQRq8xmEIktMN-gvQAEAAA
.casalemedia.com/	1970-01-20 01:28:37	Name: CMPRO Value: 1167
.adnxs.com/	1970-01-20 01:28:37	Name: uuid2 Value: 780122030693327237
.adnxs.com/	1970-01-20 01:28:37	Name: anj Value: dTM7k!M41.D>6NRF']wIg2HaOI:WmL!@wnfH8K6pQK`!5=E<L5?%Mmp<IU7q.@'e:Ym45>o6:3M^-!9O%PN_g>2k%nugO%v4VB%nu04)]`tD
.casalemedia.com/	1970-01-20 08:04:37	Name: CMRUM3 Value: 2d61b350462760CAESEFg6AJk1U4ywE7KIvAZVfR0
.doubleclick.net/	1970-01-19 23:19:05	Name: DSID Value: NO_DATA
.spotxchange.com/	1970-01-20 08:04:37	Name: audience Value: a88576a0-59b9-11ec-9e87-1d34abdd0006
ads.stickyadstv.com/	1969-12-31 23:59:59	Name: pxId Value: 7169
.pubmatic.com/	1970-01-20 01:28:37	Name: KADUSERCOOKIE Value: CA60419D-88C9-444C-969F-AA5BCC10F557
.pubmatic.com/	1970-01-20 01:28:37	Name: DPSync3 Value: 1640304000%3A201_197_219%7C1639180800%3A174
.adfarm1.adition.com/	1970-01-20 01:28:37	Name: UserID1 Value: 7040058908427090063
.mathtag.com/	1970-01-20 08:44:56	Name: uuid Value: f5bc61b3-5047-4f00-828b-f72af9d654a0
.adform.net/	1970-01-20 00:03:39	Name: C Value: 1
.onaudience.com/	1970-01-20 08:04:37	Name: cookie Value: 1fc8a118e810145c
.onaudience.com/	1970-01-19 23:20:27	Name: done_redirects104 Value: 1
.simpli.fi/	1970-01-20 08:06:03	Name: suid Value: B7B365F3F6884284A6F396334AA38814
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_57 Value: 22776-780122030693327237
.pubmatic.com/	1970-01-20 01:28:37	Name: PUBMDCID Value: 3
.adform.net/	1970-01-20 00:45:25	Name: uid Value: 8622795666401676995
.de17a.com/	1970-01-20 07:57:25	Name: guid2 Value: 1.6201097776656751456
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_27 Value: 16735-uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&KRTB&16736-uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&KRTB&23019-uid:f5bc61b3-5047-4f00-828b-f72af9d654a0&KRTB&23114-uid:f5bc61b3-5047-4f00-828b-f72af9d654a0
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_1101 Value: 23040-7040058908427090063
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_391 Value: 22924-8622795666401676995&KRTB&23263-8622795666401676995
.adsrvr.org/	1970-01-20 08:04:37	Name: TDID Value: c734707d-99bc-4bb1-8322-dcd4d46a7eee
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_80 Value: 22987-CAESEKqCC7Sp1bWcyrE3WQ2JDbs&KRTB&16514-CAESEKqCC7Sp1bWcyrE3WQ2JDbs&KRTB&23025-CAESEKqCC7Sp1bWcyrE3WQ2JDbs
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_336 Value: 5844-6201097776656751456
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_377 Value: 6810-c734707d-99bc-4bb1-8322-dcd4d46a7eee&KRTB&22918-c734707d-99bc-4bb1-8322-dcd4d46a7eee&KRTB&23031-c734707d-99bc-4bb1-8322-dcd4d46a7eee
.pubmatic.com/	1970-01-20 00:02:13	Name: PugT Value: 1639141448
.crwdcntrl.net/	1970-01-20 05:47:49	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-20 05:47:49	Name: _cc_id Value: ed62a075af93b0380e86a4013c8206dc
.crwdcntrl.net/	1970-01-20 05:47:49	Name: _cc_cc Value: "ACZ4XmNQSE0xM0o0MDdNTLM0TjIwtjBItTBLNDEwNE62MDIwS0lmAILEzQEeIBoKAE69ClE%3D"
.crwdcntrl.net/	1970-01-20 05:47:49	Name: _cc_aud Value: "ABR4XmNgYGBI3BzgAaSgAAAVTwGt"
.onaudience.com/	1970-01-19 23:20:27	Name: done_redirects147 Value: 1
.onaudience.com/	1970-01-19 23:20:27	Name: done_redirects219 Value: 1
.zeotap.com/	1970-01-20 08:04:37	Name: zc Value: 3b71d7a0-8f60-499f-778c-1883b819732f
.zeotap.com/	1970-01-19 23:20:27	Name: zsc Value: %B0%FA%8F%A9%02%C5%92%2F%95r%D8%B7V%7B%A0%1B%E0%C1X%E50~+%D1%18%A1e%12%0Ag%7C%E6%B8T%A7%9E%123%B2%C8%17%CE%9D0mcX%ECg%B4%1D%11%5B%D6%EA%CF%A9%81g%C4%B0%9A%0E%7FW%21%A85%C6+%9D%F69%7F%B2%F6_%193%BC%09P%5D
.pubmatic.com/	1970-01-20 01:28:37	Name: pp Value: 156498
.pubmatic.com/	1970-01-19 23:19:05	Name: _curtime Value: 1639141448
.pubmatic.com/	1970-01-19 23:20:27	Name: PMDTSHR Value: cat:
.quantserve.com/	1970-01-20 01:28:37	Name: d Value: EJIBCwH2JPijAA
.quantserve.com/	1970-01-20 08:49:15	Name: mc Value: 61b35049-bb6f8-110f8-3baf0
.pubmatic.com/	1970-01-20 00:02:13	Name: KRTBCOOKIE_153 Value: 1923-v4kZJbyITy-k2hkg74BWJ7iIHS6kixl374hv4kM4&KRTB&19420-v4kZJbyITy-k2hkg74BWJ7iIHS6kixl374hv4kM4&KRTB&22979-v4kZJbyITy-k2hkg74BWJ7iIHS6kixl374hv4kM4
.pubmatic.com/	1970-01-20 01:28:37	Name: SyncRTB3 Value: 1639699200%3A223%7C1640304000%3A54_161_3_220_21_7_8_56_13%7C1640390400%3A35%7C1641686400%3A203
.pubmatic.com/	1970-01-19 23:19:01	Name: ipc Value: 156498^https%3A%2F%2Fimage4.pubmatic.com%2FAdServer%2FSPug%3Fpmc%3D-1%26partnerID%3D156498%26partnerUID%3D%28null%29^3^0
.pubmatic.com/	1970-01-19 23:20:27	Name: pi Value: 156498:3
.pubmatic.com/	1970-01-20 01:28:37	Name: chkChromeAb67Sec Value: 3
ads.smartstream.tv/	1970-01-20 08:04:37	Name: DID Value: 242c29d0275d9a76f624ec04ae107660
ads.smartstream.tv/	1970-01-20 08:04:37	Name: idt Value: 100
ads.smartstream.tv/	1970-01-20 08:04:37	Name: permanent Value: 1
.analytics.yahoo.com/	1970-01-20 08:06:03	Name: IDSYNC Value: 18z8~220d
.yahoo.com/	1970-01-20 08:04:59	Name: A3 Value: d=AQABBEZQs2ECEOk1tA5VnZc7VNIL1_Ah1BEFEgEBAQGhtGG9YQAAAAAA_eMAAA&S=AQAAAojcLORS3syw9ytFWDBaW5M
cm.adsafety.net/	1970-01-20 08:04:37	Name: UID Value: CM1202112101329e93555c48606f3603
.adsafety.net/	1970-01-20 08:04:37	Name: cm_uid Value: CM1202112101329e93555c48606f3603
.adsrvr.org/	1970-01-20 08:04:37	Name: TDCPM Value: CAESFwoIcHVibWF0aWMSCwjW7eXX8vmdOhAFGAEgASgCMgsIxviomYn6nToQBTgBWgZhZG1hbnNgAg..
cm.adsafety.net/	1970-01-20 08:04:37	Name: permanent Value: 1
.scorecardresearch.com/	1970-01-20 16:35:49	Name: UID Value: 1FLDSVZ8GSVOEOU5ENJZBBg1639141450
.pubmatic.com/	1970-01-20 00:02:13	Name: SPugT Value: 1639141448
tags.adsafety.net/	1970-01-20 08:04:37	Name: UID Value: 242c29d0275d9a76f624ec04ae107660
tags.adsafety.net/	1970-01-20 08:04:37	Name: DID Value: 242c29d0275d9a76f624ec04ae107660
tags.adsafety.net/	1970-01-20 08:04:37	Name: IDT Value: 100
tags.adsafety.net/	1970-01-20 08:04:37	Name: cookie_ver Value: 2
tags.adsafety.net/	1970-01-20 00:02:13	Name: block_reset Value: 1
.adsafety.net/	1970-01-20 08:04:37	Name: ct_uid Value: 242c29d0275d9a76f624ec04ae107660
.adsafety.net/	1970-01-20 08:04:37	Name: ct_did Value: 242c29d0275d9a76f624ec04ae107660
.adsafety.net/	1970-01-20 08:04:37	Name: ct_idt Value: 100
cm.adsafety.net/	1970-01-20 08:04:37	Name: cache0 Value: L2UzeGVJMkNTL0pzMlRFUXR5b1cvanpGMG5wQTNENG95RnN3N3dKNEoyQTZZdzFJenFOZXV2VWVoMkZDQXdFSUZVRGU5dWswRWxYL3c5a0ZyTTFzTUhxZzJnQzRDbit1WmhWV3IxQjFBWFU5Q2ZOWGhWNGxmWGtSVVJ4L0VQbFo2WFN0SjdpN2xpRTZSUERwSVhIMlQ4MnZuVXBBWVo2NnhSUUh3b0hPUnQ4QXJNTWQwL1F0NFNaeG9BMXU4RmlodnhpZVRsK1hzVTkyQ0wrSGlla3p1b2lWUkVDYVlDeVAvNU5TMnhKNmthdTN2WVVaUDhKaUpaaWltcU5BbEZ0bUNYRlFhakc0YktPOWNjUitPaHR1RzkxdnFqTFRCakpVSTRjR0dualVMUk9SelRaZ2pZWDNYWEVOWTBmNk0wMjdBVkRpRG12UVJSbmkyZTg3VHFBUjhRdWl4cGtNeFd0aWNURldNVGQ2U3JuaDdFamlSejRpR3AvVGRVQ1FXVy9qeUtpUGtUMzZGRUhnZnpOaVZYZlR5TXRmSmNQL2NmZ2lwMGZKVU54T05XZTM0aDlrRnRHbC9lNFcyR3lRVlFubXEveGF3eFZ4UWV5bDU3MnpLZ21XYnNBMTJWUit6SElOS3NLLzNQUXhKWjFiRFl4VkM0ZDR5OHlDdUpRMitpSHo4UTdHVzVXQlZuWW5FeDVTK3pqLy9nTlkrcSttQ3FOVnhzckp5WW5PUnF5QUx2ZzhyQkFOSi9mSElWUjY2V3YrTVhtaEpJcjdyZFVDQXJPYng2cDVXVWVoSUwxR1c2Si9XMnY2MUdNOVFlN1ptc283dWJLTlNZT0J5SDMySlhBbmNZUitpVTVIOWFtTXhsKzZoK0VpNXhvZEhBYkVNaHJXS0cvUVBhRFJPcm9iWC95R2xNN1E0RG5uR0xMa1ZCTmg%3D

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: This document requires 'TrustedScript' assignment.
other	warning	URL: https://tpc.googlesyndication.com/sadbundle/$csp%3Der3$/5342819515450181736/index.html#t=3109870483274560781&p=https%3A%2F%2F2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com Message: <link rel=preload> has an invalid `href` value
network	error	URL: https://sync-tm.everesttech.net/upi/pid/b9pj45k4?redir=https%3A//simage2.pubmatic.com/AdServer/Pug%3Fvcode%3Dbz0yJnR5cGU9MSZqcz0xJmNvZGU9MjE5MSZ0bD0yNTkyMDA%3D%26piggybackCookie%3D%24%7BUSER_ID%7D%26gdpr%3D0%26gdpr_consent%3D Message: Failed to load resource: the server responded with a status of 503 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

2c317f143b877ff02d95529bd8151573.safeframe.googlesyndication.com
4cywq-eqnre.ads.tremorhub.com
684dd32a.akstat.io
a.vidoomy.com
ad.lkqd.net
ad.turn.com
ade.googlesyndication.com
ads.adaptv.advertising.com
ads.playground.xyz
ads.pubmatic.com
ads.smartstream.tv
ads.stickyadstv.com
ads.vidoomy.com
adservice.google.com
adservice.google.de
adx.adform.net
aktrack.pubmatic.com
analytics.google.com
api.cxense.com
api.tinypass.com
bid.g.doubleclick.net
buy.tinypass.com
c.go-mpulse.net
c1.adform.net
c2.piano.io
cdn.cxense.com
cdn.onesignal.com
cdn.tinypass.com
cm.adsafety.net
cm.g.doubleclick.net
comcluster.cxense.com
connect.facebook.net
cs.lkqd.net
csi.gstatic.com
d5p.de17a.com
dis.criteo.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
gtm.nacion.com
ib.adnxs.com
id.cxense.com
image2.pubmatic.com
image4.pubmatic.com
image6.pubmatic.com
image8.pubmatic.com
imasdk.googleapis.com
img.onesignal.com
inv-nets.admixer.net
links.elfinancierocr.com
mab.chartbeat.com
match.adsby.bidtheatre.com
match.adsrvr.org
mwzeom.zeotap.com
news.google.com
onesignal.com
p1cluster.cxense.com
pagead2.googlesyndication.com
ping.chartbeat.net
pixel-sync.sitescout.com
pixel.onaudience.com
pixel.quantserve.com
play.google.com
polyfill.io
pr-bh.ybp.yahoo.com
pubmatic-match.dotomi.com
r1---sn-5hnekn7d.c.2mdn.net
rtb-csync.smartadserver.com
rtb.gumgum.com
s.go-mpulse.net
s.update.rose.pubmatic.com
s0.2mdn.net
sb.scorecardresearch.com
scdn.cxense.com
search.spotxchange.com
secure.adnxs.com
securepubads.g.doubleclick.net
simage2.pubmatic.com
simage4.pubmatic.com
spl.zeotap.com
static.chartbeat.com
stats.g.doubleclick.net
stg.vidoomy.com
sync-tm.everesttech.net
sync.1rx.io
sync.crwdcntrl.net
sync.mathtag.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
t.lkqd.net
tags.adsafety.net
tpc.googlesyndication.com
um.simpli.fi
ups.analytics.yahoo.com
v.lkqd.net
vid-io-cle.springserve.com
vid.pubmatic.com
vpaid.pubmatic.com
vpaid.springserve.com
www.elfinancierocr.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
x.bidswitch.net
rtb-csync.smartadserver.com
116.202.80.165
13.35.253.71
139.162.141.41
142.250.185.194
142.250.186.66
146.0.227.110
146.20.128.168
146.20.128.41
146.20.132.82
147.75.85.120
151.101.194.49
151.139.128.11
169.50.137.184
172.217.16.130
172.217.18.98
178.250.0.163
178.62.202.251
178.63.13.144
18.185.209.98
185.29.132.241
185.33.220.242
185.33.221.89
185.64.189.110
185.64.190.75
185.64.190.80
185.64.190.81
185.94.180.123
198.47.127.18
198.47.127.19
198.47.127.20
2.18.233.180
2.18.234.21
2.18.234.233
2001:4860:4802:34::15
2001:678:cb4:bbbb::11
213.155.156.180
213.19.147.44
217.175.192.17
2600:1f18:612b:4232:853f:4ce7:6a68:6291
2600:9000:2057:4200:18:1fcd:34f:cdc1
2600:9000:206f:e00:15:6f6c:b180:93a1
2606:4700:10::6816:1857
2606:4700::6810:2a41
2606:4700::6811:b6b1
2606:4700::6812:e234
2607:f8b0:4009:81b::2003
2620:116:800d:21:3175:5196:e3fd:8c1d
2a00:1450:4001:801::2004
2a00:1450:4001:801::200e
2a00:1450:4001:808::2001
2a00:1450:4001:808::2002
2a00:1450:4001:808::2003
2a00:1450:4001:809::2003
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:811::2008
2a00:1450:4001:813::200e
2a00:1450:4001:827::2002
2a00:1450:4001:827::200a
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82a::200e
2a00:1450:4001:82f::2002
2a00:1450:4001:830::2001
2a00:1450:4001:830::2006
2a00:1450:4001:830::200e
2a00:1450:400c:c06::9a
2a00:1450:400e:1::6
2a02:26f0:6c00:1bb::11a6
2a02:26f0:6c00:287::11a6
2a02:26f0:6c00:2a7::268b
2a02:26f0:6c00::210:ba09
2a02:fa8:8806:13::1400
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f12d:83:face:b00c:0:25de
2a04:4e42::282
2a04:4e42::714
2a05:d018:d29:3605:7ea4:f1cc:2176:cd9d
3.122.131.186
3.126.56.137
3.129.250.65
3.20.211.8
3.228.133.61
3.33.220.150
3.66.59.71
34.102.253.54
37.157.3.30
37.157.6.252
51.210.112.63
52.17.7.190
52.2.53.191
52.208.210.171
63.35.242.195
66.155.71.150
74.125.133.157
80.82.217.91
85.114.159.93
85.90.244.253
99.83.189.147
00b57475c2d70b5466f176f0b993f6ca310512de223a985ec52cfb6d858113c0
037b12d07ffce84bbca6821a50f249c54429b20c0f2fd67469a0bb5937113051
07db8bb24ec14bee999808c9e2690dbbcdcf8a61c9b208412ef655890e17cea8
095b731da6ad661d718f867d71f4634b1dfcdd50af1ac8437d6b28e5fa7c6f62
0ae3b0d98b505d7262ee6c70c2f1c06e48562c5fa47893bfc709a720e0246f7c
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0bd864a431fb1bc016f717b4fc74b9dfdb4d8dca2d10bca7a97e03cab38ff3d3
0be3304dbcb230db486d6f3673a10574d33e052a95685906710577caefe7e16f
0e6c521ab19d881026493ef7df1703ff5c433fee945e4112eb4783f27e9e26bf
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
10f0ad588f05191ae9cc057cf2b8364b676cc9cbd70d47226ff2aa027e1fd457
1204e16492dda076149aa3a805c34c8a4a644caa377a8a9f6f5003610e6a792a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
128921b242c2b1953c2a1691cfd681f716ecbe620ec1a2424a644b9487c23760
13cad5d2aa60f7e2ed1c5439addc8a741567b8289801208e1c55024b22e0d5b9
16eac1eb2aae66e8bab630958963fabc35cff3ca7935d724c0de9c5ab32299c4
18088c10e79c926292732af98a0ce470e90f3fbcba4bb4896ab3310c2d94e421
1866961a029c65376fefb7f2ba1e6187e09ff50ea58d97dedfd72c197947d002
191b3a8184ebc23be0ef6e8dbd37b31c7e282a8870a8235022844e2bef8a0c76
1bed1817917272583d60d3bc3f34ec7ae9f58fb9f43aa63c9e05ae8c33f9199c
1c80018b097710f6a08e8187167a7faf5182277391e7bf25652a1a67c26a7a4c
1db1d3d3e0ea40d73f265cbe4db86dbc04f34fecb52aa923240fba5f192c3b6c
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1edd14d473b4324cdc826ba38954236bc9ae02440f0a87a8406fb1cb0f8272a9
1f2824d57ba75a198844634c40d76f1a4fed512990845f170d7b9e55f6271b79
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
20bcee3d2c1f81a048cce884a22977c2e2ab2c13b6f138f09c4e59dc81154c75
21bd514d9b905c7795bbff9277fedd0daa37d48e92d512c0b6fa5484b564d267
24c376c4e8fa4e3421ba6950bc9f413ee3896db422ee223ec54b9eccde371c5d
26dbad6cbcba2f814e73f527f13846bf5acdab0cbe8a5d261d02baedb442fa87
28eab161b0e13c9f2617efd1f9a059a294cfac06031444174207d8ac8801a32a
291437ea71e62b1c35d4ec5d3c5ad02cfa930343b41b1472fba70243089c8bbe
2a858776bb6bd9226815d72d9d3458d1449c1e46a3ca53340988f22bd247759f
2ac04714ec58571a4ea3d2a6d6c5d6a191098032883a50dd642f9859891ae065
2b26a74f3c0e529bc8fccfa6b1db8e083e738992266359fde1a5bd0aaa81cbc3
2b2eeb7b890430b990ead38e7ac0e2715d47e1584e68b77000e3d58a5ebde5e1
2bdf9ca6411a02f94fcb087b5005bd9375cce773e3b5e505f85989159d6aa817
2d2ed6fc04aa33a61abd40ab9310de40b2303a2bddb695bdc9abac11719430c3
2d3392ee6ac1a9b7a9d10b015b51fbafddedec77e5fda7905f60e15b8b588125
2d5ae5a515a688823dc98d032242c2ed6f490a74c4281bdd599567898f9fa675
31f736bee908ca92db1f6262d4d9ebcac368766000c48f026b64ae2717d5b8a8
336bb30461d407ee72236de87aca4fe68d611e1bee0030326778c858a4685b1c
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
36ae762191d24727fbba21272ea14872bb7824188961282001d50e67f7b1881c
36eb26e781bd5df368210633ce1197df38df32820e93c18e48afb04ad1cea627
36f424145fc49aeb31e34362c9f4263af9ddebb7e3815d0c40c9d07aafc88d49
3a937252276c02950c6d25f201651aa900072223bbfb35ea7c9ab10d15413110
3c42d82cabb963570626e82fe5e3f8208244e27054180efa1b7b2032091c4a66
3d54d65d1a3e03ee57b6b3bea623447a1d39393610bdd51bb389fe20c0b17f78
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
4167c604ee5a719f314eebb2329408b3ea76d3e72d09e113f155435e62444d1b
417ba261610ea9dc3cde9f4398825a6afb2c20f965f8b2471d4b990b9cb9bfb9
42e18cf3e34929b45ad8fc524c72c82898c2a9ebe89dd3eb9f8feed643fbc368
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
459102b39622e70bb0cb5bdd4a6f3811e520b4b2a543b0e269cdf7e06390f4b8
45fa735c6df15f15a1293a9cb3125033408874bf284280e8bcac23f95ad8feac
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
48a33ca9f42b91902d57ad8ac52e1ce32b92c8c10c732f2dbb6fe960ebfd9438
4aa9210ddc672e43bb409243fc14424e411a2a76fa7b7250c0c99da0e19d329e
4b2f9794cf9a1465f85b132a63e0ec4ff84d58302b7d6d5f553584ac6b0bbc4c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4c719658fe8b3e830a861304b318ed9515b8086dec166e92253905565af2feda
4db1f0c322659aa715d907f53e84b3f5b6ca3fd45eab7fe72b5c1ad6745f58f0
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
502e9680cfa78fa8be779cbf4f1947c8eaa3d43bf8c7464800ec772b2ddea358
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51044618b6f1403289b87a95590ead360f23720215754270c1e08cfcc1749ad8
5287d71a94d956a677a4eed3341271cc0ed7c8666b64c1425cef281a8f3eeaed
537af3e7035e7f334c4414cf45d25f378f279843c35eeb375675639f24202ee8
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
54a66c4693bfd79901040269ae7d7304508cbd02859797a1780f2bbe72176e23
54cddf826b355b966e968f4711236e08828ae88b310b46957a0827611695aafc
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
55b4a8ebd4ce4144242d6bb9d0ebb65a01b2759e67243ed5badc3ac96c6fd396
55f97136162c46ec2086a4ed139008c92320792404bc0fc6307ceef8eee402e7
5616a6e1823b43919f7d1a33817cccfa1d9f30c9f10f2deb00d9c3671f91d5f0
567f31b9d3bd3d83ca14d650e9831df0e49a6ec3e49fbadc41a34ae4b4b1571f
5747700ed707eb933940f42727076cf9bf06a9a13634694486e5b19d2864c804
592b2d7cbc5a7cad13de7f9a94f0e7d6112515896fb866303c71a2ad9d7a96c9
5a8710d81938f21afdd8adc1bbbf09ad1fbb4f80ca43ada74dd10726cae7e1fc
5d3c8f75c57204ea3e701b244aa300af4f32944d05296c041bc5fcb0de1520dc
5da0954a8668235cd2a1fafa5a319581ad082a703eec5e14ad4d0d86d2d641fc
5ed74d3df834144b5c87b15adcd8f0f5d50590c5360f264f826b7c8836f5a36e
5ed7fcd4db5da0e4b0fc3e54119c9c666a0c81281a0be368b7916cf41853d6eb
61a9a4924579af06533a09ad0072612a6bcc4e69e54349a53fdb2d081cc8d81d
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64a32d27270e7858ef5d5eeeb19dc2d895418ea3ffb220fcbf00ac23f8f615ce
65cb5cd5882c666a22bf188d80f04fe01f56fbb3428e29d74aa24e3d9b1c783b
6717627c923743958a38e1b7c25b5e27caf47a9c17536defe38741c4c9b5e576
68414970e5ebeed5b7e4c413985c9e66ff415c493afc4bf8e64ed24467a14344
68751d5d8697a609fd9b8972439c012d4c08a8e25f7edc4bd1067bb438b42595
690a8cb599db5bbfbf7bb8571718c44f8e5dd3f8c9ebad62f391fd1c4be3c4e5
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6aed5f735fa152456e056b55b251ff9489f06414a708cd6c05dfd9a69a2a30fb
6b065f38eaed75574515532e2d687fd23450a662a972d044626b848d6e9d1045
6c138576e7381d3ab0aa7b511adc3a7cbb7fe3a3d33768bad05577f5dfc60cad
6fff2bb01836a52004ece484b97797926280251ccaed72db384f16a7644d4764
734421d9e2fa5fe78c7bbd157c8de6a60bd1e0752c8abfcd2ca27f4a477ff2e5
7701c0a6af5d7112c2dac21206b61c302c752049e36665944bf5b3daf6c9993e
78b341647e8bf718869378550c0c14b87bfe33967b4944d7dac6a2a1f3290d4c
78e958d620d6e40a19e424eee3a9b23932cd9bfa4d7f736442048777d203052d
7ad19ee95732c367868568376ca2c2a26a1ab325c3d7465dc5ea8c71e6f94863
7c9d1ee6ba763442b670d59e5016a78d194b57192933d6c116743ca4e22adb3e
7cfe458faed6fe5c3094bd51f1f10174604be983739ade9d828b0aad190043e5
8140454fe8ed332221bb81b5cd7af6164efe46dcdbb8188c4715f869b38cba91
824de59aa1713dbd65bcc0c5926776b87db63a097e3465576626114e438bcde0
828e2e5e9b453b6820e69f29cbc5372238424baf7e0ddf7e00951ac0b06c7ac1
831b0d6cde4541d363bb7a67eb49010fc5fd717dda4b9c3187dd3207b1da56cd
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83642f7a635945a744e2963e9b27c171360ee5c5206960655464803baa89eb73
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8565b1d1130c05a72e483ffe39c687cbc9df7a99151befedd5433b291d182d22
8604710cf38806b59d7034e8e258cec63dc4095dd65b07f273ba816828a6a62a
87f7f86b17eacf56e623a69be05e5f5487470d6b30347efe12742aefa3f5af48
882d0bed45bbcb3a8d4b3a1b6015a27da20d660e8eee61351700dfa4da39dfc5
899b51cc4540b3a17d6c722b61f345aadada9f98cc123d7b88ee627b348cda04
8aec8924ad59b6c1199aec9c6ac25e50db6d5f6cbbafe334392625f1748699fc
8b03951013852c8273718fdfb5f1de5e91f45dd7857e372c57fdd2b99017c449
8cc7870a999894c7c44d7b5483fa2fca5a85103a978a2548d2f2af330e2bdb46
8d869e68ded46385086af23181706b5ba29ba4f2c87551fdd28955169a072263
90252ef0aa9e3d36c861bbeaa1bd57b7f855333edf2957ab9473838a52e2dd7f
92d88f0cef95bdf0ab91902d79bb5b1b4e2a79e2e22d8eedb89ca9eb47f0ce14
94e4cb19c22e935d07b372642b91d6ef04fa8a8c61aed1bc5b17a5e79cdb6a54
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54
973041428b5e15839966805c7c7fdf6bc1b0a8643c72dcebca9c1b9fecd50820
97b553f267b500041670d7e603dc2a9f3e0a5c042685728894bc5e1887357bde
994331ea6dd6e5446c21a008b32b66ddc8dfa628a54742643cfa7e31e273a895
9b9c5368b4ce03504616f6c3a037dbcc5e62bd31b157294aa593cb9dc1e285f6
9db8a678d1681c1c4a3f15e1769c3f54d96f126db4a7b00cea65127c820a7763
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1b000b433199bfd60632e61b74bb2c4abd074dce072784e7acd55b1e4158cee
a2071877f90138caa4580f386d7a2e3868c9437ca81fd74b55801d6261398a60
a23e44d9d02a2a9641a9bd3b47693656054c00b71890aed2fa7fc90151750f73
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a673021a88f7b05128652f2d4c6ab23a5f435ca3766fce7a1a89081af403b0b8
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a739cc97a54df824e12fc75392160360e56e55f623a445f99fa26108fa84e6fb
a7baa007c35a2be99bbefd42c149d7bf7d6b38268c7873193d497a08404fe112
a863a77e9ee263a0ec9c1e792bb33ed0f663582b7369f472261df7b6040990c4
ada22e6eba70375c2b46ed604b28c317d19c3208d9354f2d714b1e020d08d7fa
ae7737c4dc9ae410b716ea22e0f6753f3fe94562552ef8ef0f5edc1ba5a7d99c
aeaa6078a758995f23fbad8f680d98c2b63515a7c2e5acc30d318efdb4854bb8
af320f1e888cebe2e87f4956ca6bad98675ac88b3b90142e434733d4af44fb26
afdad1a128dfb1c011d7f0c497debd07cca34746fd69561c9d723ef03bf95558
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b21a9742605970420c33237b56652b4ab9194f1e09ebb8ea809bb7c969085c84
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b45de02eef3e292f8b17d4e40e47d3c3349cef8707596c7e1238f6fd47697e2f
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b666cd4fde0554c6dbd946339abca10c1aba4fd4ebebc434e7fe38aa32b301e6
b6ff02c733394664dbb2178c88a0d8ab1292602aaad412e44ee83c3ab7943faf
b842e4d5be8a8539974c2567c79c94e8fa63809bc5b8ed9155756d3516963e46
b864aad82f812f79c2ced97538bc5ce5f59bf42b1b28c40759bcba555b291bba
ba83c227cde7d4c34fb514ccd483305e8dfef365e6b2b70a126f2d73adaa1691
be36cf242d7b206d66842ab5b36af859b780372bba70cb5d72acda2626ffe52e
bebe245aa09c05341903708aab991707c3c140795433b6ed1dc8bde216f76225
bf8ed1f68f7c967a343c24624a06f60042b7481e8c71be7c1c3dafcb61e2d106
c063dcf1fba1e0c0388203ecd5bd686fefe29c81c5f6373efc9e3e97e9cc99f3
c4c5a5f6d000524acca69b491540a08ed7ea17476e2fc5dc2da4f8fb4f63c1f6
c7ed1be3b144e1def8354f8c60f7f93064beb317b96bb4e6f9781da54f061997
ca3da2279eb3017d2a4fb932b620a01287d47040fbe34b6a0137dff725263a1e
ca59ecc5cd8604927913bbefd9a116b0cf991c18a56235de46945ffe0abeafdb
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cd0b53e2d3257253a3d5f7c993763c1cd69ae7dc701ea5cb6fb1334336b4334a
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf6915c9dc74d8576271930c0acabac10cfd2be67da37e88b49f74cf49d21537
cfe62334e424a8cb8c87b7635b9d5c17f784219b9f3f5ac5788c65b58d4f96bf
d046ec5e30c5d8e2f88480313f00673851498d6e44921717b18b9ace004ac721
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d0caa0bc62101200778a1f5c0f68e2bf7516c569ad3cefdde2e095da7206efb1
d1ddd87e48b65c981cff34b7dafeb66c912fe02ef7ff89703ecb875e65e080a7
d5089228f8682c0af8a6a97b223d4f6a3a8efee3818389ed58f38a3aca4dd021
d661244532ddce6a92fb96fde511e23ea4de69ff2e41a5bffb884caa71166e01
d69cd54a374f720234b5eb529d12718e9c587ade711ec97574ce5636b72c9e1c
d8eb0eea39a37b88dc5af05c475212e7a86814b77e9f9814e88ab458e3b7111a
d9955b485ec10339d863941175c02572657bf9d4f6c5fa2e5603e7d803c1b8cf
da1986030b191b42a24d8f95f6246b1f42c4bfd1ec1dc53e2551a32f89b34848
da25c13d9a60d7c2865534d2535e98c14926dd29ee0cdb594ad132e45cc631de
db7e0b393e175f19922fefbdcaa2866fca209c521d01cc834ae06cbf8d0f91b7
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dd1b5e04d54c4420fe3e8e6abe2875fc7f13a3cd6384b6c2afc1a35e302dd846
dd46847a9813d9c75ce9cfba3a988aabeef1d0bc1d7f9a1edd9be8c5234cccc8
dd9de83fe1d97ec17cadcdcdab912ea983da11d5d60b6e57acc19a009b2e2979
df2d952f361956a74458dc26c18617fe645485d81dcd9d247c4c057d4205bc8e
e09319ece888cdacd705dc6bf1f0df32c2f61949bcd59b0405d5a2e9b25d9372
e2511b147f3cf95f742758d3e2062eac98f5265a859dc07959eb8a32f0a2f528
e2c28f3e8b6a2e5170859e67cff3e8240e6b888d02005306ef3d2129f5cbd74c
e2cdec10db9a0a224e9f5e49b6f004c5426564fb8d857ad3df480e9c916bafe6
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6484d750a7a0fafa69ada662310c48873e8db2b871aa1a4569ac3f3e26cd7aa
e8403779d45a9590b43c0ecf984ebe11e75fd2982630d658390a6001a6768770
e85ebbebeabd65af692e259b2dadaf6e746d864a210c0f9601664b40028890b4
ea4d85b7f5ae7f10af43ee3361954dbd4aaffe917029f2e2e1ffb951451081f6
ec5bceb6e9ec6e537b8582ac8fe6c2a4abba8f40ae2d975ea92884e73d2a50f6
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef7da2ea9165f4486462c7f1dccddb7485e6a1922d220a1c393a8fa7214829fd
f0f6a8b6c19b0c4d1cab075ab2f4f755cfef747424837668e65f431410f816e8
f13023145dbf5a785144e2c2ecd77b06f46943861e76a094e1865d7bbcc1c0f8
f1cfd35185e301e2937deefe2eb2b8d1b22443c7d0c056f5423c429eaf93c543
f45530ee93fe1451632f4c4da09ff7b9dcbbe6a64f2ae824c058c78fababd34c
f923dd368c72055e674e4a8932e265ee51911ea42c51d885ca49aacc7e0dd016
f9a8536bd32bcd9ecba5f08463ea344cfbcf4a2e0c1af51ce14089dcd4dbac51
fc94c74394ecdd4bfb25a98dbee8dd17e533fb310b384c6a984a5e4254162b5a
ff6ebdfad08d6efb6ac7fc6f4033fff174d6db41653378822a9e890605d9358f
ffb89f1f1fa54e822805cddf1f6ec0492cd8b806b36a921eda855241d1eee914

www.elfinancierocr.com Open in urlscan Pro 2a02:26f0:6c00::210:ba09 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Page Statistics

364 Requests

91 %HTTPS

42 %IPv6

61 Domains

112 Subdomains

81 IPs

10 Countries

4772 kBTransfer

12147 kBSize

103 Cookies

22 Outgoing links

Page URL History

Redirected requests

364 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 8 data transactions

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.elfinancierocr.com Open in urlscan Pro
2a02:26f0:6c00::210:ba09 Public Scan

Screenshot
Live screenshot

Full Image

364
Requests

91 %
HTTPS

42 %
IPv6

61
Domains

112
Subdomains

81
IPs

10
Countries

4772 kB
Transfer

12147 kB
Size

103
Cookies

364 HTTP transactions
8 data transactions