Submitted URL: https://consulteportal.com.br/2021/11/19/auxiliar_de_dupla_penetracao/
Effective URL: https://consulteportal.com.br/
Submission: On February 11 via api from US — Scanned from DE

Summary

This website contacted 64 IPs in 14 countries across 66 domains to perform 347 HTTP transactions. The main IP is 45.55.51.225, located in Clifton, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is consulteportal.com.br.
TLS certificate: Issued by R3 on January 31st 2022. Valid for: 3 months.
This is the only time consulteportal.com.br was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 29 45.55.51.225 14061 (DIGITALOC...)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
6 2600:9000:224... 16509 (AMAZON-02)
46 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:214... 16509 (AMAZON-02)
12 2606:4700::68... 13335 (CLOUDFLAR...)
6 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
18 2a00:1450:400... 15169 (GOOGLE)
1 18.205.36.100 14618 (AMAZON-AES)
2 137.59.203.101 18229 (CTRLS-AS-...)
5 142.250.184.226 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
4 2a00:1450:400... 15169 (GOOGLE)
33 2a00:1450:400... 15169 (GOOGLE)
6 2a00:1450:400... 15169 (GOOGLE)
1 35.157.246.167 16509 (AMAZON-02)
2 11 185.33.221.52 29990 (ASN-APPNEX)
5 185.86.139.96 201081 (SMARTADSE...)
2 51.75.86.98 16276 (OVH)
5 18.156.195.47 16509 (AMAZON-02)
4 2602:803:c004... 26667 (RUBICONPR...)
1 185.184.10.30 203690 (RTB-HOUSE...)
1 2 5.178.65.246 50673 (SERVERIUS-AS)
1 3.232.242.170 14618 (AMAZON-AES)
5 2a00:1450:400... 15169 (GOOGLE)
11 32 142.250.186.162 15169 (GOOGLE)
6 10 92.122.254.129 16625 (AKAMAI-AS)
4 35.244.159.8 15169 (GOOGLE)
4 104.90.104.248 16625 (AKAMAI-AS)
33 2a00:1450:400... 15169 (GOOGLE)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2 135.125.160.77 16276 (OVH)
1 1 31.172.81.159 44066 (DE-FIRSTC...)
2 2 213.155.156.185 1299 (TWELVE99 ...)
2 2 81.222.128.213 20597 (ELTEL-AS)
1 1 80.64.106.152 20764 (RASCOM-AS...)
1 52.212.203.142 16509 (AMAZON-02)
8 142.250.185.98 15169 (GOOGLE)
1 2620:116:800d... 16509 (AMAZON-02)
2 2a02:fa8:8806... 41041 (VCLK-EU-SE)
1 66.155.71.149 13768 (COGECO-PEER1)
4 5 37.157.2.234 198622 (ADFORM)
1 35.212.101.174 15169 (GOOGLE)
1 185.86.138.131 201081 (SMARTADSE...)
1 18.195.155.181 16509 (AMAZON-02)
2 4 15.197.193.217 16509 (AMAZON-02)
1 34.96.105.8 15169 (GOOGLE)
2 3 185.64.190.78 62713 (AS-PUBMATIC)
2 2 217.66.147.162 29209 (SPBMTS-AS...)
1 1 213.87.44.187 13174 (MTSNET Mo...)
1 1 169.50.137.182 36351 (SOFTLAYER)
2 2 2a05:d018:d29... 16509 (AMAZON-02)
1 52.199.32.167 16509 (AMAZON-02)
4 82.113.101.132 6805 (TDDE-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
2 104.92.74.8 16625 (AKAMAI-AS)
2 151.101.65.108 54113 (FASTLY)
16 2606:4700:10:... 13335 (CLOUDFLAR...)
3 4 35.227.248.159 15169 (GOOGLE)
1 2a04:4e42:600... 54113 (FASTLY)
1 2600:1f16:e61... 16509 (AMAZON-02)
2 2 2a05:d018:24:... 16509 (AMAZON-02)
2 2 52.214.166.97 16509 (AMAZON-02)
1 34.254.143.3 16509 (AMAZON-02)
1 1 151.1.205.165 3242 (ASN-ITNET)
1 1 85.114.159.93 24961 (MYLOC-AS ...)
2 2 35.201.81.244 15169 (GOOGLE)
1 89.163.159.104 24961 (MYLOC-AS ...)
2 2 52.215.102.174 16509 (AMAZON-02)
1 1 212.82.100.182 34010 (YAHOO-IRD)
1 1 18.168.101.220 16509 (AMAZON-02)
2 52.18.40.211 16509 (AMAZON-02)
1 168.119.79.223 24940 (HETZNER-AS)
4 4 151.101.130.49 54113 (FASTLY)
1 1 2.18.233.201 16625 (AKAMAI-AS)
1 1 34.195.210.70 14618 (AMAZON-AES)
1 2 52.95.115.255 16509 (AMAZON-02)
1 104.90.192.27 16625 (AKAMAI-AS)
1 1 18.203.74.39 16509 (AMAZON-02)
1 1 185.29.132.245 30419 (MEDIAMATH...)
4 69.173.144.138 26667 (RUBICONPR...)
4 4 69.173.144.139 26667 (RUBICONPR...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
347 64
Apex Domain
Subdomains
Transfer
84 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 92
tpc.googlesyndication.com — Cisco Umbrella Rank: 120
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
701 KB
57 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 37
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 159
cm.g.doubleclick.net — Cisco Umbrella Rank: 175
googleads4.g.doubleclick.net — Cisco Umbrella Rank: 276
386 KB
33 2mdn.net
s0.2mdn.net — Cisco Umbrella Rank: 246
1 MB
29 consulteportal.com.br
consulteportal.com.br
470 KB
16 zeotap.com
spl.zeotap.com — Cisco Umbrella Rank: 1178
mwzeom.zeotap.com — Cisco Umbrella Rank: 1486
5 KB
14 rubiconproject.com
fastlane.rubiconproject.com — Cisco Umbrella Rank: 436
eus.rubiconproject.com — Cisco Umbrella Rank: 512
pixel.rubiconproject.com — Cisco Umbrella Rank: 288
token.rubiconproject.com — Cisco Umbrella Rank: 593
17 KB
13 adnxs.com
ib.adnxs.com — Cisco Umbrella Rank: 210
acdn.adnxs.com — Cisco Umbrella Rank: 547
53 KB
12 denakop.com
tags.denakop.com — Cisco Umbrella Rank: 208090
122 KB
10 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488
9 KB
10 yahoo.com
c2shb.pubgw.yahoo.com — Cisco Umbrella Rank: 2363
c2shb.ssp.yahoo.com — Cisco Umbrella Rank: 654
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 419
cms.analytics.yahoo.com — Cisco Umbrella Rank: 855
ads.yahoo.com — Cisco Umbrella Rank: 835
10 KB
10 gstatic.com
fonts.gstatic.com
www.gstatic.com
157 KB
8 mailmunch.co
a.mailmunch.co — Cisco Umbrella Rank: 12732
forms.mailmunch.co — Cisco Umbrella Rank: 12916
analytics.mailmunch.co — Cisco Umbrella Rank: 23458
59 KB
7 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
ajax.googleapis.com — Cisco Umbrella Rank: 250
38 KB
6 smartadserver.com
prg.smartadserver.com — Cisco Umbrella Rank: 1311
ssbsync.smartadserver.com — Cisco Umbrella Rank: 1193
2 KB
6 googletagservices.com
www.googletagservices.com — Cisco Umbrella Rank: 146
227 KB
5 adform.net
c1.adform.net — Cisco Umbrella Rank: 529
dmp.adform.net — Cisco Umbrella Rank: 2002
3 KB
5 truepush.com
sdki.truepush.com — Cisco Umbrella Rank: 53194
sdk.truepush.com — Cisco Umbrella Rank: 66834
22 KB
4 everesttech.net
sync-tm.everesttech.net — Cisco Umbrella Rank: 491
1 KB
4 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 357
2 KB
4 o2online.de
portal.o2online.de — Cisco Umbrella Rank: 53320
2 KB
4 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 295
2 KB
4 teads.tv
sync.teads.tv — Cisco Umbrella Rank: 792
688 B
4 openx.net
us-u.openx.net — Cisco Umbrella Rank: 322
547 B
4 google.com
adservice.google.com — Cisco Umbrella Rank: 59
www.google.com — Cisco Umbrella Rank: 2
2 KB
3 krxd.net
beacon.krxd.net — Cisco Umbrella Rank: 371
usermatch.krxd.net — Cisco Umbrella Rank: 981
942 B
3 mts.ru
sm.rtb.mts.ru — Cisco Umbrella Rank: 30661
tech.rtb.mts.ru — Cisco Umbrella Rank: 30837
2 KB
3 pubmatic.com
image6.pubmatic.com — Cisco Umbrella Rank: 582
1 KB
3 google.de
adservice.google.de — Cisco Umbrella Rank: 9027
1 KB
2 amazon-adsystem.com
aax-eu.amazon-adsystem.com — Cisco Umbrella Rank: 1361
1 KB
2 mathtag.com
pixel.mathtag.com — Cisco Umbrella Rank: 1050
sync.mathtag.com — Cisco Umbrella Rank: 387
1 KB
2 crwdcntrl.net
bcp.crwdcntrl.net — Cisco Umbrella Rank: 629
1 KB
2 weborama.fr
idsync.frontend.weborama.fr — Cisco Umbrella Rank: 23557
673 B
2 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 187
2 KB
2 tidaltv.com
sync.tidaltv.com — Cisco Umbrella Rank: 977
791 B
2 dotomi.com
dclk-match.dotomi.com — Cisco Umbrella Rank: 2478
207 B
2 adriver.ru
ssp.adriver.ru — Cisco Umbrella Rank: 12204
680 B
2 de17a.com
d5p.de17a.com — Cisco Umbrella Rank: 4441
722 B
2 dyntrk.com
c.eu1.dyntrk.com — Cisco Umbrella Rank: 4950
1 KB
2 tribalfusion.com
a.tribalfusion.com — Cisco Umbrella Rank: 683
s.tribalfusion.com — Cisco Umbrella Rank: 1640
1 KB
2 e-planning.net
pbjs.e-planning.net — Cisco Umbrella Rank: 6090
1 KB
2 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 865
1 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
1 imrworldwide.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com — Cisco Umbrella Rank: 160499
214 B
1 bluekai.com
tags.bluekai.com — Cisco Umbrella Rank: 425
225 B
1 richaudience.com
sync.richaudience.com — Cisco Umbrella Rank: 1515
361 B
1 agkn.com
aa.agkn.com — Cisco Umbrella Rank: 388
379 B
1 theadex.com
dmp.theadex.com — Cisco Umbrella Rank: 19441
335 B
1 adition.com
dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1393
596 B
1 bemail.it
bn01.er.bemail.it — Cisco Umbrella Rank: 125516
659 B
1 exelator.com
loadeu.exelator.com — Cisco Umbrella Rank: 6812
324 B
1 fwmrm.net
dmp.v.fwmrm.net — Cisco Umbrella Rank: 9578
411 B
1 taboola.com
trc.taboola.com — Cisco Umbrella Rank: 571
161 B
1 adingo.jp
cc.adingo.jp — Cisco Umbrella Rank: 2866
44 B
1 simpli.fi
um.simpli.fi — Cisco Umbrella Rank: 691
711 B
1 blismedia.com
tr.blismedia.com — Cisco Umbrella Rank: 2590
173 B
1 emxdgt.com
cs.emxdgt.com — Cisco Umbrella Rank: 801
59 B
1 chocolateplatform.com
cs.chocolateplatform.com — Cisco Umbrella Rank: 2230
122 B
1 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 542
191 B
1 quantserve.com
cms.quantserve.com — Cisco Umbrella Rank: 927
463 B
1 yieldmo.com
ads.yieldmo.com — Cisco Umbrella Rank: 633
35 B
1 rutarget.ru
google-sync.rutarget.ru — Cisco Umbrella Rank: 122830
579 B
1 sniperlog.ru
sync3.sniperlog.ru — Cisco Umbrella Rank: 31195
677 B
1 creativecdn.com
prebid-us.creativecdn.com — Cisco Umbrella Rank: 8725
183 B
1 googleadservices.com
partner.googleadservices.com — Cisco Umbrella Rank: 741
420 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
36 KB
0 sonobi.com Failed
sync.go.sonobi.com Failed
347 66
Domain Requested by
46 pagead2.googlesyndication.com consulteportal.com.br
pagead2.googlesyndication.com
googleads.g.doubleclick.net
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
www.googletagservices.com
tpc.googlesyndication.com
s0.2mdn.net
33 s0.2mdn.net consulteportal.com.br
s0.2mdn.net
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
33 tpc.googlesyndication.com googleads.g.doubleclick.net
pagead2.googlesyndication.com
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
tpc.googlesyndication.com
s0.2mdn.net
32 cm.g.doubleclick.net 11 redirects googleads.g.doubleclick.net
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
spl.zeotap.com
29 consulteportal.com.br 1 redirects consulteportal.com.br
13 mwzeom.zeotap.com
13 googleads.g.doubleclick.net pagead2.googlesyndication.com
googleads.g.doubleclick.net
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
consulteportal.com.br
12 tags.denakop.com consulteportal.com.br
tags.denakop.com
11 ib.adnxs.com 2 redirects tags.denakop.com
googleads.g.doubleclick.net
spl.zeotap.com
acdn.adnxs.com
10 dsum-sec.casalemedia.com 6 redirects googleads.g.doubleclick.net
8 googleads4.g.doubleclick.net consulteportal.com.br
6 www.googletagservices.com googleads.g.doubleclick.net
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
6 fonts.gstatic.com fonts.googleapis.com
6 a.mailmunch.co consulteportal.com.br
a.mailmunch.co
ajax.googleapis.com
6 fonts.googleapis.com consulteportal.com.br
a.mailmunch.co
googleads.g.doubleclick.net
client
5 c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com securepubads.g.doubleclick.net
5 prg.smartadserver.com tags.denakop.com
4 token.rubiconproject.com 4 redirects
4 pixel.rubiconproject.com
4 sync-tm.everesttech.net 4 redirects
4 pixel.tapad.com 3 redirects
4 portal.o2online.de s0.2mdn.net
4 match.adsrvr.org 2 redirects c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
4 c1.adform.net 4 redirects
4 sync.teads.tv googleads.g.doubleclick.net
4 us-u.openx.net googleads.g.doubleclick.net
4 c2shb.ssp.yahoo.com tags.denakop.com
4 fastlane.rubiconproject.com tags.denakop.com
4 www.gstatic.com googleads.g.doubleclick.net
4 securepubads.g.doubleclick.net tags.denakop.com
securepubads.g.doubleclick.net
3 spl.zeotap.com tags.denakop.com
spl.zeotap.com
3 image6.pubmatic.com 2 redirects spl.zeotap.com
3 adservice.google.com pagead2.googlesyndication.com
securepubads.g.doubleclick.net
3 adservice.google.de pagead2.googlesyndication.com
securepubads.g.doubleclick.net
3 sdki.truepush.com consulteportal.com.br
sdki.truepush.com
2 aax-eu.amazon-adsystem.com 1 redirects
2 beacon.krxd.net spl.zeotap.com
2 bcp.crwdcntrl.net 2 redirects
2 idsync.frontend.weborama.fr 2 redirects
2 dpm.demdex.net 2 redirects
2 sync.tidaltv.com 2 redirects
2 acdn.adnxs.com tags.denakop.com
2 eus.rubiconproject.com tags.denakop.com
eus.rubiconproject.com
2 pr-bh.ybp.yahoo.com 2 redirects
2 sm.rtb.mts.ru 2 redirects
2 dclk-match.dotomi.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
2 ssp.adriver.ru 2 redirects
2 d5p.de17a.com 2 redirects
2 c.eu1.dyntrk.com 2 redirects
2 pbjs.e-planning.net 1 redirects consulteportal.com.br
2 onetag-sys.com tags.denakop.com
2 c2shb.pubgw.yahoo.com tags.denakop.com
2 sdk.truepush.com sdki.truepush.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 ads.yahoo.com
1 sync.mathtag.com 1 redirects
1 obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com 1 redirects
1 tags.bluekai.com spl.zeotap.com
1 usermatch.krxd.net 1 redirects
1 pixel.mathtag.com 1 redirects
1 sync.richaudience.com spl.zeotap.com
1 aa.agkn.com 1 redirects
1 cms.analytics.yahoo.com 1 redirects
1 dmp.theadex.com spl.zeotap.com
1 dsp.adfarm1.adition.com 1 redirects
1 bn01.er.bemail.it 1 redirects
1 loadeu.exelator.com spl.zeotap.com
1 dmp.v.fwmrm.net spl.zeotap.com
1 trc.taboola.com spl.zeotap.com
1 dmp.adform.net spl.zeotap.com
1 www.google.com tpc.googlesyndication.com
1 cc.adingo.jp c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 um.simpli.fi 1 redirects
1 tech.rtb.mts.ru 1 redirects
1 tr.blismedia.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 cs.emxdgt.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 ssbsync.smartadserver.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 cs.chocolateplatform.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 pixel-sync.sitescout.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 cms.quantserve.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 ads.yieldmo.com c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
1 google-sync.rutarget.ru 1 redirects
1 sync3.sniperlog.ru 1 redirects
1 s.tribalfusion.com
1 a.tribalfusion.com 1 redirects
1 analytics.mailmunch.co consulteportal.com.br
1 prebid-us.creativecdn.com tags.denakop.com
1 partner.googleadservices.com pagead2.googlesyndication.com
1 forms.mailmunch.co a.mailmunch.co
1 ajax.googleapis.com a.mailmunch.co
1 www.googletagmanager.com consulteportal.com.br
0 sync.go.sonobi.com Failed c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
347 92

This site contains links to these domains. Also see Links.

Domain
www.instagram.com
api.whatsapp.com
chat.whatsapp.com
Subject Issuer Validity Valid
consulteportal.com.br
R3
2022-01-31 -
2022-05-01
3 months crt.sh
upload.video.google.com
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
*.google-analytics.com
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
*.mailmunch.co
Amazon
2022-01-26 -
2023-02-23
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
sdki.truepush.com
Amazon
2021-09-24 -
2022-10-23
a year crt.sh
denakop.com
Cloudflare Inc ECC CA-3
2021-12-14 -
2022-12-14
a year crt.sh
*.gstatic.com
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
forms.mailmunch.co
R3
2022-02-10 -
2022-05-11
3 months crt.sh
*.truepush.com
Sectigo RSA Domain Validation Secure Server CA
2021-09-13 -
2022-09-13
a year crt.sh
*.google.de
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
*.google.com
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
tpc.googlesyndication.com
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
web.ssp.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-10-14 -
2022-04-06
6 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2021-03-05 -
2022-02-19
a year crt.sh
*.smartadserver.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-25 -
2023-01-25
a year crt.sh
*.onetag-sys.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2022-01-10 -
2023-01-03
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2021-03-30 -
2022-04-04
a year crt.sh
*.creativecdn.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-03-30 -
2022-04-12
a year crt.sh
analytics.mailmunch.co
R3
2021-12-14 -
2022-03-14
3 months crt.sh
*.openx.net
GeoTrust RSA CA 2018
2021-07-08 -
2022-08-08
a year crt.sh
teads.tv
R3
2022-01-03 -
2022-04-03
3 months crt.sh
*.doubleclick.net
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
*.yieldmo.com
Amazon
2021-05-25 -
2022-06-23
a year crt.sh
*.quantserve.com
DigiCert TLS RSA SHA256 2020 CA1
2021-09-22 -
2022-09-21
a year crt.sh
*.dotomi.com
GlobalSign RSA OV SSL CA 2018
2021-08-10 -
2022-09-11
a year crt.sh
*.sitescout.com
GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1
2021-12-15 -
2023-01-15
a year crt.sh
chocolateplatform.com
GTS CA 1D4
2021-12-21 -
2022-03-21
3 months crt.sh
*.emxdgt.com
Go Daddy Secure Certificate Authority - G2
2021-05-18 -
2022-06-19
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2021-03-18 -
2022-04-19
a year crt.sh
tr.blismedia.com
GTS CA 1D4
2021-12-23 -
2022-03-23
3 months crt.sh
*.adingo.jp
DigiCert TLS RSA SHA256 2020 CA1
2021-03-26 -
2022-04-14
a year crt.sh
*.o2online.de
DigiCert TLS RSA SHA256 2020 CA1
2021-01-19 -
2022-02-19
a year crt.sh
www.google.com
GTS CA 1C3
2022-01-17 -
2022-04-11
3 months crt.sh
cdn.adnxs.com
GlobalSign Organization Validated CA - SHA256 - G4
2021-05-10 -
2022-06-11
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2021-07-05 -
2022-07-04
a year crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.taboola.com
DigiCert TLS RSA SHA256 2020 CA1
2021-11-28 -
2022-12-29
a year crt.sh
*.v.fwmrm.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-29 -
2022-12-30
a year crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2021-08-04 -
2022-09-04
a year crt.sh
*.exelator.com
DigiCert TLS RSA SHA256 2020 CA1
2021-06-02 -
2022-06-07
a year crt.sh
*.theadex.com
AlphaSSL CA - SHA256 - G2
2021-10-01 -
2022-11-02
a year crt.sh
beacon.krxd.net
DigiCert TLS RSA SHA256 2020 CA1
2021-11-03 -
2022-11-02
a year crt.sh
*.richaudience.com
RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1
2021-03-17 -
2022-03-16
a year crt.sh
odc-pixel-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2021-11-24 -
2022-04-26
5 months crt.sh

This page contains 41 frames:

Primary Page: https://consulteportal.com.br/
Frame ID: E9DAF05752EF5DBBDD96991D39CDE443
Requests: 98 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20190131/zrt_lookup.html
Frame ID: 411FDAAA653726413007AB8B087C18BE
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&adk=3046330955&adf=2044148826&lmt=1644608070&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fconsulteportal.com.br%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070508&bpp=4&bdt=470&idt=151&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2865320610276&frm=20&pv=2&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=167
Frame ID: C3E384EFC39318BE8C707A53C39F9BE5
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Frame ID: E76F21A6CA39D2A5A2021D043D59966C
Requests: 16 HTTP requests in this frame

Frame: https://a.mailmunch.co/v2/themes/mailmunch/simple/popover/index.css
Frame ID: 5C57CAD034840DFD71AA273DE384D55E
Requests: 4 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Frame ID: 6D16E7C9A90049D22F4C57549EB1DF06
Requests: 5 HTTP requests in this frame

Frame: https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Frame ID: E7553D913E391DA21017341748E927B7
Requests: 7 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Frame ID: 401CFBFBFB075BCEEBC543060CC586C3
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Frame ID: 8E127F7E727A99802A6D7B6D6CDA589B
Requests: 1 HTTP requests in this frame

Frame: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 36A718ED258CBB7518D74358594E48AE
Requests: 1 HTTP requests in this frame

Frame: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: A95708BEA6804993790FE0725DD82195
Requests: 14 HTTP requests in this frame

Frame: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 8AF55FDBAF26292FB7BF15F25BEB0C08
Requests: 13 HTTP requests in this frame

Frame: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: EF6AD3255FE616D22DBF50674DCED5DB
Requests: 13 HTTP requests in this frame

Frame: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Frame ID: 4B0AE9E062DBF6B13626FBE8D2B97952
Requests: 14 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNWaaZClvxQTLhvE1lE27h7C3qa4Jds5Dmx_nG4gy9bNzWcXHnmq3y28h646j6JzmhdDC4yYZ4KIoIpKl-LkmXS4eqQtmHcJi9pazOWMYvOUoP8km1Vt64ccFfaq_u3YmwNjJ1FKnueu0ud30fVF2WuXPJtyPdfD2MdHUFr283-Hth2cPhEhmO9bI-2uzONo4VwwprU6OlDip79C3HGFvVcqxvFjWQ
Frame ID: E96A624C5F49280D84863F7831687EAC
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi4_qO-ATAB&v=APEucNVzF-MWoCha0sI5ri2LkRpczmI9YHYPMCUJRHxqblP0ksmqThqFIeTUqeg-FHfUwTU63_dhDt5QMl5YC6tmJivXK7aQJlvV5OVAfAEaHPetpy1YusXLrh48PVk06QZyzL8ZEkQIW_XO7W2DeR7vpA3dieaDA_e8RF6CN27VCMT-z5CywzpIH1zoFK-jeCBHdhQ_N-1q-RFMYP_iyaycjDRLvdoBSw
Frame ID: 7B59648BD68F6AD6B1979FD004ECB57C
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNW7i3JlcUpuGQ46O5hUYrNqI16S6RkmqMeS3Jysgxe6jgXbf7keWntno2XFA8CUMqWKfBCTjBHGbHMKu_pOvmxj4uns-gVIw9Hv9ZlIEFcW1hzIwh0fP7m_WGkYG65okSHxhOwsp8USUM-6LRwubJDe7nbKoY3wt00VQFKxQw9xfHiysJuRvezeHGp2IbIf7XM261mAM5QuyGFSehRpRQlTfoJCSg
Frame ID: 993655230FE833DB4C3F7B2F9097F18A
Requests: 5 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNXajNAcjhCQkDjaArXvJDDd9GQDJcg0ogiNm2UTUIBwYzVWNjJz7SksXzbLL-1yO_IFb94B6-IYGPDXYfMcH3K8MrcSUmzQCUb5JQWfftsb4vnS8a6QcBzKqc2lpWxSTprezCeAPDZb0jjT4vYhTX865qb9VgGlBZB-HAPBdd1B_edLvA8sEl_ueIZN2zISrR7UM6_uZrMXmofV5bvQDD0UN0TJ5g
Frame ID: 1788C0832D0754530942DC36F0E6CFE8
Requests: 5 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: B38CB5AD9FC9734A96019A55680B1A6E
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: E252C0BFE82BB585EA03857FF5CB58C5
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: C261F3A6A651AC82F047DC8D0D94A015
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 69486FD494AC794CA9953D649756FA6A
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 2F96BBA7501AC458924AC40C932ED133
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: F53ABC5146827A411182DE5BAABDA4C3
Requests: 3 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 31353ED72F6D1F194E9907A970364707
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
Frame ID: FA8FE150A276A18DCEAD827663C9AFCA
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
Frame ID: 11D69DF7E55CF1FC2FE9541E2AA275F7
Requests: 12 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A638B2B401E05C100673ED637094DAA1
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Frame ID: 31649736E63D68B03B275051F07E5D64
Requests: 9 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
Frame ID: AA0CBEC2A53C74190FA6BC126EC0CABF
Requests: 10 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: 05EB5744B720855919D60727130C64C6
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 2C8555D1016A6BA80EF3FF0448F469EF
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Frame ID: B5302F7FCC3DB337C8994F23788B3F87
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Frame ID: AC79530C43FE9E6BEECCC6F89063E9C2
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Frame ID: 0AE37A4C64C06CD0B6C5A38D66D92EDE
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Frame ID: 71CA2A2CED825C3EA0F96676B7980C32
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 74CE801C9ED39061F60EA531020CE120
Requests: 10 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 99D433BDDF78E75F363FB13E38D91582
Requests: 3 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: 4BC74D2B4467CE80D34FAFCB0CC1A6AD
Requests: 3 HTTP requests in this frame

Frame: https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&cmp=0
Frame ID: CF4E71545C04113607096999173E22A6
Requests: 30 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1644608071418
Frame ID: F63F0AE97F904278A4CB3106B5928210
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Consulte Portal – Oportunidades de emprego, estágios, jovem aprendiz, concursos, anúncios de empregos, anúncios de vagas de emprego, anúncios de empregos em jornais, site de anuncios de empregos gratuitos, site de anuncios de empregos, anuncios de empregos gratuitos, emprego pela internet, procurar emprego, sites de emprego, conseguir emprego, divulga empregos, trabalho voluntário sp, aplicativos de emprego, home office, vagas home office, trabalho em casa, processo seletivo, recrutamento, mercado de trabalho, terceiro setor oportunidades, trabalhe conosco. Vagas de emprego SP é um site criado para a divulgação diária de vagas de empresas, instituições, RH’s, voluntários, terceirizações, corporações e todo o tipo de organização não governamental que contribui para o mercado de trabalho. Imobiliário, Listas de aluguel, Agências e corretoras imobiliárias, Desenvolvimento de propriedade, Listagens de bens materiais, Serviços de mudança doméstica, Bancos, Cartões de crédito e débito, Certificados e contas a prazo, Internet banking, Private Banking, Bolsas de estudo, subsídios e ajuda financeira, Financiamento estudantil, Contabilidade e auditoria, Declaração e planejamento de impostos, Cartões de crédito, Gerenciamento e consolidação de dívidas, Relatórios de crédito e serviços de relatórios, Crédito imobiliário do governo, Empréstimos com garantia imobiliária e linhas de crédito, Empréstimos para refinanciamento da casa, Hipoteca atrelada apenas ao pagamento dos juros, Hipotecas de imóveis para locação, Hipotecas de juros fixos, Aluguéis e financiamentos de casas, Crédito e empréstimo sem garantia, Crédito pessoal, Empréstimo comercial, Hipotecas comerciais, Empréstimos com alienação da propriedade, Empréstimos de emergência e para o dia do pagamento, Empréstimos pessoais e linhas de crédito, Leasing de automóveis, Financiamento automotivo.

Page URL History Show full URLs

  1. https://consulteportal.com.br/2021/11/19/auxiliar_de_dupla_penetracao/ HTTP 301
    https://consulteportal.com.br/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/
  • 2mdn\.net

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • lightbox(?:-plus-jquery)?.{0,32}\.js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • /prebid\.js
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

347
Requests

85 %
HTTPS

31 %
IPv6

66
Domains

92
Subdomains

64
IPs

14
Countries

3428 kB
Transfer

7985 kB
Size

60
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://consulteportal.com.br/2021/11/19/auxiliar_de_dupla_penetracao/ HTTP 301
    https://consulteportal.com.br/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 100
  • https://pbjs.e-planning.net/pbjs/1/480f9/1/consulteportal.com.br/ROS?rnd=0.19742482969812603&e=300x250_0%3A300x250%2C336x280%2C580x400%2B300x250_1%3A300x250%2C336x280%2C580x400%2B300x250_2%3A300x250%2C336x280%2C580x400%2B728x90_0%3A728x90%2C970x90&ur=https%3A%2F%2Fconsulteportal.com.br%2F&pbv=5.20.0&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2Fconsulteportal.com.br%2F HTTP 302
  • https://pbjs.e-planning.net/hb/1/480f9/1/consulteportal.com.br/ROS?ct=1&r=pbjs&rnd=0.19742482969812603&e=300x250_0%3A300x250%2C336x280%2C580x400%2B300x250_1%3A300x250%2C336x280%2C580x400%2B300x250_2%3A300x250%2C336x280%2C580x400%2B728x90_0%3A728x90%2C970x90&ur=https%3A%2F%2Fconsulteportal.com.br%2F&pbv=5.20.0&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2Fconsulteportal.com.br%2F
Request Chain 158
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
Request Chain 159
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yga6SEaeh7tzZU2gvZo4AwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
Request Chain 160
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
Request Chain 161
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
Request Chain 162
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
Request Chain 163
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yga6SEaeh7tzZU2gvZo4AwAA HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
Request Chain 164
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
Request Chain 165
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
Request Chain 166
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
Request Chain 168
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
Request Chain 170
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
Request Chain 172
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm HTTP 302
  • https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
Request Chain 201
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEBL91P1lk0kgaf558NcYDUU&google_cver=1&google_push=AYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24 HTTP 302
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL91P1lk0kgaf558NcYDUU&google_cver=1&google_push=AYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Request Chain 202
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENXYfXt9YiFZO-VXxt81lVY&google_cver=1&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C08HJo_RvWzxJuiEtLzg HTTP 302
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENXYfXt9YiFZO-VXxt81lVY&google_cver=1&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C08HJo_RvWzxJuiEtLzg&prevuid=&knw= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C08HJo_RvWzxJuiEtLzg&google_hm=
Request Chain 203
  • https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEDWw_yeZ6pC_kpvEsF6JV4g&google_cver=1&google_push=AYg5qPJiCvO7wRqMV5Hz09cWhpClX90kKitFWU2EtGYW3CcEaKEgjqBtmqCifpnglIjtCRojOI8GK1ZyPJFJMncaTWi52wwOrKuc HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJiCvO7wRqMV5Hz09cWhpClX90kKitFWU2EtGYW3CcEaKEgjqBtmqCifpnglIjtCRojOI8GK1ZyPJFJMncaTWi52wwOrKuc
Request Chain 204
  • https://d5p.de17a.com/cookies/google?google_gid=CAESELcaxL1SQbWDxi_fsyh7MdY&google_cver=1&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_NvToL HTTP 302
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESELcaxL1SQbWDxi_fsyh7MdY&google_cver=1&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_NvToL HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_NvToL
Request Chain 205
  • https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEOc6Vx59z6yYQ_TqKtJlu-g&google_cver=1&google_push=AYg5qPKJ3eCoMwn2oGs-6yKdpejG7103l4DG-LaiMsd7Z7phRrC-JiZqPrlK0Qm_R4GzBonzYH2GAkwuD6U0i6n03a-UVdVtDnYu HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKJ3eCoMwn2oGs-6yKdpejG7103l4DG-LaiMsd7Z7phRrC-JiZqPrlK0Qm_R4GzBonzYH2GAkwuD6U0i6n03a-UVdVtDnYu&google_hm=QUVsRlFZLTVZelBZX0xpS0FZNXZxd0E=
Request Chain 206
  • https://google-sync.rutarget.ru/sync?google_gid=CAESEICMZ-Y8BX8uax1ocKyRvtM&google_cver=1&google_push=AYg5qPK4XrPojTu9jqdBBglIvF8m92VlyzztPmQdtZueJqz-uEDY_Lgl47e86JiaPQ3IjIgv2JlPTeo_Ml-WfqxA04i6TuFyDbK4 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WTR1ZXZkU3N2UDBK&google_ula=2046794&google_push=AYg5qPK4XrPojTu9jqdBBglIvF8m92VlyzztPmQdtZueJqz-uEDY_Lgl47e86JiaPQ3IjIgv2JlPTeo_Ml-WfqxA04i6TuFyDbK4
Request Chain 222
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLBBvUJUY4Emp_FLMqvzS-G_M HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLBBvUJUY4Emp_FLMqvzS-G_M HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjE3NjI3MDU1MzA3MTg2NzMyMg&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLBBvUJUY4Emp_FLMqvzS-G_M
Request Chain 229
  • https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEOc6Vx59z6yYQ_TqKtJlu-g&google_cver=1&google_push=AYg5qPIZnOk2QJZv2nV0Ev0-P9aWgHcon0gJv5j2K93ns2QsitZChbFniTGCnQXSO8PWYJDYirykA2wwUf2M6XBIcl-5Cz-R96Su HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPIZnOk2QJZv2nV0Ev0-P9aWgHcon0gJv5j2K93ns2QsitZChbFniTGCnQXSO8PWYJDYirykA2wwUf2M6XBIcl-5Cz-R96Su&google_hm=QUFvU0VTUUtCZ3JsMHNjcnRsLXZqbFE=
Request Chain 230
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXliAZ0xUFsF-4_J7Dg17eDrp HTTP 302
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXliAZ0xUFsF-4_J7Dg17eDrp HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQ5MjEyNjA0MDU5NTMwMjM3MQ&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXliAZ0xUFsF-4_J7Dg17eDrp
Request Chain 231
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEB4IQDQtPeRp0vO3HNpBuQg&google_cver=1&google_push=AYg5qPLYbpIzCKi-BrTMTOVDc18ltRL3qd9LA6KoN26Es7J7gX2023scuwcKE9jNAwqlNEhEPsexypBTM5bG8JQnN91H1Bhk5Co HTTP 302
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%25253A%25252F%25252Fimage8.pubmatic.com%25252FAdServer%25252FImgSync%25253Fsec%25253D1%252526p%25253D156578%252526mpc%25253D4%252526fp%25253D1%252526pu%25253Dhttps%2525253A%2525252F%2525252Fimage4.pubmatic.com%2525252FAdServer%2525252FSPug%2525253Fp%2525253D156578%25252526sc%2525253D1&google_gid=CAESEB4IQDQtPeRp0vO3HNpBuQg&google_cver=1&google_push=AYg5qPLYbpIzCKi-BrTMTOVDc18ltRL3qd9LA6KoN26Es7J7gX2023scuwcKE9jNAwqlNEhEPsexypBTM5bG8JQnN91H1Bhk5Co&rdf=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IcUY1ffvQiKMORRz9B4nxg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLYbpIzCKi-BrTMTOVDc18ltRL3qd9LA6KoN26Es7J7gX2023scuwcKE9jNAwqlNEhEPsexypBTM5bG8JQnN91H1Bhk5Co
Request Chain 232
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe
Request Chain 233
  • https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEKHH0D-KGZAlZvzSpH24Y4I&google_cver=1&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n HTTP 301
  • https://sm.rtb.mts.ru/match/second?ssp=12&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n&exu=CAESEKHH0D-KGZAlZvzSpH24Y4I HTTP 301
  • https://tech.rtb.mts.ru/?dsp_uid=ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3Dff8e9c4f-fad1-4315-bd4a-72ebe9c8f388%26google_push%3DAYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n
Request Chain 236
  • https://um.simpli.fi/gp_match?google_gid=CAESEEH6pbfdIKWK_q9Js7lNvl8&google_cver=1&google_push=AYg5qPLoZLao2o8jUZjfcdGsauL61Qf_eMWIWgdJLeaOEPhrwYHZ5rKUlgvbRxXar0ZpLZdTfbhOGqtnoZrYvyEw_8soVmrWFnY HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C955EEB5C11D4A9BB0DE9873DA9CB125&google_push=AYg5qPLoZLao2o8jUZjfcdGsauL61Qf_eMWIWgdJLeaOEPhrwYHZ5rKUlgvbRxXar0ZpLZdTfbhOGqtnoZrYvyEw_8soVmrWFnY
Request Chain 237
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGe9vRJFM1YPnrZc8rcz3uk&google_cver=1&google_push=AYg5qPKFkUY5Hn4M4LXn5Xv3n4hif0HxRdn-MBsIdRnPcY-PXutONQCeIcfwvj5xbRywNpUN8qC4lX9jynOIZQ8gULWcdH3GAA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKFkUY5Hn4M4LXn5Xv3n4hif0HxRdn-MBsIdRnPcY-PXutONQCeIcfwvj5xbRywNpUN8qC4lX9jynOIZQ8gULWcdH3GAA&google_hm=NTIzMzY0OTg5MTI4MjA3MjY3NQ%3D%3D
Request Chain 239
  • https://s.uuidksinc.net/match/47/?remote_uid=CAESEDEYhPJ_sovXTI3n6CQOxiQ&c_param1=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA&google_cver=1 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
Request Chain 315
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=2accbc87-2f90-4e77-bc4a-9fd97f61afde&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 317
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=efcbe9b3-0785-4e43-abb5-caee2056d131&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 321
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&s_h=1 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=596d8883-70ce-4259-9477-13cecb85e0da&zpartnerid=317&gdpr=1&gdpr_consent=
Request Chain 322
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=83340668355120521200458428045136337382&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 324
  • https://bn01.er.bemail.it/zeotap.php?_bid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022021120-58222-0.663283001644608079-2859da8b76f8dfde00ab7ee9a29943a8&zdid=533&env=mWeb
Request Chain 325
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=7063537896866707604&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 326
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
Request Chain 327
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361&bounce=1&random=1599979106 HTTP 302
  • https://mwzeom.zeotap.com/mw?webouuid=CcwllbMfv.Awm9WN5s/mPe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 329
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?pid=5e87c3820b9b18f18e51405b4f8934bb&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 330
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=y-wWT49dBE2oreoG_EIB5fQ_lDVuAahlWNww--~A&zpartnerid=570&env=mWeb
Request Chain 331
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=iKVlrKLyaRhuGTpoDn3L6Qwy0ua9d5VB%2BS41iYitP1U%3D
Request Chain 334
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361&_test=Yga6SwAFbJEMLAAy HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yga6SwAFbJEMLAAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&_test=Yga6SwAFbJEMLAAy
Request Chain 335
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?cid=bac96206-ba4b-4800-be81-a797fbd3e0a4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 336
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 337
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361 HTTP 302
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&dcc=t
Request Chain 339
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361 HTTP 302
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Request Chain 344
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=bac96206-ba4b-4800-be81-a797fbd3e0a4
Request Chain 346
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1 HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/tx4HULGn3N7yScKDoULlfA?csrc= HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5233649891282072675
Request Chain 347
  • https://token.rubiconproject.com/token?pid=25470 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pJVDZMRzMtNi0yOTlK
Request Chain 348
  • https://token.rubiconproject.com/token?pid=26594 HTTP 302
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZIT6LG3-6-299J&sigv=1&esig=2~9bf8792d9ee26c1e5059a87ed7b9df286579d276
Request Chain 349
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D HTTP 302
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Yga6SwAFfeLzEwBH HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yga6SwAFfeLzEwBH&_test=Yga6SwAFfeLzEwBH
Request Chain 350
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMMAXladO9may-gWj0Kveco&google_cver=1
Request Chain 351
  • https://token.rubiconproject.com/token?pid=2249&pt=n HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGEyYjM1NmViNmQ1MjkzZTRjNDBkOGQzZDJlMDdmYzBhYTdjMjY3NA

347 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
consulteportal.com.br/
Redirect Chain
  • https://consulteportal.com.br/2021/11/19/auxiliar_de_dupla_penetracao/
  • https://consulteportal.com.br/
56 KB
12 KB
Document
General
Full URL
https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx / Agius.Cloud 1.2.0
Resource Hash
659b4a7bea46261aca61fe107917ebe69fcced12570cdbf7c30ea019a38474b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

server
nginx
date
Fri, 11 Feb 2022 19:34:29 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
link
<https://consulteportal.com.br/wp-json/>; rel="https://api.w.org/"
x-srcache-fetch-status
HIT
x-srcache-store-status
BYPASS
x-powered-by
Agius.Cloud 1.2.0
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-encoding
gzip

Redirect headers

server
nginx
date
Fri, 11 Feb 2022 19:34:29 GMT
content-type
text/html; charset=UTF-8
content-length
0
location
https://consulteportal.com.br
x-frame-options
SAMEORIGIN
expires
Wed, 11 Jan 1984 05:00:00 GMT
cache-control
no-cache, must-revalidate, max-age=0
x-srcache-fetch-status
HIT
x-srcache-store-status
BYPASS
x-powered-by
Agius.Cloud 1.2.0
x-xss-protection
1; mode=block
x-content-type-options
nosniff
sbi-styles.min.css
consulteportal.com.br/wp-content/plugins/instagram-feed/css/
23 KB
3 KB
Stylesheet
General
Full URL
https://consulteportal.com.br/wp-content/plugins/instagram-feed/css/sbi-styles.min.css
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
eacb3c40fa1c1773c8159aba39af3b7203f0b0cb6eb3bec701fbb1a460cb1ebd

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"6205d581-5c66"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
style.min.css
consulteportal.com.br/wp-includes/css/dist/block-library/
77 KB
11 KB
Stylesheet
General
Full URL
https://consulteportal.com.br/wp-includes/css/dist/block-library/style.min.css
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61f0d342-1357b"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
style.css
consulteportal.com.br/wp-content/plugins/email-encoder-bundle/core/includes/assets/css/
447 B
264 B
Stylesheet
General
Full URL
https://consulteportal.com.br/wp-content/plugins/email-encoder-bundle/core/includes/assets/css/style.css
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
d0c1ea7be1218f841b258db97dc5f0e68d2c4f630753650eb5126c2af2394359

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61fd99c1-1bf"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
style.css
consulteportal.com.br/wp-content/themes/sahifa/
198 KB
36 KB
Stylesheet
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
7a33f619b998c5b6289f5122ec27eae81a253631b797a4afeda7f3c46d567d5c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61ff7169-31947"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
skin.css
consulteportal.com.br/wp-content/themes/sahifa/css/ilightbox/dark-skin/
7 KB
1 KB
Stylesheet
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/css/ilightbox/dark-skin/skin.css
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
949448840982c267cbacb0aadde067218f404646e15e92b72991715a2988d1f0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61ff7169-1c79"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
css
fonts.googleapis.com/
754 B
834 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0665f5f3dfc038e410e2f0004a1a5ff6d2d91f392dd32208606eb8ff51195172
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 17:44:33 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 11 Feb 2022 19:34:30 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Feb 2022 19:34:30 GMT
ane-whatsapp-fixo.css
consulteportal.com.br/wp-content/plugins/ane-whatsapp-fixo-1/
846 B
434 B
Stylesheet
General
Full URL
https://consulteportal.com.br/wp-content/plugins/ane-whatsapp-fixo-1/ane-whatsapp-fixo.css
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
51fd59816d031a2f778b4afadcf1c02fce7dfd88a0574fd6edd1202897a6eaa7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"5db8983b-34e"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
jquery.min.js
consulteportal.com.br/wp-includes/js/jquery/
87 KB
30 KB
Script
General
Full URL
https://consulteportal.com.br/wp-includes/js/jquery/jquery.min.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"60f79ffd-15db1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
jquery-migrate.min.js
consulteportal.com.br/wp-includes/js/jquery/
11 KB
4 KB
Script
General
Full URL
https://consulteportal.com.br/wp-includes/js/jquery/jquery-migrate.min.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"5fd39d4d-2bd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
custom.js
consulteportal.com.br/wp-content/plugins/email-encoder-bundle/core/includes/assets/js/
2 KB
842 B
Script
General
Full URL
https://consulteportal.com.br/wp-content/plugins/email-encoder-bundle/core/includes/assets/js/custom.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
460536973244a66560fa46c0d94dfccd16e57879b3458883ab3b50b7619d92dc

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61fd99c1-8d5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
js
www.googletagmanager.com/gtag/
90 KB
36 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-10134671-18
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
eeb72af19255aa6d90fe2b39649b9b18c09a1d61e5f069068adaeb3e9169b93e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
36104
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 11 Feb 2022 19:34:30 GMT
site.js
a.mailmunch.co/app/v1/
25 KB
9 KB
Script
General
Full URL
https://a.mailmunch.co/app/v1/site.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:d200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e9ec9ebf944bc428590b4c2b665ad3086a0f991bf785341635e876beaf048e7b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 09:41:32 GMT
content-encoding
gzip
age
121979
x-cache
Hit from cloudfront
content-length
8307
access-control-allow-origin
*
last-modified
Wed, 02 Feb 2022 12:42:56 GMT
server
AmazonS3
etag
"fff12bdf3354bc8fccf6f2f4e093545c"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/javascript
via
1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=172800
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
x-amz-cf-id
RYXwdkyBRykgcvWNjPnXXhDz8WqkXsNdM79soxbfzWJf9sB-Oli9_w==
adsbygoogle.js
pagead2.googlesyndication.com/pagead/js/
153 KB
53 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1855656437358103
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dc9f0a3d9a45cef63f8e4c94e763fcb9eea3ca35a326579d3376804d34d65c16
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://consulteportal.com.br/
Origin
https://consulteportal.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
53872
x-xss-protection
0
server
cafe
etag
12917944193190033098
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 11 Feb 2022 19:34:30 GMT
logo-consulte.png
consulteportal.com.br/wp-content/uploads/2020/07/
7 KB
7 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/uploads/2020/07/logo-consulte.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
c6add8a7845483e489786f13488bf8051991e046e51f27f246b03704a3de129f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"5f20f66a-1ae6"
expires
Thu, 31 Dec 2037 23:55:55 GMT
empregos-sao-paulo.png
consulteportal.com.br/wp-content/uploads/2020/08/
68 KB
68 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/uploads/2020/08/empregos-sao-paulo.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
a0888c1fbb7483936160ef75bffbaa54591bfd6f910fa0909dcadc6b127e944c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"5f2ba05a-10fac"
expires
Thu, 31 Dec 2037 23:55:55 GMT
placeholder.png
consulteportal.com.br/wp-content/plugins/instagram-feed/img/
176 B
214 B
Image
General
Full URL
https://consulteportal.com.br/wp-content/plugins/instagram-feed/img/placeholder.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
f623564c53c2e08780c064012cfbdbde0a80ee56816f4d5d3d52c46ed285cb95

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"6205d581-b0"
expires
Thu, 31 Dec 2037 23:55:55 GMT
whatsapp.png
consulteportal.com.br/wp-content/plugins/ane-whatsapp-fixo-1/img/
3 KB
3 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/plugins/ane-whatsapp-fixo-1/img/whatsapp.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
5003dd0f2d316ec6a68c6189a14d9278f0730a6d162cf24fc918e41e6391ee38

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"5db8983b-b8c"
expires
Thu, 31 Dec 2037 23:55:55 GMT
app.js
sdki.truepush.com/sdk/v2.0.3/
1 KB
948 B
Script
General
Full URL
https://sdki.truepush.com/sdk/v2.0.3/app.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:f000:7:6b7b:1000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c600adb1e3d6281621818ba058f98a8fa9ba43bd31a97c2cf98901400ba6f461

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 25 Jan 2022 21:00:54 GMT
content-encoding
gzip
last-modified
Mon, 07 Dec 2020 12:54:29 GMT
server
AmazonS3
age
1463617
etag
"b861f6349fdb27190bd25dbfcd7674ff"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
cache-control
max-age=86400
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
581
x-amz-cf-id
-NfPXEgFJvydpkaPW_RJyLF5GxmXeU6YO6E6zQCfNUK27QSgIq2Vgg==
encoder-form.js
consulteportal.com.br/wp-content/plugins/email-encoder-bundle/core/includes/assets/js/
2 KB
734 B
Script
General
Full URL
https://consulteportal.com.br/wp-content/plugins/email-encoder-bundle/core/includes/assets/js/encoder-form.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
b25ac99d50352ead8b958bc1becb09c376df0c0e1540ea1fd2f4ab9dbc11f55e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61fd99c1-85d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
tie-scripts.js
consulteportal.com.br/wp-content/themes/sahifa/js/
72 KB
21 KB
Script
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/js/tie-scripts.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
a285337ae3fac1859a2f626f20d9a8d1a46e36e59ef427f85e7deda94afffb62

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61ff7169-12161"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
ilightbox.packed.js
consulteportal.com.br/wp-content/themes/sahifa/js/
78 KB
24 KB
Script
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/js/ilightbox.packed.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
1f560c3e9fb5beeed86da7d5be1ae459c22af6ec1d58f77e2a89a20063ef7ba2

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61ff7169-137ad"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
ane-whatsapp-fixo.js
consulteportal.com.br/wp-content/plugins/ane-whatsapp-fixo-1/
74 B
117 B
Script
General
Full URL
https://consulteportal.com.br/wp-content/plugins/ane-whatsapp-fixo-1/ane-whatsapp-fixo.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
926b43e18093d6ffce776e1c39fcc7e091737ec3b9b4d24ec2add928bb65e54f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"5db8983b-4a"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
search.js
consulteportal.com.br/wp-content/themes/sahifa/js/
15 KB
4 KB
Script
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/js/search.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
d6c6d0b6440485f2536e96758b074c4713ef69a56511f2af2128f23ce6eebdca

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"61ff7169-3aa2"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
sbi-scripts.min.js
consulteportal.com.br/wp-content/plugins/instagram-feed/js/
27 KB
8 KB
Script
General
Full URL
https://consulteportal.com.br/wp-content/plugins/instagram-feed/js/sbi-scripts.min.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
dfa74f388e1880583f00404a3a4e88c7fd1887f3577120cd4f1ec59fa7c3b174

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"6205d581-6cc5"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
wp-emoji-release.min.js
consulteportal.com.br/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://consulteportal.com.br/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
server
nginx
etag
W/"60f79ffd-4705"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
expires
Sun, 13 Mar 2022 19:34:30 GMT
denakop.js
tags.denakop.com/10406/
35 KB
9 KB
Script
General
Full URL
https://tags.denakop.com/10406/denakop.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2225345a40b3389624bc596ce6bf6dc654645143fc7d1837c1eb6bcad72ad095

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 10 Feb 2022 21:11:30 GMT
server
cloudflare
etag
W/"62057f82-8ced"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, must-revalidate, max-age=3600
cf-ray
6dc003d82abe901c-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
body-bg7.png
consulteportal.com.br/wp-content/themes/sahifa/images/patterns/
21 KB
21 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/images/patterns/body-bg7.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
7a6ac6e588a725241e6f43feaad46fb36de9682576f5f29c570edc3ec5247477

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/wp-content/themes/sahifa/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"61ff7169-529a"
expires
Thu, 31 Dec 2037 23:55:55 GMT
home.png
consulteportal.com.br/wp-content/themes/sahifa/images/
1022 B
1 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/images/home.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
6039cdb2c8028b73ddb9d711e7eb22834a8e11ba865283a7ed2fd2c75a401040

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/wp-content/themes/sahifa/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"61ff7169-3fe"
expires
Thu, 31 Dec 2037 23:55:55 GMT
fontawesome-webfont.woff2
consulteportal.com.br/wp-content/themes/sahifa/fonts/fontawesome/
75 KB
75 KB
Font
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/fonts/fontawesome/fontawesome-webfont.woff2?v=4.7.0
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx / Agius.Cloud 1.2.0
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Origin
https://consulteportal.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
x-content-type-options
nosniff
server
nginx
x-powered-by
Agius.Cloud 1.2.0
x-xss-protection
1; mode=block
etag
"61ff7169-12d68"
content-type
font/woff2
SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
fonts.gstatic.com/s/droidsans/v12/
22 KB
22 KB
Font
General
Full URL
https://fonts.gstatic.com/s/droidsans/v12/SlGWmQWMvZQIdix7AFxXmMh3eDs1Zw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
06c572e99c878362d40d1f358efdfe400ae1310f35cf22174dcdd5db022dd810
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://consulteportal.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 07 Feb 2022 21:36:56 GMT
x-content-type-options
nosniff
age
338254
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22340
x-xss-protection
0
last-modified
Thu, 20 Feb 2020 02:52:18 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Tue, 07 Feb 2023 21:36:56 GMT
SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
fonts.gstatic.com/s/droidsans/v12/
21 KB
21 KB
Font
General
Full URL
https://fonts.gstatic.com/s/droidsans/v12/SlGVmQWMvZQIdix7AFxXkHNSbQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Droid+Sans%3Aregular%2C700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a615849237c0ce94e73fc69d86e5f9c58bdaca8d9756a5ff4c88fa86b14e6177
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://consulteportal.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Tue, 08 Feb 2022 17:11:07 GMT
x-content-type-options
nosniff
age
267803
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
21232
x-xss-protection
0
last-modified
Thu, 20 Feb 2020 01:56:42 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 08 Feb 2023 17:11:07 GMT
BebasNeue-webfont.woff
consulteportal.com.br/wp-content/themes/sahifa/fonts/BebasNeue/
20 KB
20 KB
Font
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/fonts/BebasNeue/BebasNeue-webfont.woff
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
e8c2e4d6ab0ad2f055a6cc3c777d31531e665758db5ca815f2613afad72f7088

Request headers

Referer
https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Origin
https://consulteportal.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
font/woff
etag
"61ff7169-4e1c"
expires
Thu, 31 Dec 2037 23:55:55 GMT
stripe.png
consulteportal.com.br/wp-content/themes/sahifa/images/
93 B
131 B
Image
General
Full URL
https://consulteportal.com.br/wp-content/themes/sahifa/images/stripe.png
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/wp-content/themes/sahifa/style.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
23c79bb552706be2ca97bdb259921e3269a5263326b147676c2f7909a45b58c9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/wp-content/themes/sahifa/style.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/png
etag
"61ff7169-5d"
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
ajax.googleapis.com/ajax/libs/jquery/1.11.3/
94 KB
33 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 18:53:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2456
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33507
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 11 Feb 2023 18:53:34 GMT
version.json
sdki.truepush.com/sdk/
176 B
568 B
XHR
General
Full URL
https://sdki.truepush.com/sdk/version.json
Requested by
Host: sdki.truepush.com
URL: https://sdki.truepush.com/sdk/v2.0.3/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:f000:7:6b7b:1000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
53b432abc7b7bca1b37ea5a8eff17f1cf42c6bfee994afdac382516816eba433

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 10:09:41 GMT
via
1.1 86ef89199388021c33b079c598103b12.cloudfront.net (CloudFront)
last-modified
Mon, 07 Dec 2020 13:02:02 GMT
server
AmazonS3
age
1761890
etag
"1750846158a87898512de997f08483cc"
access-control-allow-methods
GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
x-cache
Hit from cloudfront
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
176
x-amz-cf-id
fxFNWYmCDb2g28CtsPYL9Zp3MlU_Dx_5q4jVMG0_iSzwAuRRzJuV4w==
analytics.js
www.google-analytics.com/
49 KB
20 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-10134671-18
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
7176
date
Fri, 11 Feb 2022 17:34:54 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 11 Feb 2022 19:34:54 GMT
show_ads_impl_with_ama_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/
290 KB
104 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1855656437358103
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
71120292c1c264d86922684ad25cc91b9b8c5c29858161f775196aedbbc4cc44
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
106665
x-xss-protection
0
server
cafe
etag
8713683620373320681
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
expires
Fri, 11 Feb 2022 19:34:30 GMT
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220209/r20190131/ Frame 411F
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220209/r20190131/zrt_lookup.html
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-1855656437358103
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4612
x-xss-protection
0
date
Thu, 10 Feb 2022 23:38:04 GMT
expires
Thu, 24 Feb 2022 23:38:04 GMT
cache-control
public, max-age=1209600
age
71786
etag
18247940800414524076
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
main.js
sdki.truepush.com/sdk/v2.0.3/
79 KB
19 KB
Script
General
Full URL
https://sdki.truepush.com/sdk/v2.0.3/main.js
Requested by
Host: sdki.truepush.com
URL: https://sdki.truepush.com/sdk/v2.0.3/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:f000:7:6b7b:1000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
42e4b568436b29320d64d25114e0c6681f90282220ce6424bf116d7409397e5c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 14 Jan 2022 17:00:48 GMT
content-encoding
gzip
last-modified
Wed, 21 Apr 2021 12:15:13 GMT
server
AmazonS3
age
2428422
etag
"6369b5c5aba753aa8b3a30edadc685f9"
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 1764af62d635a1a6ee51aabc37405452.cloudfront.net (CloudFront)
cache-control
max-age=864000
x-amz-cf-pop
FRA53-C1
accept-ranges
bytes
content-length
18730
x-amz-cf-id
C29_NuVYhd0gRg3DD107qcjfErC_kevWWtIDvZ3Q3Bht8CJmLY1jGA==
styles.css
a.mailmunch.co/app/v1/
21 KB
3 KB
Stylesheet
General
Full URL
https://a.mailmunch.co/app/v1/styles.css
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:d200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
437e6e23bb4219f1dd245da75b1729666e71fbf31985189fa35be75702b8cab9

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 22:01:33 GMT
content-encoding
gzip
age
163978
x-cache
Hit from cloudfront
content-length
2274
access-control-allow-origin
*
last-modified
Wed, 02 Feb 2022 12:43:01 GMT
server
AmazonS3
etag
"03b337327aac06a9af9f7c89aa2a93c7"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/css
via
1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=172800
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
x-amz-cf-id
ZjAJqcalsVKbhWcAYbSAqldYHDVIA_KG7tL5GWU0MCEFRwpkWTfPBw==
683108
forms.mailmunch.co/sites/
108 B
594 B
XHR
General
Full URL
https://forms.mailmunch.co/sites/683108
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.205.36.100 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-205-36-100.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
72cba973a13281d33ddcf12be4f495c0ecc6608ab483fc8f14c7de4b5027d0fb

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:30 GMT
Via
1.1 vegur
Server
Cowboy
X-Powered-By
Express
Etag
W/"6c-D9jONak4dU8PNA/gGxuGj57baMo"
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-MM-Comp-Tracking, X-MM-EU-Continent, X-MM-T
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept, X-MM-Form-Tool, X-MM-Coupons
Content-Length
108
truepushSDKPlatfromDetails
sdk.truepush.com/api/v2/ Frame
0
0
Preflight
General
Full URL
https://sdk.truepush.com/api/v2/truepushSDKPlatfromDetails
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.59.203.101 , India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
Software
/ Express
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type
Origin
https://consulteportal.com.br
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

X-Powered-By
Express
Access-Control-Allow-Origin
https://consulteportal.com.br
Vary
Origin, Access-Control-Request-Headers
Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Headers
content-type
Content-Length
0
Date
Fri, 11 Feb 2022 19:34:31 GMT
273675347_2755220564784573_7166934461724435849_n.webpfull.jpg
consulteportal.com.br/wp-content/uploads/sb-instagram-feed-images/
66 KB
66 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/uploads/sb-instagram-feed-images/273675347_2755220564784573_7166934461724435849_n.webpfull.jpg
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
a857f96865a3f84bef5d55176d17c4683d0b2c4aa5deec4575243c7f7e872bed

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/jpeg
etag
"6205b52f-1086d"
expires
Thu, 31 Dec 2037 23:55:55 GMT
273574223_366914821550933_6513511802795901856_n.webpfull.jpg
consulteportal.com.br/wp-content/uploads/sb-instagram-feed-images/
47 KB
47 KB
Image
General
Full URL
https://consulteportal.com.br/wp-content/uploads/sb-instagram-feed-images/273574223_366914821550933_6513511802795901856_n.webpfull.jpg
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
45.55.51.225 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
ac11106.empregos
Software
nginx /
Resource Hash
109b034825b816394cf881b86316dbf3df78c3f0ed832e211a7e580390c6d44b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
cache-control
max-age=315360000
server
nginx
content-type
image/jpeg
etag
"6205b52f-bb71"
expires
Thu, 31 Dec 2037 23:55:55 GMT
gpt.js
securepubads.g.doubleclick.net/tag/js/
80 KB
27 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10406/denakop.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
c97bb3ca107ce9dff21b27d98703b6b7e6cd813d252ce8b1afb1bca174ce49fb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
27174
x-xss-protection
0
server
sffe
etag
"1129 / 346 of 1000 / last-modified: 1644581193"
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Fri, 11 Feb 2022 19:34:30 GMT
prebid.js
tags.denakop.com/
279 KB
83 KB
Script
General
Full URL
https://tags.denakop.com/prebid.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10406/denakop.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4cbd0db8a560e9f9a31aba536d913ac14e2a172ba3ca1027bb4f167d1381a63b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
br
cf-cache-status
HIT
age
453
cf-polished
origSize=286016
cf-ray
6dc003d98eea5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 13 Dec 2021 21:17:47 GMT
server
cloudflare
etag
W/"61b7b87b-45d40"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, must-revalidate, max-age=3600
timing-allow-origin
*
cf-bgj
minify
consulteportal.com.br.js
tags.denakop.com/10406/
125 KB
27 KB
Script
General
Full URL
https://tags.denakop.com/10406/consulteportal.com.br.js
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/10406/denakop.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b8418d945d198bcd16959f0ca3380b229e4242a9db124a741e89c2c4cd4c4a5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Thu, 10 Feb 2022 21:11:30 GMT
server
cloudflare
etag
W/"62057f82-1f419"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, must-revalidate, max-age=3600
cf-ray
6dc003d98ee55b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-bgj
minify
truepushSDKPlatfromDetails
sdk.truepush.com/api/v2/
1 KB
2 KB
XHR
General
Full URL
https://sdk.truepush.com/api/v2/truepushSDKPlatfromDetails
Requested by
Host: sdki.truepush.com
URL: https://sdki.truepush.com/sdk/v2.0.3/main.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.59.203.101 , India, ASN18229 (CTRLS-AS-IN CtrlS Datacenters Ltd., IN),
Reverse DNS
Software
/
Resource Hash
ae30adfee35b575d449c46a59e67b77a6c57d24ee05b04a4dbe469623e372a82
Security Headers
Name Value
Content-Security-Policy img-src * data:
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

Content-Security-Policy
img-src * data:
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Vary
Origin, X-HTTP-Method-Override, Accept-Encoding
X-XSS-Protection
0
Referrer-Policy
no-referrer
X-Frame-Options
SAMEORIGIN
Date
Fri, 11 Feb 2022 19:34:31 GMT
Expect-CT
max-age=0
Strict-Transport-Security
max-age=15552000; includeSubDomains
X-Download-Options
noopen
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://consulteportal.com.br
Transfer-Encoding
chunked
ETag
W/"561-a14fUMxqdIuXgK0Il7k9Br6duhw"
Access-Control-Allow-Credentials
true
collect
www.google-analytics.com/j/
1 B
21 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=1882310399&t=pageview&_s=1&dl=https%3A%2F%2Fconsulteportal.com.br%2F&ul=en-us&de=UTF-8&dt=Consulte%20Portal%20%E2%80%93%20Oportunidades%20de%20emprego%2C%20est%C3%A1gios%2C%20jovem%20aprendiz%2C%20concursos%2C%20an%C3%BAncios%20de%20empregos%2C%20an%C3%BAncios%20de%20vagas%20de%20emprego%2C%20an%C3%BAncios%20de%20empregos%20em%20jornais%2C%20site%20de%20anuncios%20de%20empregos%20gratuitos%2C%20site%20de%20anuncios%20de%20empregos%2C%20anuncios%20de%20empregos%20gratuitos%2C%20emprego%20pela%20internet%2C%20procurar%20emprego%2C%20sites%20de%20emprego%2C%20conseguir%20emprego%2C%20divulga%20empregos%2C%20trabalho%20volunt%C3%A1rio%20sp%2C%20aplicativos%20de%20emprego%2C%20home%20office%2C%20vagas%20home%20office%2C%20trabalho%20em%20casa%2C%20processo%20seletivo%2C%20recrutamento%2C%20mercado%20de%20trabalho%2C%20terceiro%20setor%20oportunidades%2C%20trabalhe%20conosco.%20Vagas%20de%20emprego%20SP%20%C3%A9%20um%20site%20criado%20para%20a%20divulga%C3%A7%C3%A3o%20di%C3%A1ria%20de%20vagas%20de%20empresas%2C%20institui%C3%A7%C3%B5es%2C%20RH%E2%80%99s%2C%20volunt%C3%A1rios%2C%20terceiriza%C3%A7%C3%B5es%2C%20corpora%C3%A7%C3%B5es%20e%20todo%20o%20tipo%20de%20organiza%C3%A7%C3%A3o%20n%C3%A3o%20governamental%20que%20contribui%20para%20o%20mercado%20de%20trabalho.%20Imobili%C3%A1rio%2C%20Listas%20de%20aluguel%2C%20Ag%C3%AAncias%20e%20corretoras%20imobili%C3%A1rias%2C%20Desenvolvimento%20de%20propriedade%2C%20Listagens%20de%20bens%20materiais%2C%20Servi%C3%A7os%20de%20mudan%C3%A7a%20dom%C3%A9stica%2C%20Bancos%2C%20Cart%C3%B5es%20de%20cr%C3%A9dito%20e%20d%C3%A9bito%2C%20Certificados%20e%20contas%20a%20prazo%2C%20Internet%20banking%2C%20Private%20Banking%2C%20Bolsas%20de%20estudo%2C%20subs%C3%ADdios%20e%20ajuda%20financeira%2C%20Financiamento%20estudantil%2C%20Contabilidade%20e%20auditoria%2C%20Declara%C3%A7%C3%A3o%20e%20planejamento%20de%20impostos%2C%20Cart%C3%B5es%20de%20cr%C3%A9dito%2C%20Gerenciamento%20e%20consolida%C3%A7%C3%A3o%20de%20d%C3%ADvidas%2C%20Relat%C3%B3rios%20de%20cr%C3%A9dito%20e%20servi%C3%A7os%20de%20relat%C3%B3rios%2C%20Cr%C3%A9dito%20imobili%C3%A1rio%20do%20governo%2C%20Empr%C3%A9stimos%20com%20garantia%20imobili%C3%A1ria%20e%20linhas%20de%20cr%C3%A9dito%2C%20Empr%C3%A9stimos%20para%20refinanciamento%20da%20casa%2C%20Hipoteca%20atrelada%20apenas%20ao%20pagamento%20dos%20juros%2C%20Hipotecas%20de%20im%C3%B3veis%20para%20loca%C3%A7%C3%A3o%2C%20Hipotecas%20de%20juros%20fixos%2C%20Alugu%C3%A9is%20e%20financiamentos%20de%20casas%2C%20Cr%C3%A9dito%20e%20empr%C3%A9stimo%20sem%20garantia%2C%20Cr%C3%A9dito%20pessoal%2C%20Empr%C3%A9stimo%20comercial%2C%20Hipotecas%20comerciais%2C%20Empr%C3%A9stimos%20com%20aliena%C3%A7%C3%A3o%20da%20propriedade%2C%20Empr%C3%A9stimos%20de%20emerg%C3%AAncia%20e%20para%20o%20dia%20do%20pagamento%2C%20Empr%C3%A9stimos%20pessoais%20e%20linhas%20de%20cr%C3%A9dito%2C%20Leasing%20de%20autom%C3%B3veis%2C%20Financiamento%20automotivo.&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBACUABBAAAAC~&jid=1224990860&gjid=470688330&cid=2117562331.1644608071&tid=UA-10134671-18&_gid=1912235956.1644608071&_r=1&gtm=2ou290&did=dZTNiMT&gdid=dZTNiMT&z=513398867
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie.js
partner.googleadservices.com/gampad/
225 B
420 B
Script
General
Full URL
https://partner.googleadservices.com/gampad/cookie.js?domain=consulteportal.com.br&callback=_gfp_s_&client=ca-pub-1855656437358103
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
76d9481e23807702e585bf0363685e03251e228865f7b27308f010189f0b8c45
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
text/javascript; charset=UTF-8
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
integrator.js
adservice.google.de/adsid/
107 B
792 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=consulteportal.com.br
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
549 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=consulteportal.com.br
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fconsulteportal.com.br%2F&tn=DIV&cls=background-cover&ign=false&pw=1600&ph=1200&x=0&y=1060.8
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=ach_evt&url=https%3A%2F%2Fconsulteportal.com.br%2F&tn=DIV&cls=background-cover&ign=false&pw=1600&ph=1200&x=0&y=0
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ads
googleads.g.doubleclick.net/pagead/ Frame C3E3
149 KB
43 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&adk=3046330955&adf=2044148826&lmt=1644608070&plat=1%3A16777216%2C2%3A16777216%2C3%3A32%2C4%3A32%2C9%3A32904%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C30%3A1081344%2C32%3A32&format=0x0&url=https%3A%2F%2Fconsulteportal.com.br%2F&ea=0&flash=0&host=ca-host-pub-2644536267352236&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070508&bpp=4&bdt=470&idt=151&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&nras=1&correlator=2865320610276&frm=20&pv=2&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=2&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=32768&bc=31&ifi=1&uci=a!1&fsb=1&dtd=167
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0636a9c2555964f82ef58cdae2df38b99cd57eb87acc3d6356a5a3c6542ee080
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 11 Feb 2022 19:34:31 GMT
server
cafe
content-length
43800
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 11 Feb 2022 19:34:31 GMT
cache-control
private
ads
googleads.g.doubleclick.net/pagead/ Frame E76F
81 KB
30 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
82ee4652668b1770191d857cebb7c8f403b91effbe430715a2a308136913a2db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
br
date
Fri, 11 Feb 2022 19:34:31 GMT
server
cafe
content-length
30744
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires
Fri, 11 Feb 2022 19:34:31 GMT
cache-control
private
pubads_impl_2022020801.js
securepubads.g.doubleclick.net/gpt/
357 KB
119 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
sffe /
Resource Hash
8f4b70778aa21c1c093c6acbad70c70b2e69d4d22e47d9405ee137db16ca050b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:03:03 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1887
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
122244
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 09:34:27 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type
text/javascript
cache-control
public, immutable, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
expires
Sat, 11 Feb 2023 19:03:03 GMT
ppub_config
securepubads.g.doubleclick.net/pagead/
147 B
134 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=consulteportal.com.br
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
0719f2a768579e4cc98a0cb91a570d1e8905cbeb67a86838001c11e259c6d733
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private, max-age=3600, stale-while-revalidate=3600
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
109
x-xss-protection
0
expires
Fri, 11 Feb 2022 19:34:30 GMT
api.gif
tags.denakop.com/
0
410 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=p&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608070812&cb=0.34305308138761625
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:30 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003daa90a5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
settings-1644593160.json
a.mailmunch.co/forms-cache/683108/
1 KB
1 KB
XHR
General
Full URL
https://a.mailmunch.co/forms-cache/683108/settings-1644593160.json
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:d200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d1a8a8690f6159e281cfc9a287e8dab64c36c20ead13c1880ab15e1334862b4a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 15:32:34 GMT
content-encoding
gzip
vary
Accept-Encoding
age
14517
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Fri, 11 Feb 2022 15:26:08 GMT
server
AmazonS3
etag
W/"855befafface5a6382777d46c5cbc183"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
application/json; charset=utf-8
via
1.1 1b18b0df6149933160ee945c6867dc2c.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=31556952
x-amz-cf-pop
DUS51-P1
x-amz-cf-id
0B0JlqFIYCOrOe9JPKPHXecKi6zpWyccqH0kG3icS52954AtrCGG8g==
popover.js
a.mailmunch.co/app/v1/
9 KB
3 KB
Script
General
Full URL
https://a.mailmunch.co/app/v1/popover.js
Requested by
Host: ajax.googleapis.com
URL: https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:d200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c74949ccc30d960afd18a0fa7a18bc89ce22df320748298c8c027c836ac6a539

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 01:47:25 GMT
content-encoding
gzip
age
64040
x-cache
Hit from cloudfront
content-length
2246
access-control-allow-origin
*
last-modified
Wed, 02 Feb 2022 12:42:57 GMT
server
AmazonS3
etag
"bcbc750dbbe5b2c3f5ee72267be487d5"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/javascript
via
1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=172800
x-amz-cf-pop
DUS51-P1
accept-ranges
bytes
x-amz-cf-id
zuG5OSmEtf946Je_i1zwZOkeKIxacEE1cIbbjiZEDKcfN_UYWJr0Kw==
index-1639107844.html
a.mailmunch.co/forms-cache/683108/849921/
110 KB
39 KB
XHR
General
Full URL
https://a.mailmunch.co/forms-cache/683108/849921/index-1639107844.html
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:d200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
22d0e4edd0c97ed165ae59f06677086d986ad00ea793ce7b466b56b92aa7b266

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 10 Dec 2021 08:21:52 GMT
content-encoding
gzip
vary
Accept-Encoding
age
5483560
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Fri, 10 Dec 2021 03:44:14 GMT
server
AmazonS3
etag
W/"400d3c45f27b1ac010738589687c13f0"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/html; charset=utf-8
via
1.1 1b18b0df6149933160ee945c6867dc2c.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=31556952
x-amz-cf-pop
DUS51-P1
x-amz-cf-id
aSPaWbzRrYcP66WrjI75BoH-FNIxJp3pMBKslmvK6gqQ0cgFey0vfA==
index.css
a.mailmunch.co/v2/themes/mailmunch/simple/popover/ Frame 5C57
8 KB
4 KB
Stylesheet
General
Full URL
https://a.mailmunch.co/v2/themes/mailmunch/simple/popover/index.css
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/app/v1/site.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:224a:d200:4:c961:9640:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c0c394da8d74dbd52fb6b05fe19e4c01b583af5dda0cafdb2df0788e0c402dba

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 23:51:13 GMT
content-encoding
gzip
vary
Accept-Encoding
age
157411
x-cache
Hit from cloudfront
access-control-allow-origin
*
last-modified
Wed, 08 Jan 2020 12:44:12 GMT
server
AmazonS3
etag
W/"356ca1b91209d27c3d0787851b99e4fd"
access-control-max-age
3000
access-control-allow-methods
HEAD, GET, POST, PUT, DELETE
content-type
text/css
via
1.1 2b483ab832506bc86647b6ceba38dc9e.cloudfront.net (CloudFront)
access-control-expose-headers
ETag
cache-control
max-age=172800
x-amz-cf-pop
DUS51-P1
x-amz-cf-id
uF6pOGv1lvMcRjju8ZEaSMWQHMtooW9YlNh4puFHDFJqVGjlsHZ-jQ==
css
fonts.googleapis.com/ Frame 5C57
5 KB
660 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:700,400
Requested by
Host: a.mailmunch.co
URL: https://a.mailmunch.co/v2/themes/mailmunch/simple/popover/index.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4b31f597e9852f3e8ef045d9f6032a8ecfe9d8e5c6cde3196c6964e193fe6615
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://a.mailmunch.co/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 18:14:12 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 11 Feb 2022 19:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Feb 2022 19:34:31 GMT
reactive_library_fy2019.js
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/
150 KB
53 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/reactive_library_fy2019.js?bust=31064825
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5b28f2855e57c8643dee5bd9709d83a52140be2ce80d56fe02863e359de0389c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54547
x-xss-protection
0
server
cafe
etag
12986313438274563527
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=1209600
timing-allow-origin
*
expires
Fri, 11 Feb 2022 19:34:31 GMT
truncated
/ Frame 5C57
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc139bb571ba15adcd2e6f37859679ce715e5de67720f0724595e5b8a6dfe9b5

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v27/ Frame 5C57
44 KB
44 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:700,400
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://consulteportal.com.br
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 09:58:52 GMT
x-content-type-options
nosniff
age
34539
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
44656
x-xss-protection
0
last-modified
Thu, 28 Oct 2021 00:30:43 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 11 Feb 2023 09:58:52 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=consulteportal.com.br
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=consulteportal.com.br
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
zrt_lookup.html
googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/ Frame 6D16
10 KB
5 KB
Document
General
Full URL
https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
4612
x-xss-protection
0
date
Thu, 10 Feb 2022 23:36:39 GMT
expires
Thu, 24 Feb 2022 23:36:39 GMT
cache-control
public, max-age=1209600
age
71872
etag
18247940800414524076
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
css2
fonts.googleapis.com/ Frame 6D16
4 KB
634 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto:wght@400;700&display=swap
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 17:40:44 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 11 Feb 2022 19:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Feb 2022 19:34:31 GMT
feedback_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6D16
205 B
743 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/feedback_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 12:10:09 GMT
x-content-type-options
nosniff
age
26662
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
205
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 11 Feb 2023 12:10:09 GMT
settings_grey600_24dp.png
www.gstatic.com/images/icons/material/system/2x/ Frame 6D16
604 B
694 B
Image
General
Full URL
https://www.gstatic.com/images/icons/material/system/2x/settings_grey600_24dp.png
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 18:49:59 GMT
x-content-type-options
nosniff
age
2672
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
604
x-xss-protection
0
last-modified
Tue, 22 Oct 2019 18:15:00 GMT
server
sffe
vary
Origin
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
image/png
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Sat, 11 Feb 2023 18:49:59 GMT
interstitial_ad_frame_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame 6D16
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/interstitial_ad_frame_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:29:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
282
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
8079
x-xss-protection
0
server
cafe
etag
5902764951541284931
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:29:49 GMT
css
fonts.googleapis.com/ Frame E755
8 KB
888 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Google%20Sans%3A400%2C500
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 17:36:44 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 11 Feb 2022 19:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Feb 2022 19:34:31 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame E755
1 KB
954 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:23 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame E755
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:28:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
340
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:28:51 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame E755
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:32:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:32:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E755
124 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644410386637351"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:31 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame E755
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:30 GMT
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame E755
27 KB
12 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/html/r20220209/r20110914/zrt_lookup.html?fsb=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 14:21:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
105202
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 11 May 2022 14:21:09 GMT
bidRequest
c2shb.pubgw.yahoo.com/ Frame
0
0
Preflight
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.157.246.167 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-157-246-167.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-type,x-openrtb-version
Origin
https://consulteportal.com.br
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
ATS/9.1.0.33
access-control-allow-origin
https://consulteportal.com.br
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-headers
X-Requested-With,Content-Type,X-Openrtb-Version
access-control-allow-credentials
true
access-control-max-age
600
age
0
prebid
ib.adnxs.com/ut/v3/
27 KB
11 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4d72e121e6414f0db7700ee7b5cfb3f17341194adde652a63fd005ecd151e748
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 11 Feb 2022 19:34:31 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
3f99c1e6-ddb8-447b-84b3-4d9ee20986ff
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://consulteportal.com.br
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
v1
prg.smartadserver.com/prebid/
0
343 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:31 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
v1
prg.smartadserver.com/prebid/
0
343 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:31 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
v1
prg.smartadserver.com/prebid/
0
343 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:31 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
v1
prg.smartadserver.com/prebid/
0
343 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:30 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
v1
prg.smartadserver.com/prebid/
0
343 B
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.96 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:30 GMT
vary
Origin
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache,no-store
access-control-allow-credentials
true
content-type
application/json; charset=UTF-8
content-length
0
prebid-request
onetag-sys.com/
15 B
368 B
XHR
General
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

strict-transport-security
max-age=15552000
content-encoding
gzip
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-transform, no-cache
access-control-allow-credentials
true
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
content-length
41
bidRequest
c2shb.pubgw.yahoo.com/
66 B
99 B
XHR
General
Full URL
https://c2shb.pubgw.yahoo.com/bidRequest
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
85564387b8c51f31a300060509d0126d69fa349e7eeed675e6b9affe0f092caf

Request headers

Referer
https://consulteportal.com.br/
x-openrtb-version
2.5
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://consulteportal.com.br
access-control-allow-credentials
true
content-length
66
fastlane.json
fastlane.rubiconproject.com/a/api/
261 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23648&site_id=401834&zone_id=2250872&size_id=15&alt_size_ids=16%2C232&rf=https%3A%2F%2Fconsulteportal.com.br%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=4bc488a3-2fbe-4d76-833d-b6d70d89aace&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.43028714971639825
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
5914b7f0f1f50a92aa385db730e252b008d77899afc0a62506ba5c5e874ac034

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:31 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://consulteportal.com.br
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
261 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23648&site_id=401834&zone_id=2250872&size_id=15&alt_size_ids=16%2C232&rf=https%3A%2F%2Fconsulteportal.com.br%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=36522abe-2f71-43b1-8d48-c1392c3dd4ff&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.8285964488442461
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
1026fcb73fb1a15f6d5e68385511113f8c40b7ef86a2a38f578cc2621e0214a2

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:31 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://consulteportal.com.br
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
261 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23648&site_id=401834&zone_id=2250872&size_id=15&alt_size_ids=16%2C232&rf=https%3A%2F%2Fconsulteportal.com.br%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=c12dab50-70cb-4b38-8e74-6fad280ea886&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.019453614373771577
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
dafaefdf8bdad0fb2ee2ed172dfbfcc6ef1227614e094b0cd71b9207ffbcfcbc

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:31 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://consulteportal.com.br
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
261
Expires
Wed, 17 Sep 1975 21:32:10 GMT
fastlane.json
fastlane.rubiconproject.com/a/api/
260 B
1 KB
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23648&site_id=401834&zone_id=2250872&size_id=2&alt_size_ids=55&rf=https%3A%2F%2Fconsulteportal.com.br%2F&tk_flint=pbjs_lite_v5.20.0&x_source.tid=47fc4ead-f9c0-4cf3-82ba-2dfa841c0977&p_screen_res=1600x1200&rp_secure=1&rp_maxbids=1&slots=1&rand=0.7046710720773486
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
2602:803:c004:200::140 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.16.0 /
Resource Hash
7f284e12eb95657cff313442d191444703dcf3da8b5c7158c6b1656361d8191d

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:31 GMT
Server
nginx/1.16.0
Vary
Accept-Encoding
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
https://consulteportal.com.br
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json
Content-Length
260
Expires
Wed, 17 Sep 1975 21:32:10 GMT
prebid
ib.adnxs.com/ut/v3/
612 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
52beff4f0451de4950d8151aa4aae0c3828f1f1139d634d497e1924d8ad93259
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

Date
Fri, 11 Feb 2022 19:34:31 GMT
Content-Encoding
gzip
Transfer-Encoding
chunked
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Connection
keep-alive
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
X-XSS-Protection
0
Pragma
no-cache
AN-X-Request-Uuid
9ed4d1fe-e079-45f1-a232-5c18ab181978
Server
nginx/1.17.9
Vary
Accept-Encoding
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://consulteportal.com.br
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Expires
Sat, 15 Nov 2008 16:00:00 GMT
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a969520017575db52c1db9c58170010&cmd=bid&secure=1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
038159e3c290af5e6df691f78ddc73d8be95e03d197bfc112ac4cd11f4b59360

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://consulteportal.com.br
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
296 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a969520017575db52c1db9c58170010&cmd=bid&secure=1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
6ab26cf4413be7aebe15958c9464d2993e42d4ed4bf306e9d58845b53dbdd804

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://consulteportal.com.br
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
62 B
92 B
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a969520017575db52c1db9c58170010&cmd=bid&secure=1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
f7e71cb147c3e4876cfd1609b3f0808d72fd977903bcc5ab705271741d6fd147

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://consulteportal.com.br
access-control-allow-credentials
true
content-length
62
bidRequest
c2shb.ssp.yahoo.com/
6 KB
6 KB
XHR
General
Full URL
https://c2shb.ssp.yahoo.com/bidRequest?dcn=8a96983d017575db4b3edb9ac0dc0015&pos=8a96983d017575db4b3edb9d8d750019&cmd=bid&secure=1
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
18.156.195.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-195-47.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
0dfb1017b3f967a81f1ad1c155c54a1f79af835718ee2046766121338f6f0b44

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
ATS/9.1.0.33
age
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-methods
POST,GET,HEAD,OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
https://consulteportal.com.br
access-control-allow-credentials
true
content-length
6136
bids
prebid-us.creativecdn.com/bidder/prebid/
0
183 B
XHR
General
Full URL
https://prebid-us.creativecdn.com/bidder/prebid/bids
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
185.184.10.30 , Poland, ASN203690 (RTB-HOUSE-ASH, PL),
Reverse DNS
ip-185-184-10-30.rtbhouse.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://consulteportal.com.br/
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://consulteportal.com.br
date
Fri, 11 Feb 2022 19:34:31 GMT
access-control-allow-credentials
true
access-control-max-age
3600
vary
Origin
access-control-allow-methods
POST
ROS
pbjs.e-planning.net/hb/1/480f9/1/consulteportal.com.br/
Redirect Chain
  • https://pbjs.e-planning.net/pbjs/1/480f9/1/consulteportal.com.br/ROS?rnd=0.19742482969812603&e=300x250_0%3A300x250%2C336x280%2C580x400%2B300x250_1%3A300x250%2C336x280%2C580x400%2B300x250_2%3A300x25...
  • https://pbjs.e-planning.net/hb/1/480f9/1/consulteportal.com.br/ROS?ct=1&r=pbjs&rnd=0.19742482969812603&e=300x250_0%3A300x250%2C336x280%2C580x400%2B300x250_1%3A300x250%2C336x280%2C580x400%2B300x250_...
429 B
848 B
XHR
General
Full URL
https://pbjs.e-planning.net/hb/1/480f9/1/consulteportal.com.br/ROS?ct=1&r=pbjs&rnd=0.19742482969812603&e=300x250_0%3A300x250%2C336x280%2C580x400%2B300x250_1%3A300x250%2C336x280%2C580x400%2B300x250_2%3A300x250%2C336x280%2C580x400%2B728x90_0%3A728x90%2C970x90&ur=https%3A%2F%2Fconsulteportal.com.br%2F&pbv=5.20.0&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2Fconsulteportal.com.br%2F
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Server
5.178.65.246 Amersfoort, Netherlands, ASN50673 (SERVERIUS-AS, NL),
Reverse DNS
ads.us.e-planning.net
Software
openresty /
Resource Hash
07f6decefd1b385e41f2b2320b15a71fa6fb600121f5b2c14ea974614472424b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
openresty
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
access-control-allow-origin
https://consulteportal.com.br
expires
Fri, 11 Feb 2022 19:34:31 GMT
cache-control
max-age=0, no-cache
access-control-allow-credentials
true
content-type
application/json
content-length
429
x-sid
AMS-605

Redirect headers

date
Fri, 11 Feb 2022 19:34:31 GMT
server
openresty
access-control-allow-origin
https://consulteportal.com.br
p3p
policyref="http://ads.us.e-planning.net/p3p/eplanning.p3p", CP="NOI DSP COR NID CURa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV"
location
/hb/1/480f9/1/consulteportal.com.br/ROS?ct=1&r=pbjs&rnd=0.19742482969812603&e=300x250_0%3A300x250%2C336x280%2C580x400%2B300x250_1%3A300x250%2C336x280%2C580x400%2B300x250_2%3A300x250%2C336x280%2C580x400%2B728x90_0%3A728x90%2C970x90&ur=https%3A%2F%2Fconsulteportal.com.br%2F&pbv=5.20.0&ncb=1&vs=FFFF&crs=UTF-8&fr=https%3A%2F%2Fconsulteportal.com.br%2F
access-control-allow-credentials
true
content-type
text/html; charset=iso-8859-1
x-sid
AMS-605
/
analytics.mailmunch.co/event/
35 B
344 B
Image
General
Full URL
https://analytics.mailmunch.co/event/?site_id=683108&widget_id=849921&event_name=views&cache=1644608071496&referrer=https%3A%2F%2Fconsulteportal.com.br%2F&visitor_id=9fbffa76-8242-4398-9cbc-aac1b963ea7f
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
3.232.242.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-232-242-170.compute-1.amazonaws.com
Software
Cowboy / Express
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:31 GMT
Via
1.1 vegur
Server
Cowboy
X-Powered-By
Express
Transfer-Encoding
chunked
Content-Type
image/gif
Access-Control-Allow-Origin
*
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 401C
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169456
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
css
fonts.googleapis.com/ Frame E76F
6 KB
670 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 19:34:27 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 11 Feb 2022 19:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Feb 2022 19:34:31 GMT
load_preloaded_resource_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame E76F
1 KB
875 B
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/load_preloaded_resource_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
68
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
848
x-xss-protection
0
server
cafe
etag
2277666839114365613
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:23 GMT
abg_lite_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame E76F
19 KB
8 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:28:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
340
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
7817
x-xss-protection
0
server
cafe
etag
7051432691878289762
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:28:51 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame E76F
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:32:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
136
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:32:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame E76F
124 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644410386637351"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:31 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame E76F
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
61
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:30 GMT
ff20f166b0acb5bbc58563e896201b58.js
www.gstatic.com/mysidia/ Frame E76F
27 KB
11 KB
Script
General
Full URL
https://www.gstatic.com/mysidia/ff20f166b0acb5bbc58563e896201b58.js?tag=mysidia_one_click_handler_one_afma_2019
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 14:21:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
105202
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/mysidia
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
11452
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 06:53:13 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="mysidia"
vary
Accept-Encoding
report-to
{"group":"mysidia","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/mysidia"}]}
content-type
text/javascript
cache-control
public, max-age=7776000
accept-ranges
bytes
expires
Wed, 11 May 2022 14:21:09 GMT
adview
googleads.g.doubleclick.net/pagead/ Frame E76F
0
0
Fetch
General
Full URL
https://googleads.g.doubleclick.net/pagead/adview?ai=C66EpRroGYsvoLMOX1fAP05OP-AL_9ImmaNSDsJSjD9rZHhABIMayviNglbqAgpgHoAH_3p-UAcgBCakCVUaomQ8hsz6oAwHIA8sEqgTkAU_Qnc4IvdftIcc_Xi_gNXoZePohjXanMZUwM7KjsL_ENYaT3c64yaLiTTyJV8iqSfWPZHKFHjoE5MVi4xft_O3FzoTBnLWHRtoBJngbUG6NCvzJbwWP6QPUM4AbDLg3IThZ3o8YWLylvFFdb0FyxnhaVMdZ3r6n_EODFZOFRGYsvxcPQWKb59Lrw9GS7yU_vBh7lGgLBwd_U4VsnuFAtuzo4S2JDMe3xNs6ODQLruhNf0pfY6PhWX8-818vTB8kKNMfaxhNneaKuqTJzENKn3rLFAr8RfvQtsKLm_Px7UnF9mAwP8AEuLHnqoIEkgUECAQYAZIFBAgFGASgBi6AB-mg4OsCqAeOzhuoB5PYG6gH7paxAqgH_p6xAqgH1ckbqAemvhvYBwDyBwQQ_do60ggJCIDhgBAQARgfgAoByAsB2BMNiBQB0BUBmBYBgBcBshccChoIABIUcHViLTE4NTU2NTY0MzczNTgxMDMYAA&sigh=FEmDHy8ecIY&uach_m=[UACH]&template_id=484
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
date
Fri, 11 Feb 2022 19:34:31 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 11 Feb 2022 19:34:31 GMT
2076313506083323656
tpc.googlesyndication.com/simgad/9029644551192003514/ Frame E76F
45 KB
45 KB
Image
General
Full URL
https://tpc.googlesyndication.com/simgad/9029644551192003514/2076313506083323656
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0199e862df7ad2f070799607872ef943351a65658b572f3305818a5d72b7d3b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Mon, 07 Feb 2022 06:01:27 GMT
x-content-type-options
nosniff
age
394384
x-dns-prefetch-control
off
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
45754
x-xss-protection
0
last-modified
Fri, 21 Jan 2022 12:29:38 GMT
server
sffe
report-to
{"group":"content-ads-owners","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/content-ads-owners"}]}
content-type
image/jpeg
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="content-ads-owners"
expires
Tue, 07 Feb 2023 06:01:27 GMT
truncated
/ Frame E76F
220 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
af8b8852aac239c3c3ae4dc25794896f8c851d1716bc55a099441b59f448f146

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ Frame E76F
213 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1831fbde2aeb785cc1b8690bfcb85be88eda1279096e122e7b132d73de59830a

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E76F
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 09:48:03 GMT
x-content-type-options
nosniff
age
35188
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15688
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:19 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Sat, 11 Feb 2023 09:48:03 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E76F
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 17:56:19 GMT
x-content-type-options
nosniff
age
178692
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15828
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:28 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 09 Feb 2023 17:56:19 GMT
KFOlCnqEu92Fr1MmSU5fBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ Frame E76F
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto%3A300%2C400%2C700
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://googleads.g.doubleclick.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 17:58:32 GMT
x-content-type-options
nosniff
age
178559
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15732
x-xss-protection
0
last-modified
Wed, 22 Sep 2021 16:13:20 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Thu, 09 Feb 2023 17:58:32 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 8E12
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-1855656437358103&output=html&h=242&slotname=7324071698&adk=764607872&adf=1022892729&pi=t.ma~as.7324071698&w=290&fwrn=4&lmt=1644608070&rafmt=11&psa=0&format=290x242&url=https%3A%2F%2Fconsulteportal.com.br%2F&flash=0&host=ca-host-pub-2644536267352236&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&dt=1644608070512&bpp=2&bdt=474&idt=172&shv=r20220209&mjsv=m202202080101&ptt=9&saldr=aa&abxe=1&prev_fmts=0x0&nras=1&correlator=2865320610276&frm=20&pv=1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=1&rplot=4&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=999&ady=300&biw=1600&bih=1200&scr_x=0&scr_y=0&eid=42531397%2C31064733%2C31064825%2C44756431%2C44758228%2C31062931&oid=2&pvsid=2592607545491287&pem=498&tmod=1281853975&uas=0&nvt=1&eae=0&fc=1920&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7CeE%7C&abl=CS&pfx=0&fu=128&bc=31&ifi=2&uci=a!2&fsb=1&xpc=yG1nVyHvij&p=https%3A//consulteportal.com.br&dtd=178
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169456
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
sodar
pagead2.googlesyndication.com/getconfig/
13 KB
10 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20220209&st=env
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
5dea9fadd73b5ab48310aacd81562164b521da81fa8083ca6afff184dc0e241f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9865
x-xss-protection
0
css
fonts.googleapis.com/
5 KB
614 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Nunito+Sans:400,600,700
Requested by
Host: client
URL: about:client
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3f30dd590395286337ce5b7b31925de09159c5b6028764afbad58e2f8cc829ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 11 Feb 2022 17:46:44 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Fri, 11 Feb 2022 19:34:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 11 Feb 2022 19:34:31 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=a&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608071872&cb=0.9093621160194241&aa=intext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003e14efc5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=a2&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608071873&cb=0.16847831254210943&aa=intext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003e14efe5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=a2&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608071873&cb=0.7312920656386597&aa=intext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003e14eff5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=a&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608071874&cb=0.7126619994630627&aa=under
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003e14f015b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
integrator.js
adservice.google.de/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.de/adsid/integrator.js?domain=consulteportal.com.br
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
integrator.js
adservice.google.com/adsid/
107 B
122 B
Script
General
Full URL
https://adservice.google.com/adsid/integrator.js?domain=consulteportal.com.br
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control
private, no-cache, no-store
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
100
x-xss-protection
0
ads
securepubads.g.doubleclick.net/gampad/
67 KB
23 KB
XHR
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2592607545491287&correlator=3157944015491234&output=ldjh&eid=31063377%2C44756431%2C44758228%2C31062931%2C44755510&output=ldjh&gdfp_req=1&vrg=2022020801&ptt=17&impl=fifs&sc=1&sfv=1-0-38&ecs=20220211&iu_parts=21715141650%3A33480318%2Cdesktop_intext%2Cdesktop_under&enc_prev_ius=%2F0%2F1%2C%2F0%2F1%2C%2F0%2F1%2C%2F0%2F2&prev_iu_szs=336x280%7C300x250%7C580x400%2C336x280%7C300x250%7C580x400%2C336x280%7C300x250%7C580x400%2C970x90%7C728x90&prev_scp=dk_refresh%3Dtrue%26index%3D1%26hostname%3Dconsulteportal.com.br%26pathname%3D%252F%26placement_name%3Dintext%7Cdk_refresh%3Dtrue%26index%3D2%26hostname%3Dconsulteportal.com.br%26pathname%3D%252F%26placement_name%3Dintext%26hb_format%3Dbanner%26hb_size%3D336x280%26hb_pb%3D0.15%26hb_adid%3D45fc58533914979%26hb_bidder%3Dappnexus%7Cdk_refresh%3Dtrue%26index%3D3%26hostname%3Dconsulteportal.com.br%26pathname%3D%252F%26placement_name%3Dintext%7Cdk_refresh%3Dtrue%26index%3D1%26hostname%3Dconsulteportal.com.br%26pathname%3D%252F%26placement_name%3Dunder%26hb_format%3Dbanner%26hb_size%3D728x90%26hb_pb%3D0.28%26hb_adid%3D4646d0d6eeff3b7%26hb_bidder%3Dappnexus&cookie=ID%3D276008c41dcaf4ae-2296ab733ccd00c3%3AT%3D1644608070%3ART%3D1644608070%3AS%3DALNI_MaDDaQQ8YDUhd3uI6o_s9Gy1pRiDA&bc=31&abxe=1&dt=1644608071901&lmt=1644608071&dlt=1644608070038&idt=759&frm=20&biw=1600&bih=1200&oid=2&adxs=322%2C322%2C322%2C0&adys=416%2C1196%2C1976%2C0&adks=4163497950%2C908794655%2C3321725992%2C859550183&ucis=1%7C2%7C3%7C4&ifi=4&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&flash=0&dmc=8&url=https%3A%2F%2Fconsulteportal.com.br%2F&vis=1&scr_x=0&scr_y=0&psz=620x-1%7C620x-1%7C620x-1%7C1600x2426&msz=620x-1%7C620x-1%7C620x-1%7C970x-1&ga_vid=2117562331.1644608071&ga_sid=1644608071&ga_hid=1882310399&ga_fc=true&fws=0%2C0%2C0%2C512&ohw=0%2C0%2C0%2C0&btvi=0%7C0%7C1%7C0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&nvt=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f2.1e100.net
Software
cafe /
Resource Hash
aaf41e16a9e36530e0a71ce3b18eb32e915ad26e9f0e61ee7c610933ac888682
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
23339
x-xss-protection
0
google-lineitem-id
-1,-1,-1,-1
pragma
no-cache
server
cafe
google-creative-id
-1,-1,-1,-1
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://consulteportal.com.br
cache-control
no-cache, must-revalidate
access-control-allow-credentials
true
timing-allow-origin
*
expires
Fri, 01 Jan 1990 00:00:00 GMT
container.html
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 36A7
6 KB
4 KB
Document
General
Full URL
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202202080101/show_ads_impl_with_ama_fy2019.js?client=ca-pub-1855656437358103&plah=consulteportal.com.br&bust=31064825
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:33 GMT
container.html
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame A957
6 KB
3 KB
Document
General
Full URL
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 8AF5
6 KB
3 KB
Document
General
Full URL
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame EF6A
6 KB
3 KB
Document
General
Full URL
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
container.html
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/ Frame 4B0A
6 KB
3 KB
Document
General
Full URL
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/gpt/pubads_impl_2022020801.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin
*
content-length
3108
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, immutable, max-age=31536000
last-modified
Tue, 02 Mar 2021 20:17:03 GMT
content-type
text/html
age
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/
262 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0f266202b591aab2563e8ef52fcc7cf8d2358f48600ad7f52bc62462787dca01

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml
pixel
googleads.g.doubleclick.net/xbbe/ Frame E96A
624 B
297 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNWaaZClvxQTLhvE1lE27h7C3qa4Jds5Dmx_nG4gy9bNzWcXHnmq3y28h646j6JzmhdDC4yYZ4KIoIpKl-LkmXS4eqQtmHcJi9pazOWMYvOUoP8km1Vt64ccFfaq_u3YmwNjJ1FKnueu0ud30fVF2WuXPJtyPdfD2MdHUFr283-Hth2cPhEhmO9bI-2uzONo4VwwprU6OlDip79C3HGFvVcqxvFjWQ
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 11 Feb 2022 19:34:32 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame EF6A
80 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3MXngfh8ytZG4sVRaM_r1ptHTWhlbV-Ch5FTDHQnmCw9JVcEsNh5j2BnvvqofB-MR-zIIkDEClbUADYrRSd_dnmAOR2FTyiUHJSjBtCalw8MMaaFe28aGzUABAPuQVqa-9kOVSr_xXRoYQLNnMjhGiVqGHw&dbm_d=AKAmf-D85ylrqbfafWBc9mZ-dQM0a6w6m5DDDCnn1DrLf4ygJYL36-0Z6BM5bJMF9D8zfjuIw_xh-aaxph23ez5Z141UdmR2ujR-LAbFoCX0bZ4HH6BAgEzoghdTYlpvE2T18T_6mOYO4wqmYuQ-qtQbnylB00tkhvOp6vShY4lrLSiqkuDQZDqI9K4emQt3_nA50T0KBjIQvIvF1ng6iDVR4LPe9Q-JiIUhDKH7MhoYKSLmY7AsLtRSAj0JzoZI5AW4n9DStVxp7lSKRKBpx8VKQb5CeIxveqeHHoNcKNB8dx9a4mypAFDu2AzYJ8_la3D866ijrzKOZEBRHTBibei8C59IOQ5yi5jcPZ-q1PNUUTZ5aUO4WDUVJjYS1IBZf4JOSs3Uh0R1e4l859bu1mkB1mXq1Vt40_QXkV4MRukwyqbzeHR2sk1px4CAdx13EX5hYXVoJ786DxJnZkdtZHVGJBYOaUKwtwgOWBeBRlUabxN67DLK0A5iB3WKmvugkoiPRs42Q69U2DVLWlKzG2l1cepbwL5qFLg1ndJ-wIEHvldG6w-hVhUA3sHvYV2Y7I1qDm2NGfLiLGV4gR-Bd31qRl5YdmsPLU9I_3kiQ_WCFt3bTwFSM0OV3epOzlhpc5cgLoQG6O8bcbYuzLGcGOCRz-qdJYAvc_jSqG-9O2nl1Hf_iq5hlGYWBv4ZBruk9rWsJFfA0wb8-pLXYh88J4f_lV8HxLqnSjwBaNiOzBxa-1DodtJHlgi4q_zbr5xekjnJt-YeCRjzCcXRkrEyg4nUL2ya_xgEE9fZyHB2t__HASSd-E1cKA6X63_7VM-3i39gAYiKAZPNUJtnIEQQL89T2mu0-TEsVwJrkKP6fNFIluLpybzxW-n5c9R-cUkPtDo1os_z6x2jeRv8uqLLmf-Ni7yP4861OALKZzTqaSfaLx9zJQdAIdP181JCyyiyZbNV8E0N2gA4AlCgbBKUur7gBmSqm_2U-mQxTuFT68G00cpKwDNdS77Q2rDe39TZ9tiEItzfYQkbMGmFFI52sFMk8SnXSnoBQXKFzdsShkF1AYBJVNbhNhIJAGZiFnY2G0ouZXRQrU5OuKI5zdL7ONRkA2KUQkhq1r1TEtC0m_nOHMo44EZtQ6sLXDQO4-UdbD--hPOIYKSzXnijvr7d1o30uWuRqoENZA16ZD6wK_TRRitiZh1nnKBTR2RbFqtminrzd9Vo0s094hLqJhmDWRN51QcYWf9Q13H0Y_UKDookMb_xjVoSrA1nntWvg_YFr1pvFp59VHJE7TNLgR6i5SGsqqdbR6KRzO9TG6dU0zwQS4TJAvfB0VOWpO318tcWZfgJL7p16hNWsdxD0NUkEBAMVNAk41DEHYWQQDU12QeyX61vRuNOHLpfdUpf7AuH7F1wjcMfraAPJolpQGErIk9S1-9WskNjoM7zZ0zCJrOc6ueEctETtywnZCleF_igUlUALuOHlLuJgXtEkCR62G5eZqggIv6gCJaL1XiuCRHIDPaA96vKOd4zwxPbsvXEdv-BnGswrT-cp_2V6BIR9HxZ9VMYnSttjotkZkBBoLtRuMAk3yo88LqYTUN7PX5SUAOIVJlcjhbdezURupfCqzVuOFwNS2MFbDo1qdxjAynB7nngCOTYLmvRX_67CByR-3UUmPaRYckasdrOQl769gH0ncCkOr9r1LpXarIGi8_5qP3WLIIqMETGdHtmppZBdrDZAxkPLVsAk4_ACVeo0oBjbC8Pg4eZ01tzEMfo1PS_v8IJVXMvSvl69zY30gbI2w_xFVD-3vJSjS5vG9q9gTefgQRLcz9is8JIjJsBP6B7JbgkIOBdjrZX-rNkiNyG0bVtVnSQytrauWwwNJQkEOCKSdG1g74f93G8xuWrKBcWpeZTb_3ydSVDPJA80NZCbRvhbjXxiIlC-gEGaID2w2l3v6C0_xgTffvVVKnz3Dve8brfAoYUILPcUK7P8UhPztEsGygSn7y1Gp7VR9dccUhOXA9oLSjzi83J7UuqRKxPVFP7oJ0rTxOwfprKPgJV8efaJ1YCl44JVaKLsE8sCvBLQ8rd4YcPFCamXJstr-KNf5y2W7qZIgEJ1ngULmDSypwzHMRHd0JkmspM68dQ5QVL15gt1UiW446koCI_b-pirZDhrh7pKFIwkbk-Ps0tFY-qfJ-XzIoDnxwPdQcP36Oi0I2NEzef3pE6pag4Q7L9vyUOdME_XANcUj10odALm1i4dhuxLh8Z_77ieHnQORfBlLZ4jvwosuuOlmSilHhcrC86B1f6dqDaIb_tznfWUjtX6tdJA6607uYMbFWC5lCWS_g5lu3Q9I3ltGEHXa0s4-CMA-HgdOlgG9ftiummmnZjphjKDuAWwq2Tz9HXCrde908CWmwXpEllomexN3C5730Y88OBKTFbUAQ8p7NQbgVZhrbj2YYXwQlWyEjdd_PaUz6u1HAYEpSy0_f_4Y9BkxTuQgsoyi_fM2Hi9xxPQrft_9cNEj6mraU_PewfP8vjj-ng3qaK1fbFxn6CN6-m0lcnZxU56ShYUSXWTHJ96GWxx1qZGV4DoBlYsZ3VedlTeZI7uqRtPcrklxIoM99QeX9ssFtIeikFRsaAX3aG8Rgn-lOSXEtI0rByfrenoZ2iAQF9qTLCXeGo0YGrElQv5WmJVc2PJy4L2az5a5zliAPTajdcQACF7kVGwetGgJXkyX5lQpGY4Fi4diY92Ol31XjNl93WXoZopPFORu8tJNrelnpKxjwpjKIy6jtjxzDFjmJVx_QYvK4SvAE86gzzjwH3cKANFep1l8Se-1snveMEXhbD4DxGJwm4Yr5sQ__43bfZik5FKr0W9V8L5fDmS5bPCB5FpQBsk_CjPSNe9BkTgKJVKpejx7MtIR6p-Vw0tXEiujDkR2PGejrZlAp8lKet6vxobwE9vy6VckjaXZ8vcA1AJJX5SQYFY3PNol-W1CShDalNzIM33Yyn47XKpfmIwbXKHmU6gF9jHgFuDJ4A-ocw73MSCoJQcM5QrrX0SmwgT7VJUh9MfkC4wdNREOs89PqgO6c&cid=CAASEuRossnlJ9Qd1L8MCGjyTvEWcg&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
2422933c30df509b7f90bccb83fb8e17c37db3308efa4dc5d8304a76bbf193ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32584
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame EF6A
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C0T8S1Hncwyud7bB5ZzEsmXRElPOwZoqYSOZpqgJSd-pBig9f7u6iHKl7XCyc-kMCpbC1_GdXIOUzx9p19gQ6BQ8hvZFFVJZTQaXfKsBIzonrIAUM
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame EF6A
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:32:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
137
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:32:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame EF6A
124 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644410386637351"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame EF6A
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:30 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 7B59
624 B
297 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi4_qO-ATAB&v=APEucNVzF-MWoCha0sI5ri2LkRpczmI9YHYPMCUJRHxqblP0ksmqThqFIeTUqeg-FHfUwTU63_dhDt5QMl5YC6tmJivXK7aQJlvV5OVAfAEaHPetpy1YusXLrh48PVk06QZyzL8ZEkQIW_XO7W2DeR7vpA3dieaDA_e8RF6CN27VCMT-z5CywzpIH1zoFK-jeCBHdhQ_N-1q-RFMYP_iyaycjDRLvdoBSw
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 11 Feb 2022 19:34:32 GMT
server
cafe
cache-control
private
content-length
276
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 4B0A
80 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABxR-5agjX14ZEMxsA4FZw7r7pybVU17g4wYXZhh16HudMHtej-odr5TynX_xFjaAkYHCQDEyJ_YlYWKcRFb6At4aHs_s1WZ-CPY78X5kPsiz5_XGOsO2b6ogoPw4UGQ2ykpXXER3FfQqp2CG34QiEDnnlvA&dbm_d=AKAmf-CDowlPYliEPLxqbpEtdkk6bsdq1DWEM-d4SSM64BTe-O3znqrOoiCztFhfCt46Mh6xMXxuh1Lg9aAiKYkIh-ytknz-hzGESCGwhGJl1yGZTU2GbKND4VkokW15K9uRWmixXx2Jfm52yVtcOg_qHHj8OjkqpUf6PRdKNYCACbC6EuBPMyg8Jut8mGtwegLovh_hH_ACckaL6YHCOJjBt4tpIUcghg8PAfJL8NBTNydsvP5ZtNvtG9S14QUJ32wvV4o2f25acs7rJAvzvHTRN8MOkXa18qhBZGbG7d4wOYiMAiJBAsU2Ldwlo0Tdtw0QtwUu0LhxkaL73d-1soZ63ISeTN0XzAkw1yrZGRbP9kv-fkWYGUpHPyl5t_9aBFoAcddnOc39E16Sg_-N4EZ3-u3dxWmz1GsQRuvXOv6hK65qkD0lClQVZQVdERPOHd9rCOOalMVswioYWrkzVEe0Jvid-2jhco2hDAqA0I2IbPGCf-wBPhcN6yAiaNyzoe7sTJm60e-oYeB-6DFsHLXkzjAXJmp0aDdViz4EhZzoIc8G7uwp1AJaouliB-I46cOa3t-V-Uf0qnrjb9I_VqyGkjKvOUva6mPrScHI0SDB7YUpu5QIjZpsG5p5i5SOlb4htkt6dZgZSoryjMMzy2pHftoat3VkfRh8eNILLkNYF5flK0pUnxkmQffrFb6X62AGJ7ZbQRC3RLaxNGUHwBABlUItI2mnlaGkb6D44r3AMiboP3isMOQdFOCe0NoBdglWiUb_NKRTWDpHWnLx5tdfrNQlAcb3vRTrA-Iqg1s9hyZprBv-WyQ6TyqFJguNG8VtN18CnErzSd8FEESTpwKblUIWmen4Ie89O1iyXgZp_wRpCCtOWwvF1UpZn8crP5IZxB619omrqIfzSohChg9JkO3BFlRh8iqDnXMAUzjhbb4CjuvKsXkiLChSKnQwa1ZBuDBnKgrG9MJS_AGlkH6KdkF4uLxyvzPuN6yfzHDqXPplHHIc-iUKFiGPB9Su1FI4KEcBaat7no5Gi8_vkINhVoSJarsiTB5dapH5C8PUdTRR9fqWPXTCbsa4WZOU2yLuFl56rsdiDQHyg_pnk8kgtnjtmcxj3yvxCGt4pg0IFIHjEJGnceXgrx-ETMo7xulj9mJPY65XchoqX1iF34KJwns9YZmTb2-7mkshyYWEOiIi7_UZ-UjmmGmWOMjvIkenZiYZGgapwVJEl1J3ngHoTWnvm5os19eHQjcGd4n9CVNAJeZcpG3vNXOQt6tc7QeMoad5DLku65t0amvU8Kli9JnV45AapUZ-fM3JAl18bovioshcRjuTjE9e6WjUv6FTe9T_ewI3E-u5SG4DYS87gYQnydToC9XS2qvuKp4fEHNOsET0bJ-8AeuQT2Ol_l19CMyZTumy5qzTFD2oEW7Or51d2VZMUC-RQ_dRUyPPIg8VXrykoz7RLJXNYNmY87nkgxt35qFzZfFT8kvwdUjbeGeOUbpyxtj8BYYh8_cBbie6CGrtEiQ3Zv9idR8maskBQCVsTSRQBFojWxy3uSLtvrkCJDCGlW0FKiVnjrAF4IvYYqjFtIsvFpp4NycSNcLSNLeJnv614UIQUcItLqPqFaVVVRc-KXZbLgQ5ksK9r_pJBQkkFUnYkzAFBKvMu05FK3tD_7x9Pht_yMAEyyc7_BQACyhVZ97Dq2HDjvyZ6OrX1aRbwChQqAtpv90MFgZa8EewZt1H5fpGpEzLd3yOmCClTbaLXvo3DJ9Vbz7J3RphfHAlprx0JJl8KW4xIKPM3CSQEvjnkPCW1Fmehgjn4b3RZ9tNxjrloW6xCyaIHuRGWoD5ZCZ-BLQxuw2JAKy3yjDPnoubhRgwEjRwk8XsyK-u428DkauFnv9quH2LBWUlPCuoOUsRKUtar79_54EsPPLGvtzieTrOiOB9BzujSHiKwR3SKrOLwahc19fdhvmnqp5dfVGrlqfRHQlwyfmxHLzk2fdCU_ESOc1ohkl8kApeUPc-Tf2CAVb6qtoDbSwdlZF97x00btRHGFEEK0p3Ccn9gAhQ0mdAqnMoxW0AqSlDiFONnW3BC0tPLgl7hMTUq13NzpkGQjSq2ZA_2tARTpX3S56F_3Zjei8OmciLZNXXcD1H3Nfn1ZfKTXingdLcTuOZazTV-xSkecVXusD89CWLrVz0h5PAQ2qBP6439VnNinMX5kai38JBEcu6JCRoiApkAOfMhiURGzw7flA38dpOkiyXOwSLGUY_yHjQxoSBCKyRL0o-Jebfp3UPgvrHgUOvKCkCRmuVrajIBWK168TZwylNZYesfIamaXiV3O48XL93tau5qJi9fRtZ99FYYNMTxnHyoVHBVBM2lUFVeeshHDzVcPW_THc0iTGwAqZGWBFpg5MHjzLBYrB-65MsB0tgcb0gqxuu7h5W2GUQy_H4mgrOMaZqdZEh1RNLKWYjTt6HRynbYUdit5QbgEibLBT6DV6j7CFiNyASWbrlztblZE2urHInT6PoNl9VJO2QYgNik4fOPmJKA51D8mma0wYBjsLTejC3KvZAUF-6nd05yzuGYK6uEH7YB-Rh6Sv7KZeZctSnrhA-pxhlmswUsxcWTaer_lplxmvv52iX6Qx95NNda2b6hmiavbg8iv2mNYB156gYzkb8OcrVuYH8tgRQzgSMpMK7Kanmf1ayJda7BM7eguCOKqjiRGG9GQnSuyDIhfdEmgEGwXf_51U4luY0lKMbUjNOpv6wHqLimfuFdl54L7zqXTJm11yn5dypqJjZ1GCD0No1rqU-vcoac5C7pv_PVxmVGPjwsvj5KEUYSCxvEtoz4rLNo0MUQBj9bPetadUdu5m7sRxDKPb0uR7IFJmnhWObeSrDpTRZy--WRmHYtKETxewBCz5z71uPCJwPFW_BfD9o1Mw075Vq3OwhOgWwbIUgc9bhSvDfjZo_WqBFRIU9dOrO7eSvm8jANOVcIDEJlFfiA7DrnAptBEVFFZY4Num4QV2cVn7K-z4zl1r4TSyAwc8UUH4q5IC1NlXo_GRaOxIT0DtlqOBP21jfXnI&cid=CAASEuRoIU4AkzLJ-_0RYV-gv-1qAQ&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
88e64ea35e412cf2d2fcafa9a28c6492f60162f5047677236717f91a463ea086
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32667
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 4B0A
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BV3v0laC0Y1lxe-1T-XESXEWiSTdAvBCm66V2eFlHBhCwDn4IKFike5k9MKwWkQX9J_VZV8roP8bCOXqvxnIim8lxvUxt7KdTEtKS4BeFjLUr1rwk
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 4B0A
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:32:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
137
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:32:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 4B0A
124 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644410386637351"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 4B0A
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:30 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 9936
640 B
316 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNW7i3JlcUpuGQ46O5hUYrNqI16S6RkmqMeS3Jysgxe6jgXbf7keWntno2XFA8CUMqWKfBCTjBHGbHMKu_pOvmxj4uns-gVIw9Hv9ZlIEFcW1hzIwh0fP7m_WGkYG65okSHxhOwsp8USUM-6LRwubJDe7nbKoY3wt00VQFKxQw9xfHiysJuRvezeHGp2IbIf7XM261mAM5QuyGFSehRpRQlTfoJCSg
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 11 Feb 2022 19:34:32 GMT
server
cafe
cache-control
private
content-length
295
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame A957
80 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRW4vIOCrozMGVnY6blAnFFgzlrhYNFOd7K8O-4Q3U6n25OOTEZGZ922U1tWM7qjLJlDc-m3iaBoob1fFwbpCjGipVZnZDFyZMiAVfm1R_HqOdNeNTqqvcooehH1HbWZbziV9dCVuy-rFRGeaf0a6DrZn_1Q&dbm_d=AKAmf-BqlyMFXF5I21zmLbEVpjGUESttGqhfn_pf0Rxs410qIYz-JEn4MOhc0qKtGaPV8qAvX2Z-w1t8Mx25JvgPkWoovk1TAarMJ_ZIsptne4ojtvejO6ufB6tXSnbCBuM0OoNIxDYZfB4GyVtZNgugfZwKWlxKlpCcd9v7VCEY_vahY0R1Di6ZQTYBrlCb250GSkoladESTRzXIJ-GJ0Ros9-5GwPrmUwR_sCbIqJbDWbXL3JXlO94J6BoNsL1NlGBHIhUI2Yv5Tezvne-dlC3oJmsMAp1K3CjB33I3_v_vIkbQXFdSi0Rx2J7x69QnTxwzy3bogv_SzM1p8ItLADymoGzDUx9Wh2FqDZDD4MSlw_6LKCxFWwfw84hr92YjAGAQZRfP7EhDmUe2drKwtolDFkv4w48P_je3mUIKEn9luliUiGxcawjqQz77UkfbGzap-7qLzxNZF9wFJaDL8PgJ0w32u8Z_TyMbruRjNGV8ILTTaV_ks-CgQQysNu0Y9J2jKrVAt3NwQp9g37xbU4cvBXss-wl1q3xzxhZTMHFzGDTnhIJJy7EVQ8AWRq0eMasR8VcbGWKS9dw1jh_Rz2PZ4LEbybDKtfPhOhjq4xVO_mktXR3GT4gKuIWGY_nqI6-_3Z-ysfdtZzwo0usOPuuwq2ySKeYgavkVqNqMRrYEspxM7rJogdj0zKzYwW3hfmulWEuCLZ22Ul7w8Czj9Pbt28M-qyCCmA878FpXyUCqnIJ7hWxcPezLYj3uwzRQB_joXPgh9qTyIxVrEaNcF1iq3laHCf2T0GgZFqumomoqgcGpy-aj2KkGSswD1ahXjdObHX8wXszD-skuYQ3NOIKolr4UJ4KctG_GNq6rUUsyMF27D1Jz_aoi5MsoqnBdWj2PvqLCVIbFW61jD00pJHy12Ro8cy38kRkwof1SpAZfpL-UzEDGgvKq-62kvrkhPTh9fwzj5PA9skM54ycH_7O-A4TbayABNLabjzKaue4sY5f3VuUIK1gaPQOufZ0_Qz-1Pimb3futfGToKvs8p_JIZl-LKnTCR_x9taSzDDxQL7NrDy2yLt4hlPOCeuccJI4i1S1Gry-cqfE1QDzklE8mUIbPtMnfmAzQ-jIR34-Kb2GBlaCmXm7Vmo11SEEf1eRn67W8-771KBiduaZAclewJ92_cWDEFTtayWNMrA3o8BFUAJpAX6qwcjOFY_TZKCJpqJrRV5N3YqUvbXsyS3o6pCN7FLoi8MamvsZiBEHR535sHCYwfcuFTZ5DO45EIAADEOn1cAwV-GiK8h3ty3_qPrJP8DIL7TADDEh5RnaqeNzsaK26sx28B98oD7Dp3DAKmRq4CW4gRr8ot3_8F45r50cAM1DTeFwkloNTIUaZ0N-GzjpUPM9lLeS8-E0Nefw7li7F3SsSaEGADIgPNTQcS6Ml75jpV8qDtWCB8dP6Tf0GOHquA-Q_oj0bQaStqPecuoN58GCQrTnPRprmdy4HJvBqdghP-Fus9Mh3HMxb7XnjyByT1u0HXSQNMmcTWiAfTBR222Q8OO4BtBQL-hblFq2LCGADvTe4NCeoDaNrsz9c8PbyIsGqKW0s8fHG8f1-TRwdMe2z3kN_XM1UcmKsYbd8ZgwJ6Lo9V0wTghSngXzalVqW___W4fvCwlAu6J_23yb6U1D4c2vSslOjasXgzOx3ZE0UKZ4LX1TZntAEHwojSmK0RcIGON3IEij4nkSPqwto7KSc3IBl0CT7aJhnz2RpkYNFBqIX1fhAxXdGvLseLmQnsgZCYbSYA9E2xF0VVi5yQINtqR6yO3eFCZXSpn4qRfX58MylhgYFF942T2bPREKUrOQQbqYBqdDJBs6SuxWQ0JfrcutxESHp1QSIJ-7ku2QhtSyX2C4IJuZx-Qz0iVbiM3DbpHheE5tH6jlRrUINOdfmcJbbqP6m5Mt5_2W0dtf9Nu0Grg18-BjQ4BX2KiIwvB21HF2t6ZWxaMYZf77gVXyIFdg5gGxJmKyS-989KuUsmcQqf7c0Lv47QErP5jKPPrO6dyIlcM4W6V842qWvspCAwB48JadooWQ2c9QztesH61PCjTuh181n23e6ycBGs6d9tURZ_iO6lkxYHADum6MUZdqHk-io0QBnmG0iaYnb3sVWQJzdinQ1_Kth4Uc6jMNe_JeB1YWHB5XKHDWyyVfCrfoSI9a7gjGpxfY2PMnMEmBG-Jk4XJVpUC9z11Bv4bH8iN0KtQSQqd4EYmFinVr_gv7ivUuAsc8FTrOL-mxBQxXyCm6xc1bjWtwrnX8gYIluBspxyLsCZxCatg7HcY8AugfTZZLzb8EKQ0Ca38UuXeMo5nmQfuq3vt7DCpuEgFV_duDBnaMFEJlk3075az59RsYj08E9tB76Z7ZX3AK94nYK-sfXyvvRfK2gPQSOasEmlT8V_KhJ8gPydx8UqLyiAmSPS6_8gCkBKYehbzW9zq0sSQYu7pDYfO7IUFs8Ao7g2PvtXYRtRZ-kvvzrcLXtqBYEydsUoo4i2NyJyB1hdy6j4LgTqE4bz5XGRjpDNmWkfanebg5m3MgUzsd7us4TvW8YhRc7dkeIOUOTElH_nduibC-6qj-5haWZi8gJCycvrGUyOsfGtYXkzwl4hX51yTTJ7pfVdd-dQ9E4vT57vBLY7EaaZ9PV3pwHCe5i3mq8uEqzddEN2ISGNWGk8wUyipeQtUxDuuEx9UMqTYtfflqmmMVxX8bW4ea1hzb-3iHiWsJ5dD8Ft-1zqRmZ5LV6138jVrJqWzx-8HipWXAJctezHYz_e4sgob76GBEjMXWiz24g9maXWDJkvMYH8Xp3vNwdaVTidBxaF7gFb2i9LlzomdeR_dH7Ak35zFtwjIMutKLV1eNIBgGhlkuh9I1ZgTqq_gDEa-UEnA2EoNkAbc8KAfbBvSdmugdXbTgsEj6XThCEgO6raYus2r3w7iKUJxZFQBCESEjDcPswLqTu69xUE0uFyKEgW0gADWbMLebWY5_XrioMbmOvL9Hf2n1MN_ZnAE6BDgB3uVpdD2KaNwP8zdzLzZMuSvhQz3-HMM&cid=CAASEuRo8aPOuWLI8cCj3FCr9Bu-Sg&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
49c6ada02581a965fd6689b280033b717427644eb8c18175bbfc7b64b81b985d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32624
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A957
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BZwmGi1cBkONE2kHyx-vxwOo18SCUqRGJN86AFCkShKAxoMXBpnBeRr19SgDtz2hOaxTDI5EQr2Ce6hP_thmdv9Tdy2RAWeFGPU3AtTZdu5d-08sM
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame A957
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:32:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
137
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:32:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame A957
124 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644410386637351"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame A957
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:30 GMT
pixel
googleads.g.doubleclick.net/xbbe/ Frame 1788
640 B
316 B
Document
General
Full URL
https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNXajNAcjhCQkDjaArXvJDDd9GQDJcg0ogiNm2UTUIBwYzVWNjJz7SksXzbLL-1yO_IFb94B6-IYGPDXYfMcH3K8MrcSUmzQCUb5JQWfftsb4vnS8a6QcBzKqc2lpWxSTprezCeAPDZb0jjT4vYhTX865qb9VgGlBZB-HAPBdd1B_edLvA8sEl_ueIZN2zISrR7UM6_uZrMXmofV5bvQDD0UN0TJ5g
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
date
Fri, 11 Feb 2022 19:34:32 GMT
server
cafe
cache-control
private
content-length
295
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
ad
googleads.g.doubleclick.net/dbm/ Frame 8AF5
78 KB
32 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXuk5226jgKY2aUDQGHbqJlkKC_8-K5Q1iBefi33JnzOsV9fy7af_SpT7Zg5NNnOTA9H8y33e6Y3Fu9Yd1x_FioclfR-N-tHe9yCliFOjCbfWxU4gasnqv6B4wqtbZtvMX6up7VsQ4i2Nc3NHfLxAuPUp_XQ&dbm_d=AKAmf-Cfap_I2YF92JMvEtu45NpKfj_NeWxouT6G6hNnyUKKKSPXZWf3D_VwaJrJoRcCiT7hdzrmrCIMxTYCecM0Px63KocklAft4mD_1uo37GkYqY45Sxnn0oJELbiFTLvrGRt6Pd3SECAPNn7AJjdLirTpSALhRyYLtVfqgle7Cin5oH8jxztuzSXXGblaiQZ8QbFGR-95kQ0oJioR98VMB0KD6W1ttPXlyYthu74hWaLDRlfcso044oEs1-AuWa4isinbzcZiznSdQf8K00VQC3Wl3PWop9HBqdohDYSal3b5dJ4KTxglyhA1UgeBdiekCpZtAvXeCzIrm8jCDrJaZJRov5nBqj90G2uUBCDKIIl2gSmsJMeX7xWVZjK5qdtqQLaTE0B6zZOiADTY_lte3pLfZqbGtJIp7eSMODy2M0WTLwALGSr_uUcyZtHHH6S7-jhSNZBrzWjt-YsEnEsTRYfFMYghK-yC74W4-bntajWplMaHOE4Ar5iCmZaKmu_qnhutAT7B8mGaLotI3lkhWI7W4kjbmh8-aO7QstqVzuGRAXC9ARN_qOSaG3sTaDrPn40MjQPN5tKVhJKs78TSRfYZORGt4-LggsWBXVHEcc0Id6Je3mrOr4fh2mTmRpAEfNHzeKvXLWBezRO3jvejX_trfFafK_KprPPnZlu7B_nMGLsCD7yZAfEH91TityGD6KgUVW0et_HfLzzjDXi1k8c7z4ni6ztUqhkyy3Uz8ywGXi2KnscqLweF7mZ5Y1K-_lmit5oTBLq6rvpESXZYioLA5L2DjC5DI9E8lcoQ2ShLRMJSUIjceHzDuu5v4l0-AVDVsaaV3CJ35HtHeWJWyag5W2Ft7KOAvvG1bUbAmMXxyLOsv5Z2q64_xfdtFmMJ7hj8YYv0pk_7RKG_mq9K1ysFcN8h41Q3iX-APW6eAKsbHw1sQMEkkIVCKgy-66_tMWVY_5r7H1iSCr0otqC3TfTxNw_7PvZhZyrg_H8K1KBugIRrk7ugKITWZ0QSRN8xgO8yJGfntKaHGSAe_1M9gKAe7mU8WZd6JhCaNMVca6CrQgoNSFya5JQVCaS9XXoV2p4zMvLNuXxd_MGt8q82QuuBa4ILfi5Ar4lUHP5sI5Yczcxm_Y9ur26Ua9XjkkV-hTxW5FGZnUWEwgPYROGMMyWgzfRRm1-iogJK6z_TjzIpitB-4RyLJVtrKNAsa632Ir7CgzrP_wMxhqMlfoCRzBWgnm7vBPzupLGnGZk38j5VLrL8ctW53l0dcZdcIOX82Ln5oDesiXb8NObfPPhigRIJRVDAdvuLP4c0QEA1LxadSPbmoDEz-e1ni3tOToTD4_quNWgXioA3Dx1zkWwsppY35sQzm124asashKPQKkEnEHjvyHGEC3S_S8yD2YTNCWPrD2drjeP-0ecAiA2iNwDh46t8gGT8a49SRkMWsRU_sePkBES43ZEKGi-Yklbew353mwBoytHRncv-ogFaNJieSqDnLwdiBipuZsh_YUqkROS3of0IPTYdzz0EwqpeBSsX5AqR83SMkj69sdanQKBoZyzFtYNnPIw9XM08PE0Q295p3NvzIB79X0z3MVL_5Tpy5LY3vmraBL0pjJ94Wx5nozGjF2LdMyQ5SbQsRgPYsZf1Z85WZCmfWXMvNeOw2T_WhP5PgbdYRRolF2LQSWTOgCWnMG2XZbcRk_eqUFcFEcut2WpdNm_tuHWShU93LWDW6qLYrvJXw3TsFqxpoQoMDSsX88DnDgUOgNoOYpgeTfnngG0y4XJhKBfkw3EC5TaMIltbpTqzccUIMVezuKMA-a9sKx-aj309iJx5Ln_tBsESqLy-7IFHG2VekMLtw3xQEPKwxGBMNog9rnsK47JVDABpHq1eVFMt1ZnWAeYr0mjHm9kwlVFeO73Pb7uJQCAUFSKAE40xd56QH6EgbA0CeYYZ9nvCyZs7jgphWhhu0H3l_cZQFvun10nGUf_Vp4nXKBTor9BuEFsj1acjos6tDia2DCJvooJlGCwfipE1CfI3hFRPj0B8bnxRDmH3L3Pe5kGmNUJmzVqfwW5RHRRKGknVLfKetkq279XeP41k00N4PMSZK9ryFXdOtiCyHxw9pweyXo1yiQ5rW1nsfezk-10OaGneGtit82X3J9O8b3JtORCiD3FMoZtTFKlhd8bDQkC4TPkxfOXjnyAnPTAJf5cRHNm-3XV18ldpDk1VqcdWrwyHt6ysOrKJy0A7HckYEU-8f6dCi9NhfP0usa3FofHyc46cmv4PcWYoN9e_rOYAHOSinj7HEj8i3cBk0uSyIwQWQAiI3HejPra6PyvKeYx6oPWt-atBazWxgiMXZa7LpwGfjJWwUKSmYpP9RXT72ovnmsEy-ElZ5lBPb2FFix3-xPtwXIHQHz-aaWx6gOFyH6qr3uZOFrNm6kUY_9wRNHT46HfWDAy43PgIUUzaYbKB5ogKFhbRSCB_h5VNokRPHwWkP5huLKPBKw76p5qrc4FnK_UvKFmPkoI74j74cDQYWqTWIn1jRxzQ3G7Ji0z4JuwxBJBdHGW-pgaTQGcnMAvrFpY7tzacyXFf0eNBb2p9euR3uRCq7AfP-9-5iah78qzrLV816dVxWl3i0KawVKacbbOlML3tpvdZeS5odhsOOEdUQO4SCi0-AUgfb1o6RrzFUhzJZkUD_dVDdHYbZ_gBGrY_NNNKaFuBetdELO4mfi8y1cFboetSQklOWif5yJUTtBscu0diF6ZOx5Fh9IBsHs3RYSbHfOyhqrLbOQqCVT71kobSWNzvrvYOcXkupALFtF74HkkvusVFTKXhIgweBgMyysTKLVkJUfbnRgezuOWRmLikEugdsAxqDZ2VEYZNiDkdT-dD4szMxncEMc5H_dgJD6qjVF3e6raj0hTF1XomZPCLxvzw30-2YxxzbsDYTs7dRVXvSA6Frzc5Il9kbhy0pvAM4tMeg-puOb7ph_zEPlXSNWcsJhxINEOHtR6ZK-toRhIeQAH2DwjtAHn3wj1iAHzeMTYXojzSH6sTZPJHrwpc2i2eGkHdvwKWMq4&cid=CAASEuRoUCDgR0866FgjYYHkjXONKA&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
185e052fec954622af7a1ae789eb921176f67fe0342ae5f4033d81bae75aa1ec
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
32615
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 8AF5
42 B
63 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-C5r5Dv-Xrn3E9weaRbqFFq9JDXc6f7riyGKsD20jjBw_DdEk_FCPTIjjiTimyZrR229T-4rw-XSp2xpLEF4l61wVprgd-L5JK3Vrwbqy6jFqpRZsI
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
window_focus_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 8AF5
2 KB
1 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/window_focus_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:32:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
137
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1205
x-xss-protection
0
server
cafe
etag
18074202747124231361
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:32:15 GMT
rx_lidar.js
www.googletagservices.com/activeview/js/current/ Frame 8AF5
124 KB
38 KB
Script
General
Full URL
https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:809::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38562
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="active-view-scs-read-write-acl"
etag
"1644410386637351"
vary
Accept-Encoding
report-to
{"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:32 GMT
qs_click_protection_fy2019.js
tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/ Frame 8AF5
15 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/pagead/js/r20220209/r20110914/client/qs_click_protection_fy2019.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:33:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
62
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6367
x-xss-protection
0
server
cafe
etag
17798303060702513824
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:33:30 GMT
rum
dsum-sec.casalemedia.com/ Frame E96A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
43 B
1014 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNWaaZClvxQTLhvE1lE27h7C3qa4Jds5Dmx_nG4gy9bNzWcXHnmq3y28h646j6JzmhdDC4yYZ4KIoIpKl-LkmXS4eqQtmHcJi9pazOWMYvOUoP8km1Vt64ccFfaq_u3YmwNjJ1FKnueu0ud30fVF2WuXPJtyPdfD2MdHUFr283-Hth2cPhEhmO9bI-2uzONo4VwwprU6OlDip79C3HGFvVcqxvFjWQ
Protocol
HTTP/1.1
Server
92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-254-129.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Feb 2022 19:34:32 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
308
Expires
Fri, 11 Feb 2022 19:34:32 GMT
rum
dsum-sec.casalemedia.com/ Frame E96A
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yga6SEaeh7tzZU2gvZo4AwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
43 B
894 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNWaaZClvxQTLhvE1lE27h7C3qa4Jds5Dmx_nG4gy9bNzWcXHnmq3y28h646j6JzmhdDC4yYZ4KIoIpKl-LkmXS4eqQtmHcJi9pazOWMYvOUoP8km1Vt64ccFfaq_u3YmwNjJ1FKnueu0ud30fVF2WuXPJtyPdfD2MdHUFr283-Hth2cPhEhmO9bI-2uzONo4VwwprU6OlDip79C3HGFvVcqxvFjWQ
Protocol
HTTP/1.1
Server
92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-254-129.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Feb 2022 19:34:32 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame E96A
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
43 B
1004 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNWaaZClvxQTLhvE1lE27h7C3qa4Jds5Dmx_nG4gy9bNzWcXHnmq3y28h646j6JzmhdDC4yYZ4KIoIpKl-LkmXS4eqQtmHcJi9pazOWMYvOUoP8km1Vt64ccFfaq_u3YmwNjJ1FKnueu0ud30fVF2WuXPJtyPdfD2MdHUFr283-Hth2cPhEhmO9bI-2uzONo4VwwprU6OlDip79C3HGFvVcqxvFjWQ
Protocol
HTTP/1.1
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f9769f14-1309-4d32-954c-b40d0ca13cf0
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame E96A
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNWaaZClvxQTLhvE1lE27h7C3qa4Jds5Dmx_nG4gy9bNzWcXHnmq3y28h646j6JzmhdDC4yYZ4KIoIpKl-LkmXS4eqQtmHcJi9pazOWMYvOUoP8km1Vt64ccFfaq_u3YmwNjJ1FKnueu0ud30fVF2WuXPJtyPdfD2MdHUFr283-Hth2cPhEhmO9bI-2uzONo4VwwprU6OlDip79C3HGFvVcqxvFjWQ
Protocol
H2
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
ade11058-7082-4114-88ff-67ff9818ad52
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
rum
dsum-sec.casalemedia.com/ Frame 7B59
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
43 B
1014 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi4_qO-ATAB&v=APEucNVzF-MWoCha0sI5ri2LkRpczmI9YHYPMCUJRHxqblP0ksmqThqFIeTUqeg-FHfUwTU63_dhDt5QMl5YC6tmJivXK7aQJlvV5OVAfAEaHPetpy1YusXLrh48PVk06QZyzL8ZEkQIW_XO7W2DeR7vpA3dieaDA_e8RF6CN27VCMT-z5CywzpIH1zoFK-jeCBHdhQ_N-1q-RFMYP_iyaycjDRLvdoBSw
Protocol
HTTP/1.1
Server
92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-254-129.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Feb 2022 19:34:32 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
308
Expires
Fri, 11 Feb 2022 19:34:32 GMT
rum
dsum-sec.casalemedia.com/ Frame 7B59
Redirect Chain
  • https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
  • https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
  • https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=Yga6SEaeh7tzZU2gvZo4AwAA
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
43 B
894 B
Image
General
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi4_qO-ATAB&v=APEucNVzF-MWoCha0sI5ri2LkRpczmI9YHYPMCUJRHxqblP0ksmqThqFIeTUqeg-FHfUwTU63_dhDt5QMl5YC6tmJivXK7aQJlvV5OVAfAEaHPetpy1YusXLrh48PVk06QZyzL8ZEkQIW_XO7W2DeR7vpA3dieaDA_e8RF6CN27VCMT-z5CywzpIH1zoFK-jeCBHdhQ_N-1q-RFMYP_iyaycjDRLvdoBSw
Protocol
HTTP/1.1
Server
92.122.254.129 Schiphol, Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a92-122-254-129.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 11 Feb 2022 19:34:32 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESEGbFePAV2aq14rukUPkjYws&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
313
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
setuid
ib.adnxs.com/ Frame 7B59
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
  • https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
43 B
1004 B
Image
General
Full URL
https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi4_qO-ATAB&v=APEucNVzF-MWoCha0sI5ri2LkRpczmI9YHYPMCUJRHxqblP0ksmqThqFIeTUqeg-FHfUwTU63_dhDt5QMl5YC6tmJivXK7aQJlvV5OVAfAEaHPetpy1YusXLrh48PVk06QZyzL8ZEkQIW_XO7W2DeR7vpA3dieaDA_e8RF6CN27VCMT-z5CywzpIH1zoFK-jeCBHdhQ_N-1q-RFMYP_iyaycjDRLvdoBSw
Protocol
HTTP/1.1
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
55cf15ba-0ee3-4757-b8aa-2f70daa720ae
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://ib.adnxs.com/setuid?entity=101&code=CAESEILuALxtoMT3kiXckK4lInw&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
290
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 7B59
Redirect Chain
  • https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
  • https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARi4_qO-ATAB&v=APEucNVzF-MWoCha0sI5ri2LkRpczmI9YHYPMCUJRHxqblP0ksmqThqFIeTUqeg-FHfUwTU63_dhDt5QMl5YC6tmJivXK7aQJlvV5OVAfAEaHPetpy1YusXLrh48PVk06QZyzL8ZEkQIW_XO7W2DeR7vpA3dieaDA_e8RF6CN27VCMT-z5CywzpIH1zoFK-jeCBHdhQ_N-1q-RFMYP_iyaycjDRLvdoBSw
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:32 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
9f173038-52cb-49d0-926f-a9bed83ffac9
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=Mjc2OTY3Mjk4OTA3NzE1NzA1OQ%3D%3D
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
sd
us-u.openx.net/w/1.0/ Frame 9936
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNW7i3JlcUpuGQ46O5hUYrNqI16S6RkmqMeS3Jysgxe6jgXbf7keWntno2XFA8CUMqWKfBCTjBHGbHMKu_pOvmxj4uns-gVIw9Hv9ZlIEFcW1hzIwh0fP7m_WGkYG65okSHxhOwsp8USUM-6LRwubJDe7nbKoY3wt00VQFKxQw9xfHiysJuRvezeHGp2IbIf7XM261mAM5QuyGFSehRpRQlTfoJCSg
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
via
1.1 google
server
OXGW/17.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 9936
43 B
120 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNW7i3JlcUpuGQ46O5hUYrNqI16S6RkmqMeS3Jysgxe6jgXbf7keWntno2XFA8CUMqWKfBCTjBHGbHMKu_pOvmxj4uns-gVIw9Hv9ZlIEFcW1hzIwh0fP7m_WGkYG65okSHxhOwsp8USUM-6LRwubJDe7nbKoY3wt00VQFKxQw9xfHiysJuRvezeHGp2IbIf7XM261mAM5QuyGFSehRpRQlTfoJCSg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 9936
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNW7i3JlcUpuGQ46O5hUYrNqI16S6RkmqMeS3Jysgxe6jgXbf7keWntno2XFA8CUMqWKfBCTjBHGbHMKu_pOvmxj4uns-gVIw9Hv9ZlIEFcW1hzIwh0fP7m_WGkYG65okSHxhOwsp8USUM-6LRwubJDe7nbKoY3wt00VQFKxQw9xfHiysJuRvezeHGp2IbIf7XM261mAM5QuyGFSehRpRQlTfoJCSg
Protocol
H2
Server
104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-248.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
cache-control
max-age=0, no-cache, no-store
expires
Fri, 11 Feb 2022 19:34:32 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 9936
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNW7i3JlcUpuGQ46O5hUYrNqI16S6RkmqMeS3Jysgxe6jgXbf7keWntno2XFA8CUMqWKfBCTjBHGbHMKu_pOvmxj4uns-gVIw9Hv9ZlIEFcW1hzIwh0fP7m_WGkYG65okSHxhOwsp8USUM-6LRwubJDe7nbKoY3wt00VQFKxQw9xfHiysJuRvezeHGp2IbIf7XM261mAM5QuyGFSehRpRQlTfoJCSg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-248.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
cache-control
max-age=0, no-cache, no-store
expires
Fri, 11 Feb 2022 19:34:32 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
sd
us-u.openx.net/w/1.0/ Frame 1788
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=openx&google_cm&google_dbm
  • https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
43 B
61 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNXajNAcjhCQkDjaArXvJDDd9GQDJcg0ogiNm2UTUIBwYzVWNjJz7SksXzbLL-1yO_IFb94B6-IYGPDXYfMcH3K8MrcSUmzQCUb5JQWfftsb4vnS8a6QcBzKqc2lpWxSTprezCeAPDZb0jjT4vYhTX865qb9VgGlBZB-HAPBdd1B_edLvA8sEl_ueIZN2zISrR7UM6_uZrMXmofV5bvQDD0UN0TJ5g
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
via
1.1 google
server
OXGW/17.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://us-u.openx.net/w/1.0/sd?id=537072991&val=CAESEELMMLMqDMnyQzPNkHg3ToI&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
295
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cm
us-u.openx.net/w/1.0/ Frame 1788
43 B
305 B
Image
General
Full URL
https://us-u.openx.net/w/1.0/cm?id=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&r=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dopenx%26google_hm%3D%7Bopenx_uuid_base64%7D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNXajNAcjhCQkDjaArXvJDDd9GQDJcg0ogiNm2UTUIBwYzVWNjJz7SksXzbLL-1yO_IFb94B6-IYGPDXYfMcH3K8MrcSUmzQCUb5JQWfftsb4vnS8a6QcBzKqc2lpWxSTprezCeAPDZb0jjT4vYhTX865qb9VgGlBZB-HAPBdd1B_edLvA8sEl_ueIZN2zISrR7UM6_uZrMXmofV5bvQDD0UN0TJ5g
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
server
OXGW/17.1.0
vary
Accept, Accept-Encoding
p3p
CP="CUR ADM OUR NOR STA NID"
via
1.1 google
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
56
expires
Mon, 26 Jul 1997 05:00:00 GMT
um
sync.teads.tv/ Frame 1788
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=teadstv_dbm&google_cm&google_dbm
  • https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNXajNAcjhCQkDjaArXvJDDd9GQDJcg0ogiNm2UTUIBwYzVWNjJz7SksXzbLL-1yO_IFb94B6-IYGPDXYfMcH3K8MrcSUmzQCUb5JQWfftsb4vnS8a6QcBzKqc2lpWxSTprezCeAPDZb0jjT4vYhTX865qb9VgGlBZB-HAPBdd1B_edLvA8sEl_ueIZN2zISrR7UM6_uZrMXmofV5bvQDD0UN0TJ5g
Protocol
H2
Server
104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-248.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
cache-control
max-age=0, no-cache, no-store
expires
Fri, 11 Feb 2022 19:34:32 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://sync.teads.tv/um?eid=3&uid=CAESEGn27d40rTGBb4r6UfUCSS0&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
281
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
um
sync.teads.tv/ Frame 1788
23 B
172 B
Image
General
Full URL
https://sync.teads.tv/um?eid=3&uid=&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_dbm%26google_hm%3D%5BVID_B64%5D
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARiB_aO-ATAB&v=APEucNXajNAcjhCQkDjaArXvJDDd9GQDJcg0ogiNm2UTUIBwYzVWNjJz7SksXzbLL-1yO_IFb94B6-IYGPDXYfMcH3K8MrcSUmzQCUb5JQWfftsb4vnS8a6QcBzKqc2lpWxSTprezCeAPDZb0jjT4vYhTX865qb9VgGlBZB-HAPBdd1B_edLvA8sEl_ueIZN2zISrR7UM6_uZrMXmofV5bvQDD0UN0TJ5g
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.90.104.248 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-104-248.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.7 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
cache-control
max-age=0, no-cache, no-store
expires
Fri, 11 Feb 2022 19:34:32 GMT
server
akka-http/10.2.7
content-length
23
content-type
image/gif
html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame EF6A
169 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
Origin
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 01:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
66833
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60173
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 01:00:39 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame EF6A
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3MXngfh8ytZG4sVRaM_r1ptHTWhlbV-Ch5FTDHQnmCw9JVcEsNh5j2BnvvqofB-MR-zIIkDEClbUADYrRSd_dnmAOR2FTyiUHJSjBtCalw8MMaaFe28aGzUABAPuQVqa-9kOVSr_xXRoYQLNnMjhGiVqGHw&dbm_d=AKAmf-D85ylrqbfafWBc9mZ-dQM0a6w6m5DDDCnn1DrLf4ygJYL36-0Z6BM5bJMF9D8zfjuIw_xh-aaxph23ez5Z141UdmR2ujR-LAbFoCX0bZ4HH6BAgEzoghdTYlpvE2T18T_6mOYO4wqmYuQ-qtQbnylB00tkhvOp6vShY4lrLSiqkuDQZDqI9K4emQt3_nA50T0KBjIQvIvF1ng6iDVR4LPe9Q-JiIUhDKH7MhoYKSLmY7AsLtRSAj0JzoZI5AW4n9DStVxp7lSKRKBpx8VKQb5CeIxveqeHHoNcKNB8dx9a4mypAFDu2AzYJ8_la3D866ijrzKOZEBRHTBibei8C59IOQ5yi5jcPZ-q1PNUUTZ5aUO4WDUVJjYS1IBZf4JOSs3Uh0R1e4l859bu1mkB1mXq1Vt40_QXkV4MRukwyqbzeHR2sk1px4CAdx13EX5hYXVoJ786DxJnZkdtZHVGJBYOaUKwtwgOWBeBRlUabxN67DLK0A5iB3WKmvugkoiPRs42Q69U2DVLWlKzG2l1cepbwL5qFLg1ndJ-wIEHvldG6w-hVhUA3sHvYV2Y7I1qDm2NGfLiLGV4gR-Bd31qRl5YdmsPLU9I_3kiQ_WCFt3bTwFSM0OV3epOzlhpc5cgLoQG6O8bcbYuzLGcGOCRz-qdJYAvc_jSqG-9O2nl1Hf_iq5hlGYWBv4ZBruk9rWsJFfA0wb8-pLXYh88J4f_lV8HxLqnSjwBaNiOzBxa-1DodtJHlgi4q_zbr5xekjnJt-YeCRjzCcXRkrEyg4nUL2ya_xgEE9fZyHB2t__HASSd-E1cKA6X63_7VM-3i39gAYiKAZPNUJtnIEQQL89T2mu0-TEsVwJrkKP6fNFIluLpybzxW-n5c9R-cUkPtDo1os_z6x2jeRv8uqLLmf-Ni7yP4861OALKZzTqaSfaLx9zJQdAIdP181JCyyiyZbNV8E0N2gA4AlCgbBKUur7gBmSqm_2U-mQxTuFT68G00cpKwDNdS77Q2rDe39TZ9tiEItzfYQkbMGmFFI52sFMk8SnXSnoBQXKFzdsShkF1AYBJVNbhNhIJAGZiFnY2G0ouZXRQrU5OuKI5zdL7ONRkA2KUQkhq1r1TEtC0m_nOHMo44EZtQ6sLXDQO4-UdbD--hPOIYKSzXnijvr7d1o30uWuRqoENZA16ZD6wK_TRRitiZh1nnKBTR2RbFqtminrzd9Vo0s094hLqJhmDWRN51QcYWf9Q13H0Y_UKDookMb_xjVoSrA1nntWvg_YFr1pvFp59VHJE7TNLgR6i5SGsqqdbR6KRzO9TG6dU0zwQS4TJAvfB0VOWpO318tcWZfgJL7p16hNWsdxD0NUkEBAMVNAk41DEHYWQQDU12QeyX61vRuNOHLpfdUpf7AuH7F1wjcMfraAPJolpQGErIk9S1-9WskNjoM7zZ0zCJrOc6ueEctETtywnZCleF_igUlUALuOHlLuJgXtEkCR62G5eZqggIv6gCJaL1XiuCRHIDPaA96vKOd4zwxPbsvXEdv-BnGswrT-cp_2V6BIR9HxZ9VMYnSttjotkZkBBoLtRuMAk3yo88LqYTUN7PX5SUAOIVJlcjhbdezURupfCqzVuOFwNS2MFbDo1qdxjAynB7nngCOTYLmvRX_67CByR-3UUmPaRYckasdrOQl769gH0ncCkOr9r1LpXarIGi8_5qP3WLIIqMETGdHtmppZBdrDZAxkPLVsAk4_ACVeo0oBjbC8Pg4eZ01tzEMfo1PS_v8IJVXMvSvl69zY30gbI2w_xFVD-3vJSjS5vG9q9gTefgQRLcz9is8JIjJsBP6B7JbgkIOBdjrZX-rNkiNyG0bVtVnSQytrauWwwNJQkEOCKSdG1g74f93G8xuWrKBcWpeZTb_3ydSVDPJA80NZCbRvhbjXxiIlC-gEGaID2w2l3v6C0_xgTffvVVKnz3Dve8brfAoYUILPcUK7P8UhPztEsGygSn7y1Gp7VR9dccUhOXA9oLSjzi83J7UuqRKxPVFP7oJ0rTxOwfprKPgJV8efaJ1YCl44JVaKLsE8sCvBLQ8rd4YcPFCamXJstr-KNf5y2W7qZIgEJ1ngULmDSypwzHMRHd0JkmspM68dQ5QVL15gt1UiW446koCI_b-pirZDhrh7pKFIwkbk-Ps0tFY-qfJ-XzIoDnxwPdQcP36Oi0I2NEzef3pE6pag4Q7L9vyUOdME_XANcUj10odALm1i4dhuxLh8Z_77ieHnQORfBlLZ4jvwosuuOlmSilHhcrC86B1f6dqDaIb_tznfWUjtX6tdJA6607uYMbFWC5lCWS_g5lu3Q9I3ltGEHXa0s4-CMA-HgdOlgG9ftiummmnZjphjKDuAWwq2Tz9HXCrde908CWmwXpEllomexN3C5730Y88OBKTFbUAQ8p7NQbgVZhrbj2YYXwQlWyEjdd_PaUz6u1HAYEpSy0_f_4Y9BkxTuQgsoyi_fM2Hi9xxPQrft_9cNEj6mraU_PewfP8vjj-ng3qaK1fbFxn6CN6-m0lcnZxU56ShYUSXWTHJ96GWxx1qZGV4DoBlYsZ3VedlTeZI7uqRtPcrklxIoM99QeX9ssFtIeikFRsaAX3aG8Rgn-lOSXEtI0rByfrenoZ2iAQF9qTLCXeGo0YGrElQv5WmJVc2PJy4L2az5a5zliAPTajdcQACF7kVGwetGgJXkyX5lQpGY4Fi4diY92Ol31XjNl93WXoZopPFORu8tJNrelnpKxjwpjKIy6jtjxzDFjmJVx_QYvK4SvAE86gzzjwH3cKANFep1l8Se-1snveMEXhbD4DxGJwm4Yr5sQ__43bfZik5FKr0W9V8L5fDmS5bPCB5FpQBsk_CjPSNe9BkTgKJVKpejx7MtIR6p-Vw0tXEiujDkR2PGejrZlAp8lKet6vxobwE9vy6VckjaXZ8vcA1AJJX5SQYFY3PNol-W1CShDalNzIM33Yyn47XKpfmIwbXKHmU6gF9jHgFuDJ4A-ocw73MSCoJQcM5QrrX0SmwgT7VJUh9MfkC4wdNREOs89PqgO6c&cid=CAASEuRossnlJ9Qd1L8MCGjyTvEWcg&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:31:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
188
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:31:24 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame EF6A
24 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-A3MXngfh8ytZG4sVRaM_r1ptHTWhlbV-Ch5FTDHQnmCw9JVcEsNh5j2BnvvqofB-MR-zIIkDEClbUADYrRSd_dnmAOR2FTyiUHJSjBtCalw8MMaaFe28aGzUABAPuQVqa-9kOVSr_xXRoYQLNnMjhGiVqGHw&dbm_d=AKAmf-D85ylrqbfafWBc9mZ-dQM0a6w6m5DDDCnn1DrLf4ygJYL36-0Z6BM5bJMF9D8zfjuIw_xh-aaxph23ez5Z141UdmR2ujR-LAbFoCX0bZ4HH6BAgEzoghdTYlpvE2T18T_6mOYO4wqmYuQ-qtQbnylB00tkhvOp6vShY4lrLSiqkuDQZDqI9K4emQt3_nA50T0KBjIQvIvF1ng6iDVR4LPe9Q-JiIUhDKH7MhoYKSLmY7AsLtRSAj0JzoZI5AW4n9DStVxp7lSKRKBpx8VKQb5CeIxveqeHHoNcKNB8dx9a4mypAFDu2AzYJ8_la3D866ijrzKOZEBRHTBibei8C59IOQ5yi5jcPZ-q1PNUUTZ5aUO4WDUVJjYS1IBZf4JOSs3Uh0R1e4l859bu1mkB1mXq1Vt40_QXkV4MRukwyqbzeHR2sk1px4CAdx13EX5hYXVoJ786DxJnZkdtZHVGJBYOaUKwtwgOWBeBRlUabxN67DLK0A5iB3WKmvugkoiPRs42Q69U2DVLWlKzG2l1cepbwL5qFLg1ndJ-wIEHvldG6w-hVhUA3sHvYV2Y7I1qDm2NGfLiLGV4gR-Bd31qRl5YdmsPLU9I_3kiQ_WCFt3bTwFSM0OV3epOzlhpc5cgLoQG6O8bcbYuzLGcGOCRz-qdJYAvc_jSqG-9O2nl1Hf_iq5hlGYWBv4ZBruk9rWsJFfA0wb8-pLXYh88J4f_lV8HxLqnSjwBaNiOzBxa-1DodtJHlgi4q_zbr5xekjnJt-YeCRjzCcXRkrEyg4nUL2ya_xgEE9fZyHB2t__HASSd-E1cKA6X63_7VM-3i39gAYiKAZPNUJtnIEQQL89T2mu0-TEsVwJrkKP6fNFIluLpybzxW-n5c9R-cUkPtDo1os_z6x2jeRv8uqLLmf-Ni7yP4861OALKZzTqaSfaLx9zJQdAIdP181JCyyiyZbNV8E0N2gA4AlCgbBKUur7gBmSqm_2U-mQxTuFT68G00cpKwDNdS77Q2rDe39TZ9tiEItzfYQkbMGmFFI52sFMk8SnXSnoBQXKFzdsShkF1AYBJVNbhNhIJAGZiFnY2G0ouZXRQrU5OuKI5zdL7ONRkA2KUQkhq1r1TEtC0m_nOHMo44EZtQ6sLXDQO4-UdbD--hPOIYKSzXnijvr7d1o30uWuRqoENZA16ZD6wK_TRRitiZh1nnKBTR2RbFqtminrzd9Vo0s094hLqJhmDWRN51QcYWf9Q13H0Y_UKDookMb_xjVoSrA1nntWvg_YFr1pvFp59VHJE7TNLgR6i5SGsqqdbR6KRzO9TG6dU0zwQS4TJAvfB0VOWpO318tcWZfgJL7p16hNWsdxD0NUkEBAMVNAk41DEHYWQQDU12QeyX61vRuNOHLpfdUpf7AuH7F1wjcMfraAPJolpQGErIk9S1-9WskNjoM7zZ0zCJrOc6ueEctETtywnZCleF_igUlUALuOHlLuJgXtEkCR62G5eZqggIv6gCJaL1XiuCRHIDPaA96vKOd4zwxPbsvXEdv-BnGswrT-cp_2V6BIR9HxZ9VMYnSttjotkZkBBoLtRuMAk3yo88LqYTUN7PX5SUAOIVJlcjhbdezURupfCqzVuOFwNS2MFbDo1qdxjAynB7nngCOTYLmvRX_67CByR-3UUmPaRYckasdrOQl769gH0ncCkOr9r1LpXarIGi8_5qP3WLIIqMETGdHtmppZBdrDZAxkPLVsAk4_ACVeo0oBjbC8Pg4eZ01tzEMfo1PS_v8IJVXMvSvl69zY30gbI2w_xFVD-3vJSjS5vG9q9gTefgQRLcz9is8JIjJsBP6B7JbgkIOBdjrZX-rNkiNyG0bVtVnSQytrauWwwNJQkEOCKSdG1g74f93G8xuWrKBcWpeZTb_3ydSVDPJA80NZCbRvhbjXxiIlC-gEGaID2w2l3v6C0_xgTffvVVKnz3Dve8brfAoYUILPcUK7P8UhPztEsGygSn7y1Gp7VR9dccUhOXA9oLSjzi83J7UuqRKxPVFP7oJ0rTxOwfprKPgJV8efaJ1YCl44JVaKLsE8sCvBLQ8rd4YcPFCamXJstr-KNf5y2W7qZIgEJ1ngULmDSypwzHMRHd0JkmspM68dQ5QVL15gt1UiW446koCI_b-pirZDhrh7pKFIwkbk-Ps0tFY-qfJ-XzIoDnxwPdQcP36Oi0I2NEzef3pE6pag4Q7L9vyUOdME_XANcUj10odALm1i4dhuxLh8Z_77ieHnQORfBlLZ4jvwosuuOlmSilHhcrC86B1f6dqDaIb_tznfWUjtX6tdJA6607uYMbFWC5lCWS_g5lu3Q9I3ltGEHXa0s4-CMA-HgdOlgG9ftiummmnZjphjKDuAWwq2Tz9HXCrde908CWmwXpEllomexN3C5730Y88OBKTFbUAQ8p7NQbgVZhrbj2YYXwQlWyEjdd_PaUz6u1HAYEpSy0_f_4Y9BkxTuQgsoyi_fM2Hi9xxPQrft_9cNEj6mraU_PewfP8vjj-ng3qaK1fbFxn6CN6-m0lcnZxU56ShYUSXWTHJ96GWxx1qZGV4DoBlYsZ3VedlTeZI7uqRtPcrklxIoM99QeX9ssFtIeikFRsaAX3aG8Rgn-lOSXEtI0rByfrenoZ2iAQF9qTLCXeGo0YGrElQv5WmJVc2PJy4L2az5a5zliAPTajdcQACF7kVGwetGgJXkyX5lQpGY4Fi4diY92Ol31XjNl93WXoZopPFORu8tJNrelnpKxjwpjKIy6jtjxzDFjmJVx_QYvK4SvAE86gzzjwH3cKANFep1l8Se-1snveMEXhbD4DxGJwm4Yr5sQ__43bfZik5FKr0W9V8L5fDmS5bPCB5FpQBsk_CjPSNe9BkTgKJVKpejx7MtIR6p-Vw0tXEiujDkR2PGejrZlAp8lKet6vxobwE9vy6VckjaXZ8vcA1AJJX5SQYFY3PNol-W1CShDalNzIM33Yyn47XKpfmIwbXKHmU6gF9jHgFuDJ4A-ocw73MSCoJQcM5QrrX0SmwgT7VJUh9MfkC4wdNREOs89PqgO6c&cid=CAASEuRossnlJ9Qd1L8MCGjyTvEWcg&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
256
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9577
x-xss-protection
0
server
cafe
etag
11201793935764353180
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:30:16 GMT
html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 4B0A
169 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
Origin
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 01:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
66833
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60173
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 01:00:39 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame 4B0A
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABxR-5agjX14ZEMxsA4FZw7r7pybVU17g4wYXZhh16HudMHtej-odr5TynX_xFjaAkYHCQDEyJ_YlYWKcRFb6At4aHs_s1WZ-CPY78X5kPsiz5_XGOsO2b6ogoPw4UGQ2ykpXXER3FfQqp2CG34QiEDnnlvA&dbm_d=AKAmf-CDowlPYliEPLxqbpEtdkk6bsdq1DWEM-d4SSM64BTe-O3znqrOoiCztFhfCt46Mh6xMXxuh1Lg9aAiKYkIh-ytknz-hzGESCGwhGJl1yGZTU2GbKND4VkokW15K9uRWmixXx2Jfm52yVtcOg_qHHj8OjkqpUf6PRdKNYCACbC6EuBPMyg8Jut8mGtwegLovh_hH_ACckaL6YHCOJjBt4tpIUcghg8PAfJL8NBTNydsvP5ZtNvtG9S14QUJ32wvV4o2f25acs7rJAvzvHTRN8MOkXa18qhBZGbG7d4wOYiMAiJBAsU2Ldwlo0Tdtw0QtwUu0LhxkaL73d-1soZ63ISeTN0XzAkw1yrZGRbP9kv-fkWYGUpHPyl5t_9aBFoAcddnOc39E16Sg_-N4EZ3-u3dxWmz1GsQRuvXOv6hK65qkD0lClQVZQVdERPOHd9rCOOalMVswioYWrkzVEe0Jvid-2jhco2hDAqA0I2IbPGCf-wBPhcN6yAiaNyzoe7sTJm60e-oYeB-6DFsHLXkzjAXJmp0aDdViz4EhZzoIc8G7uwp1AJaouliB-I46cOa3t-V-Uf0qnrjb9I_VqyGkjKvOUva6mPrScHI0SDB7YUpu5QIjZpsG5p5i5SOlb4htkt6dZgZSoryjMMzy2pHftoat3VkfRh8eNILLkNYF5flK0pUnxkmQffrFb6X62AGJ7ZbQRC3RLaxNGUHwBABlUItI2mnlaGkb6D44r3AMiboP3isMOQdFOCe0NoBdglWiUb_NKRTWDpHWnLx5tdfrNQlAcb3vRTrA-Iqg1s9hyZprBv-WyQ6TyqFJguNG8VtN18CnErzSd8FEESTpwKblUIWmen4Ie89O1iyXgZp_wRpCCtOWwvF1UpZn8crP5IZxB619omrqIfzSohChg9JkO3BFlRh8iqDnXMAUzjhbb4CjuvKsXkiLChSKnQwa1ZBuDBnKgrG9MJS_AGlkH6KdkF4uLxyvzPuN6yfzHDqXPplHHIc-iUKFiGPB9Su1FI4KEcBaat7no5Gi8_vkINhVoSJarsiTB5dapH5C8PUdTRR9fqWPXTCbsa4WZOU2yLuFl56rsdiDQHyg_pnk8kgtnjtmcxj3yvxCGt4pg0IFIHjEJGnceXgrx-ETMo7xulj9mJPY65XchoqX1iF34KJwns9YZmTb2-7mkshyYWEOiIi7_UZ-UjmmGmWOMjvIkenZiYZGgapwVJEl1J3ngHoTWnvm5os19eHQjcGd4n9CVNAJeZcpG3vNXOQt6tc7QeMoad5DLku65t0amvU8Kli9JnV45AapUZ-fM3JAl18bovioshcRjuTjE9e6WjUv6FTe9T_ewI3E-u5SG4DYS87gYQnydToC9XS2qvuKp4fEHNOsET0bJ-8AeuQT2Ol_l19CMyZTumy5qzTFD2oEW7Or51d2VZMUC-RQ_dRUyPPIg8VXrykoz7RLJXNYNmY87nkgxt35qFzZfFT8kvwdUjbeGeOUbpyxtj8BYYh8_cBbie6CGrtEiQ3Zv9idR8maskBQCVsTSRQBFojWxy3uSLtvrkCJDCGlW0FKiVnjrAF4IvYYqjFtIsvFpp4NycSNcLSNLeJnv614UIQUcItLqPqFaVVVRc-KXZbLgQ5ksK9r_pJBQkkFUnYkzAFBKvMu05FK3tD_7x9Pht_yMAEyyc7_BQACyhVZ97Dq2HDjvyZ6OrX1aRbwChQqAtpv90MFgZa8EewZt1H5fpGpEzLd3yOmCClTbaLXvo3DJ9Vbz7J3RphfHAlprx0JJl8KW4xIKPM3CSQEvjnkPCW1Fmehgjn4b3RZ9tNxjrloW6xCyaIHuRGWoD5ZCZ-BLQxuw2JAKy3yjDPnoubhRgwEjRwk8XsyK-u428DkauFnv9quH2LBWUlPCuoOUsRKUtar79_54EsPPLGvtzieTrOiOB9BzujSHiKwR3SKrOLwahc19fdhvmnqp5dfVGrlqfRHQlwyfmxHLzk2fdCU_ESOc1ohkl8kApeUPc-Tf2CAVb6qtoDbSwdlZF97x00btRHGFEEK0p3Ccn9gAhQ0mdAqnMoxW0AqSlDiFONnW3BC0tPLgl7hMTUq13NzpkGQjSq2ZA_2tARTpX3S56F_3Zjei8OmciLZNXXcD1H3Nfn1ZfKTXingdLcTuOZazTV-xSkecVXusD89CWLrVz0h5PAQ2qBP6439VnNinMX5kai38JBEcu6JCRoiApkAOfMhiURGzw7flA38dpOkiyXOwSLGUY_yHjQxoSBCKyRL0o-Jebfp3UPgvrHgUOvKCkCRmuVrajIBWK168TZwylNZYesfIamaXiV3O48XL93tau5qJi9fRtZ99FYYNMTxnHyoVHBVBM2lUFVeeshHDzVcPW_THc0iTGwAqZGWBFpg5MHjzLBYrB-65MsB0tgcb0gqxuu7h5W2GUQy_H4mgrOMaZqdZEh1RNLKWYjTt6HRynbYUdit5QbgEibLBT6DV6j7CFiNyASWbrlztblZE2urHInT6PoNl9VJO2QYgNik4fOPmJKA51D8mma0wYBjsLTejC3KvZAUF-6nd05yzuGYK6uEH7YB-Rh6Sv7KZeZctSnrhA-pxhlmswUsxcWTaer_lplxmvv52iX6Qx95NNda2b6hmiavbg8iv2mNYB156gYzkb8OcrVuYH8tgRQzgSMpMK7Kanmf1ayJda7BM7eguCOKqjiRGG9GQnSuyDIhfdEmgEGwXf_51U4luY0lKMbUjNOpv6wHqLimfuFdl54L7zqXTJm11yn5dypqJjZ1GCD0No1rqU-vcoac5C7pv_PVxmVGPjwsvj5KEUYSCxvEtoz4rLNo0MUQBj9bPetadUdu5m7sRxDKPb0uR7IFJmnhWObeSrDpTRZy--WRmHYtKETxewBCz5z71uPCJwPFW_BfD9o1Mw075Vq3OwhOgWwbIUgc9bhSvDfjZo_WqBFRIU9dOrO7eSvm8jANOVcIDEJlFfiA7DrnAptBEVFFZY4Num4QV2cVn7K-z4zl1r4TSyAwc8UUH4q5IC1NlXo_GRaOxIT0DtlqOBP21jfXnI&cid=CAASEuRoIU4AkzLJ-_0RYV-gv-1qAQ&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:31:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
188
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:31:24 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame 4B0A
24 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-ABxR-5agjX14ZEMxsA4FZw7r7pybVU17g4wYXZhh16HudMHtej-odr5TynX_xFjaAkYHCQDEyJ_YlYWKcRFb6At4aHs_s1WZ-CPY78X5kPsiz5_XGOsO2b6ogoPw4UGQ2ykpXXER3FfQqp2CG34QiEDnnlvA&dbm_d=AKAmf-CDowlPYliEPLxqbpEtdkk6bsdq1DWEM-d4SSM64BTe-O3znqrOoiCztFhfCt46Mh6xMXxuh1Lg9aAiKYkIh-ytknz-hzGESCGwhGJl1yGZTU2GbKND4VkokW15K9uRWmixXx2Jfm52yVtcOg_qHHj8OjkqpUf6PRdKNYCACbC6EuBPMyg8Jut8mGtwegLovh_hH_ACckaL6YHCOJjBt4tpIUcghg8PAfJL8NBTNydsvP5ZtNvtG9S14QUJ32wvV4o2f25acs7rJAvzvHTRN8MOkXa18qhBZGbG7d4wOYiMAiJBAsU2Ldwlo0Tdtw0QtwUu0LhxkaL73d-1soZ63ISeTN0XzAkw1yrZGRbP9kv-fkWYGUpHPyl5t_9aBFoAcddnOc39E16Sg_-N4EZ3-u3dxWmz1GsQRuvXOv6hK65qkD0lClQVZQVdERPOHd9rCOOalMVswioYWrkzVEe0Jvid-2jhco2hDAqA0I2IbPGCf-wBPhcN6yAiaNyzoe7sTJm60e-oYeB-6DFsHLXkzjAXJmp0aDdViz4EhZzoIc8G7uwp1AJaouliB-I46cOa3t-V-Uf0qnrjb9I_VqyGkjKvOUva6mPrScHI0SDB7YUpu5QIjZpsG5p5i5SOlb4htkt6dZgZSoryjMMzy2pHftoat3VkfRh8eNILLkNYF5flK0pUnxkmQffrFb6X62AGJ7ZbQRC3RLaxNGUHwBABlUItI2mnlaGkb6D44r3AMiboP3isMOQdFOCe0NoBdglWiUb_NKRTWDpHWnLx5tdfrNQlAcb3vRTrA-Iqg1s9hyZprBv-WyQ6TyqFJguNG8VtN18CnErzSd8FEESTpwKblUIWmen4Ie89O1iyXgZp_wRpCCtOWwvF1UpZn8crP5IZxB619omrqIfzSohChg9JkO3BFlRh8iqDnXMAUzjhbb4CjuvKsXkiLChSKnQwa1ZBuDBnKgrG9MJS_AGlkH6KdkF4uLxyvzPuN6yfzHDqXPplHHIc-iUKFiGPB9Su1FI4KEcBaat7no5Gi8_vkINhVoSJarsiTB5dapH5C8PUdTRR9fqWPXTCbsa4WZOU2yLuFl56rsdiDQHyg_pnk8kgtnjtmcxj3yvxCGt4pg0IFIHjEJGnceXgrx-ETMo7xulj9mJPY65XchoqX1iF34KJwns9YZmTb2-7mkshyYWEOiIi7_UZ-UjmmGmWOMjvIkenZiYZGgapwVJEl1J3ngHoTWnvm5os19eHQjcGd4n9CVNAJeZcpG3vNXOQt6tc7QeMoad5DLku65t0amvU8Kli9JnV45AapUZ-fM3JAl18bovioshcRjuTjE9e6WjUv6FTe9T_ewI3E-u5SG4DYS87gYQnydToC9XS2qvuKp4fEHNOsET0bJ-8AeuQT2Ol_l19CMyZTumy5qzTFD2oEW7Or51d2VZMUC-RQ_dRUyPPIg8VXrykoz7RLJXNYNmY87nkgxt35qFzZfFT8kvwdUjbeGeOUbpyxtj8BYYh8_cBbie6CGrtEiQ3Zv9idR8maskBQCVsTSRQBFojWxy3uSLtvrkCJDCGlW0FKiVnjrAF4IvYYqjFtIsvFpp4NycSNcLSNLeJnv614UIQUcItLqPqFaVVVRc-KXZbLgQ5ksK9r_pJBQkkFUnYkzAFBKvMu05FK3tD_7x9Pht_yMAEyyc7_BQACyhVZ97Dq2HDjvyZ6OrX1aRbwChQqAtpv90MFgZa8EewZt1H5fpGpEzLd3yOmCClTbaLXvo3DJ9Vbz7J3RphfHAlprx0JJl8KW4xIKPM3CSQEvjnkPCW1Fmehgjn4b3RZ9tNxjrloW6xCyaIHuRGWoD5ZCZ-BLQxuw2JAKy3yjDPnoubhRgwEjRwk8XsyK-u428DkauFnv9quH2LBWUlPCuoOUsRKUtar79_54EsPPLGvtzieTrOiOB9BzujSHiKwR3SKrOLwahc19fdhvmnqp5dfVGrlqfRHQlwyfmxHLzk2fdCU_ESOc1ohkl8kApeUPc-Tf2CAVb6qtoDbSwdlZF97x00btRHGFEEK0p3Ccn9gAhQ0mdAqnMoxW0AqSlDiFONnW3BC0tPLgl7hMTUq13NzpkGQjSq2ZA_2tARTpX3S56F_3Zjei8OmciLZNXXcD1H3Nfn1ZfKTXingdLcTuOZazTV-xSkecVXusD89CWLrVz0h5PAQ2qBP6439VnNinMX5kai38JBEcu6JCRoiApkAOfMhiURGzw7flA38dpOkiyXOwSLGUY_yHjQxoSBCKyRL0o-Jebfp3UPgvrHgUOvKCkCRmuVrajIBWK168TZwylNZYesfIamaXiV3O48XL93tau5qJi9fRtZ99FYYNMTxnHyoVHBVBM2lUFVeeshHDzVcPW_THc0iTGwAqZGWBFpg5MHjzLBYrB-65MsB0tgcb0gqxuu7h5W2GUQy_H4mgrOMaZqdZEh1RNLKWYjTt6HRynbYUdit5QbgEibLBT6DV6j7CFiNyASWbrlztblZE2urHInT6PoNl9VJO2QYgNik4fOPmJKA51D8mma0wYBjsLTejC3KvZAUF-6nd05yzuGYK6uEH7YB-Rh6Sv7KZeZctSnrhA-pxhlmswUsxcWTaer_lplxmvv52iX6Qx95NNda2b6hmiavbg8iv2mNYB156gYzkb8OcrVuYH8tgRQzgSMpMK7Kanmf1ayJda7BM7eguCOKqjiRGG9GQnSuyDIhfdEmgEGwXf_51U4luY0lKMbUjNOpv6wHqLimfuFdl54L7zqXTJm11yn5dypqJjZ1GCD0No1rqU-vcoac5C7pv_PVxmVGPjwsvj5KEUYSCxvEtoz4rLNo0MUQBj9bPetadUdu5m7sRxDKPb0uR7IFJmnhWObeSrDpTRZy--WRmHYtKETxewBCz5z71uPCJwPFW_BfD9o1Mw075Vq3OwhOgWwbIUgc9bhSvDfjZo_WqBFRIU9dOrO7eSvm8jANOVcIDEJlFfiA7DrnAptBEVFFZY4Num4QV2cVn7K-z4zl1r4TSyAwc8UUH4q5IC1NlXo_GRaOxIT0DtlqOBP21jfXnI&cid=CAASEuRoIU4AkzLJ-_0RYV-gv-1qAQ&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
256
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9577
x-xss-protection
0
server
cafe
etag
11201793935764353180
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:30:16 GMT
html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame A957
169 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
Origin
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 01:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
66833
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60173
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 01:00:39 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame A957
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRW4vIOCrozMGVnY6blAnFFgzlrhYNFOd7K8O-4Q3U6n25OOTEZGZ922U1tWM7qjLJlDc-m3iaBoob1fFwbpCjGipVZnZDFyZMiAVfm1R_HqOdNeNTqqvcooehH1HbWZbziV9dCVuy-rFRGeaf0a6DrZn_1Q&dbm_d=AKAmf-BqlyMFXF5I21zmLbEVpjGUESttGqhfn_pf0Rxs410qIYz-JEn4MOhc0qKtGaPV8qAvX2Z-w1t8Mx25JvgPkWoovk1TAarMJ_ZIsptne4ojtvejO6ufB6tXSnbCBuM0OoNIxDYZfB4GyVtZNgugfZwKWlxKlpCcd9v7VCEY_vahY0R1Di6ZQTYBrlCb250GSkoladESTRzXIJ-GJ0Ros9-5GwPrmUwR_sCbIqJbDWbXL3JXlO94J6BoNsL1NlGBHIhUI2Yv5Tezvne-dlC3oJmsMAp1K3CjB33I3_v_vIkbQXFdSi0Rx2J7x69QnTxwzy3bogv_SzM1p8ItLADymoGzDUx9Wh2FqDZDD4MSlw_6LKCxFWwfw84hr92YjAGAQZRfP7EhDmUe2drKwtolDFkv4w48P_je3mUIKEn9luliUiGxcawjqQz77UkfbGzap-7qLzxNZF9wFJaDL8PgJ0w32u8Z_TyMbruRjNGV8ILTTaV_ks-CgQQysNu0Y9J2jKrVAt3NwQp9g37xbU4cvBXss-wl1q3xzxhZTMHFzGDTnhIJJy7EVQ8AWRq0eMasR8VcbGWKS9dw1jh_Rz2PZ4LEbybDKtfPhOhjq4xVO_mktXR3GT4gKuIWGY_nqI6-_3Z-ysfdtZzwo0usOPuuwq2ySKeYgavkVqNqMRrYEspxM7rJogdj0zKzYwW3hfmulWEuCLZ22Ul7w8Czj9Pbt28M-qyCCmA878FpXyUCqnIJ7hWxcPezLYj3uwzRQB_joXPgh9qTyIxVrEaNcF1iq3laHCf2T0GgZFqumomoqgcGpy-aj2KkGSswD1ahXjdObHX8wXszD-skuYQ3NOIKolr4UJ4KctG_GNq6rUUsyMF27D1Jz_aoi5MsoqnBdWj2PvqLCVIbFW61jD00pJHy12Ro8cy38kRkwof1SpAZfpL-UzEDGgvKq-62kvrkhPTh9fwzj5PA9skM54ycH_7O-A4TbayABNLabjzKaue4sY5f3VuUIK1gaPQOufZ0_Qz-1Pimb3futfGToKvs8p_JIZl-LKnTCR_x9taSzDDxQL7NrDy2yLt4hlPOCeuccJI4i1S1Gry-cqfE1QDzklE8mUIbPtMnfmAzQ-jIR34-Kb2GBlaCmXm7Vmo11SEEf1eRn67W8-771KBiduaZAclewJ92_cWDEFTtayWNMrA3o8BFUAJpAX6qwcjOFY_TZKCJpqJrRV5N3YqUvbXsyS3o6pCN7FLoi8MamvsZiBEHR535sHCYwfcuFTZ5DO45EIAADEOn1cAwV-GiK8h3ty3_qPrJP8DIL7TADDEh5RnaqeNzsaK26sx28B98oD7Dp3DAKmRq4CW4gRr8ot3_8F45r50cAM1DTeFwkloNTIUaZ0N-GzjpUPM9lLeS8-E0Nefw7li7F3SsSaEGADIgPNTQcS6Ml75jpV8qDtWCB8dP6Tf0GOHquA-Q_oj0bQaStqPecuoN58GCQrTnPRprmdy4HJvBqdghP-Fus9Mh3HMxb7XnjyByT1u0HXSQNMmcTWiAfTBR222Q8OO4BtBQL-hblFq2LCGADvTe4NCeoDaNrsz9c8PbyIsGqKW0s8fHG8f1-TRwdMe2z3kN_XM1UcmKsYbd8ZgwJ6Lo9V0wTghSngXzalVqW___W4fvCwlAu6J_23yb6U1D4c2vSslOjasXgzOx3ZE0UKZ4LX1TZntAEHwojSmK0RcIGON3IEij4nkSPqwto7KSc3IBl0CT7aJhnz2RpkYNFBqIX1fhAxXdGvLseLmQnsgZCYbSYA9E2xF0VVi5yQINtqR6yO3eFCZXSpn4qRfX58MylhgYFF942T2bPREKUrOQQbqYBqdDJBs6SuxWQ0JfrcutxESHp1QSIJ-7ku2QhtSyX2C4IJuZx-Qz0iVbiM3DbpHheE5tH6jlRrUINOdfmcJbbqP6m5Mt5_2W0dtf9Nu0Grg18-BjQ4BX2KiIwvB21HF2t6ZWxaMYZf77gVXyIFdg5gGxJmKyS-989KuUsmcQqf7c0Lv47QErP5jKPPrO6dyIlcM4W6V842qWvspCAwB48JadooWQ2c9QztesH61PCjTuh181n23e6ycBGs6d9tURZ_iO6lkxYHADum6MUZdqHk-io0QBnmG0iaYnb3sVWQJzdinQ1_Kth4Uc6jMNe_JeB1YWHB5XKHDWyyVfCrfoSI9a7gjGpxfY2PMnMEmBG-Jk4XJVpUC9z11Bv4bH8iN0KtQSQqd4EYmFinVr_gv7ivUuAsc8FTrOL-mxBQxXyCm6xc1bjWtwrnX8gYIluBspxyLsCZxCatg7HcY8AugfTZZLzb8EKQ0Ca38UuXeMo5nmQfuq3vt7DCpuEgFV_duDBnaMFEJlk3075az59RsYj08E9tB76Z7ZX3AK94nYK-sfXyvvRfK2gPQSOasEmlT8V_KhJ8gPydx8UqLyiAmSPS6_8gCkBKYehbzW9zq0sSQYu7pDYfO7IUFs8Ao7g2PvtXYRtRZ-kvvzrcLXtqBYEydsUoo4i2NyJyB1hdy6j4LgTqE4bz5XGRjpDNmWkfanebg5m3MgUzsd7us4TvW8YhRc7dkeIOUOTElH_nduibC-6qj-5haWZi8gJCycvrGUyOsfGtYXkzwl4hX51yTTJ7pfVdd-dQ9E4vT57vBLY7EaaZ9PV3pwHCe5i3mq8uEqzddEN2ISGNWGk8wUyipeQtUxDuuEx9UMqTYtfflqmmMVxX8bW4ea1hzb-3iHiWsJ5dD8Ft-1zqRmZ5LV6138jVrJqWzx-8HipWXAJctezHYz_e4sgob76GBEjMXWiz24g9maXWDJkvMYH8Xp3vNwdaVTidBxaF7gFb2i9LlzomdeR_dH7Ak35zFtwjIMutKLV1eNIBgGhlkuh9I1ZgTqq_gDEa-UEnA2EoNkAbc8KAfbBvSdmugdXbTgsEj6XThCEgO6raYus2r3w7iKUJxZFQBCESEjDcPswLqTu69xUE0uFyKEgW0gADWbMLebWY5_XrioMbmOvL9Hf2n1MN_ZnAE6BDgB3uVpdD2KaNwP8zdzLzZMuSvhQz3-HMM&cid=CAASEuRo8aPOuWLI8cCj3FCr9Bu-Sg&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:31:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
188
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:31:24 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame A957
24 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-BRW4vIOCrozMGVnY6blAnFFgzlrhYNFOd7K8O-4Q3U6n25OOTEZGZ922U1tWM7qjLJlDc-m3iaBoob1fFwbpCjGipVZnZDFyZMiAVfm1R_HqOdNeNTqqvcooehH1HbWZbziV9dCVuy-rFRGeaf0a6DrZn_1Q&dbm_d=AKAmf-BqlyMFXF5I21zmLbEVpjGUESttGqhfn_pf0Rxs410qIYz-JEn4MOhc0qKtGaPV8qAvX2Z-w1t8Mx25JvgPkWoovk1TAarMJ_ZIsptne4ojtvejO6ufB6tXSnbCBuM0OoNIxDYZfB4GyVtZNgugfZwKWlxKlpCcd9v7VCEY_vahY0R1Di6ZQTYBrlCb250GSkoladESTRzXIJ-GJ0Ros9-5GwPrmUwR_sCbIqJbDWbXL3JXlO94J6BoNsL1NlGBHIhUI2Yv5Tezvne-dlC3oJmsMAp1K3CjB33I3_v_vIkbQXFdSi0Rx2J7x69QnTxwzy3bogv_SzM1p8ItLADymoGzDUx9Wh2FqDZDD4MSlw_6LKCxFWwfw84hr92YjAGAQZRfP7EhDmUe2drKwtolDFkv4w48P_je3mUIKEn9luliUiGxcawjqQz77UkfbGzap-7qLzxNZF9wFJaDL8PgJ0w32u8Z_TyMbruRjNGV8ILTTaV_ks-CgQQysNu0Y9J2jKrVAt3NwQp9g37xbU4cvBXss-wl1q3xzxhZTMHFzGDTnhIJJy7EVQ8AWRq0eMasR8VcbGWKS9dw1jh_Rz2PZ4LEbybDKtfPhOhjq4xVO_mktXR3GT4gKuIWGY_nqI6-_3Z-ysfdtZzwo0usOPuuwq2ySKeYgavkVqNqMRrYEspxM7rJogdj0zKzYwW3hfmulWEuCLZ22Ul7w8Czj9Pbt28M-qyCCmA878FpXyUCqnIJ7hWxcPezLYj3uwzRQB_joXPgh9qTyIxVrEaNcF1iq3laHCf2T0GgZFqumomoqgcGpy-aj2KkGSswD1ahXjdObHX8wXszD-skuYQ3NOIKolr4UJ4KctG_GNq6rUUsyMF27D1Jz_aoi5MsoqnBdWj2PvqLCVIbFW61jD00pJHy12Ro8cy38kRkwof1SpAZfpL-UzEDGgvKq-62kvrkhPTh9fwzj5PA9skM54ycH_7O-A4TbayABNLabjzKaue4sY5f3VuUIK1gaPQOufZ0_Qz-1Pimb3futfGToKvs8p_JIZl-LKnTCR_x9taSzDDxQL7NrDy2yLt4hlPOCeuccJI4i1S1Gry-cqfE1QDzklE8mUIbPtMnfmAzQ-jIR34-Kb2GBlaCmXm7Vmo11SEEf1eRn67W8-771KBiduaZAclewJ92_cWDEFTtayWNMrA3o8BFUAJpAX6qwcjOFY_TZKCJpqJrRV5N3YqUvbXsyS3o6pCN7FLoi8MamvsZiBEHR535sHCYwfcuFTZ5DO45EIAADEOn1cAwV-GiK8h3ty3_qPrJP8DIL7TADDEh5RnaqeNzsaK26sx28B98oD7Dp3DAKmRq4CW4gRr8ot3_8F45r50cAM1DTeFwkloNTIUaZ0N-GzjpUPM9lLeS8-E0Nefw7li7F3SsSaEGADIgPNTQcS6Ml75jpV8qDtWCB8dP6Tf0GOHquA-Q_oj0bQaStqPecuoN58GCQrTnPRprmdy4HJvBqdghP-Fus9Mh3HMxb7XnjyByT1u0HXSQNMmcTWiAfTBR222Q8OO4BtBQL-hblFq2LCGADvTe4NCeoDaNrsz9c8PbyIsGqKW0s8fHG8f1-TRwdMe2z3kN_XM1UcmKsYbd8ZgwJ6Lo9V0wTghSngXzalVqW___W4fvCwlAu6J_23yb6U1D4c2vSslOjasXgzOx3ZE0UKZ4LX1TZntAEHwojSmK0RcIGON3IEij4nkSPqwto7KSc3IBl0CT7aJhnz2RpkYNFBqIX1fhAxXdGvLseLmQnsgZCYbSYA9E2xF0VVi5yQINtqR6yO3eFCZXSpn4qRfX58MylhgYFF942T2bPREKUrOQQbqYBqdDJBs6SuxWQ0JfrcutxESHp1QSIJ-7ku2QhtSyX2C4IJuZx-Qz0iVbiM3DbpHheE5tH6jlRrUINOdfmcJbbqP6m5Mt5_2W0dtf9Nu0Grg18-BjQ4BX2KiIwvB21HF2t6ZWxaMYZf77gVXyIFdg5gGxJmKyS-989KuUsmcQqf7c0Lv47QErP5jKPPrO6dyIlcM4W6V842qWvspCAwB48JadooWQ2c9QztesH61PCjTuh181n23e6ycBGs6d9tURZ_iO6lkxYHADum6MUZdqHk-io0QBnmG0iaYnb3sVWQJzdinQ1_Kth4Uc6jMNe_JeB1YWHB5XKHDWyyVfCrfoSI9a7gjGpxfY2PMnMEmBG-Jk4XJVpUC9z11Bv4bH8iN0KtQSQqd4EYmFinVr_gv7ivUuAsc8FTrOL-mxBQxXyCm6xc1bjWtwrnX8gYIluBspxyLsCZxCatg7HcY8AugfTZZLzb8EKQ0Ca38UuXeMo5nmQfuq3vt7DCpuEgFV_duDBnaMFEJlk3075az59RsYj08E9tB76Z7ZX3AK94nYK-sfXyvvRfK2gPQSOasEmlT8V_KhJ8gPydx8UqLyiAmSPS6_8gCkBKYehbzW9zq0sSQYu7pDYfO7IUFs8Ao7g2PvtXYRtRZ-kvvzrcLXtqBYEydsUoo4i2NyJyB1hdy6j4LgTqE4bz5XGRjpDNmWkfanebg5m3MgUzsd7us4TvW8YhRc7dkeIOUOTElH_nduibC-6qj-5haWZi8gJCycvrGUyOsfGtYXkzwl4hX51yTTJ7pfVdd-dQ9E4vT57vBLY7EaaZ9PV3pwHCe5i3mq8uEqzddEN2ISGNWGk8wUyipeQtUxDuuEx9UMqTYtfflqmmMVxX8bW4ea1hzb-3iHiWsJ5dD8Ft-1zqRmZ5LV6138jVrJqWzx-8HipWXAJctezHYz_e4sgob76GBEjMXWiz24g9maXWDJkvMYH8Xp3vNwdaVTidBxaF7gFb2i9LlzomdeR_dH7Ak35zFtwjIMutKLV1eNIBgGhlkuh9I1ZgTqq_gDEa-UEnA2EoNkAbc8KAfbBvSdmugdXbTgsEj6XThCEgO6raYus2r3w7iKUJxZFQBCESEjDcPswLqTu69xUE0uFyKEgW0gADWbMLebWY5_XrioMbmOvL9Hf2n1MN_ZnAE6BDgB3uVpdD2KaNwP8zdzLzZMuSvhQz3-HMM&cid=CAASEuRo8aPOuWLI8cCj3FCr9Bu-Sg&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
256
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9577
x-xss-protection
0
server
cafe
etag
11201793935764353180
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:30:16 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame E76F
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsvT7XSk9_OebvtlEnUI_o444N5CntW7jMuW2EyOeaO14i86vzhD5aDMwmCpxoHiVGHaVj1_KSt0H8ctzhhmMLGlvIxOzyzYjN4Jfo3iyrJEf8pZnUJjRw&sai=AMfl-YT1F6uW0b7jtMYKUy38BS6D2r010JZXgtnNkqMKYF9coHJOkGOqAV3evDde-iMA_MiMYveHXbJpeZ19&sig=Cg0ArKJSzGpJME1gH8pLEAE&id=lidar2&mcvt=1004&p=0,0,242,290&mtos=1004,1004,1004,1004,1004&tos=1004,0,0,0,0&v=20220209&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=22&adk=764607872&rs=2&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644608070691&rpt=984&met=mue&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://googleads.g.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
html_inpage_rendering_lib_200_275.js
s0.2mdn.net/879366/ Frame 8AF5
169 KB
59 KB
Script
General
Full URL
https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
Origin
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 01:00:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
66833
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
60173
x-xss-protection
0
last-modified
Mon, 27 Sep 2021 18:44:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 01:00:39 GMT
omrhp.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/ Frame 8AF5
8 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/elements/html/omrhp.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXuk5226jgKY2aUDQGHbqJlkKC_8-K5Q1iBefi33JnzOsV9fy7af_SpT7Zg5NNnOTA9H8y33e6Y3Fu9Yd1x_FioclfR-N-tHe9yCliFOjCbfWxU4gasnqv6B4wqtbZtvMX6up7VsQ4i2Nc3NHfLxAuPUp_XQ&dbm_d=AKAmf-Cfap_I2YF92JMvEtu45NpKfj_NeWxouT6G6hNnyUKKKSPXZWf3D_VwaJrJoRcCiT7hdzrmrCIMxTYCecM0Px63KocklAft4mD_1uo37GkYqY45Sxnn0oJELbiFTLvrGRt6Pd3SECAPNn7AJjdLirTpSALhRyYLtVfqgle7Cin5oH8jxztuzSXXGblaiQZ8QbFGR-95kQ0oJioR98VMB0KD6W1ttPXlyYthu74hWaLDRlfcso044oEs1-AuWa4isinbzcZiznSdQf8K00VQC3Wl3PWop9HBqdohDYSal3b5dJ4KTxglyhA1UgeBdiekCpZtAvXeCzIrm8jCDrJaZJRov5nBqj90G2uUBCDKIIl2gSmsJMeX7xWVZjK5qdtqQLaTE0B6zZOiADTY_lte3pLfZqbGtJIp7eSMODy2M0WTLwALGSr_uUcyZtHHH6S7-jhSNZBrzWjt-YsEnEsTRYfFMYghK-yC74W4-bntajWplMaHOE4Ar5iCmZaKmu_qnhutAT7B8mGaLotI3lkhWI7W4kjbmh8-aO7QstqVzuGRAXC9ARN_qOSaG3sTaDrPn40MjQPN5tKVhJKs78TSRfYZORGt4-LggsWBXVHEcc0Id6Je3mrOr4fh2mTmRpAEfNHzeKvXLWBezRO3jvejX_trfFafK_KprPPnZlu7B_nMGLsCD7yZAfEH91TityGD6KgUVW0et_HfLzzjDXi1k8c7z4ni6ztUqhkyy3Uz8ywGXi2KnscqLweF7mZ5Y1K-_lmit5oTBLq6rvpESXZYioLA5L2DjC5DI9E8lcoQ2ShLRMJSUIjceHzDuu5v4l0-AVDVsaaV3CJ35HtHeWJWyag5W2Ft7KOAvvG1bUbAmMXxyLOsv5Z2q64_xfdtFmMJ7hj8YYv0pk_7RKG_mq9K1ysFcN8h41Q3iX-APW6eAKsbHw1sQMEkkIVCKgy-66_tMWVY_5r7H1iSCr0otqC3TfTxNw_7PvZhZyrg_H8K1KBugIRrk7ugKITWZ0QSRN8xgO8yJGfntKaHGSAe_1M9gKAe7mU8WZd6JhCaNMVca6CrQgoNSFya5JQVCaS9XXoV2p4zMvLNuXxd_MGt8q82QuuBa4ILfi5Ar4lUHP5sI5Yczcxm_Y9ur26Ua9XjkkV-hTxW5FGZnUWEwgPYROGMMyWgzfRRm1-iogJK6z_TjzIpitB-4RyLJVtrKNAsa632Ir7CgzrP_wMxhqMlfoCRzBWgnm7vBPzupLGnGZk38j5VLrL8ctW53l0dcZdcIOX82Ln5oDesiXb8NObfPPhigRIJRVDAdvuLP4c0QEA1LxadSPbmoDEz-e1ni3tOToTD4_quNWgXioA3Dx1zkWwsppY35sQzm124asashKPQKkEnEHjvyHGEC3S_S8yD2YTNCWPrD2drjeP-0ecAiA2iNwDh46t8gGT8a49SRkMWsRU_sePkBES43ZEKGi-Yklbew353mwBoytHRncv-ogFaNJieSqDnLwdiBipuZsh_YUqkROS3of0IPTYdzz0EwqpeBSsX5AqR83SMkj69sdanQKBoZyzFtYNnPIw9XM08PE0Q295p3NvzIB79X0z3MVL_5Tpy5LY3vmraBL0pjJ94Wx5nozGjF2LdMyQ5SbQsRgPYsZf1Z85WZCmfWXMvNeOw2T_WhP5PgbdYRRolF2LQSWTOgCWnMG2XZbcRk_eqUFcFEcut2WpdNm_tuHWShU93LWDW6qLYrvJXw3TsFqxpoQoMDSsX88DnDgUOgNoOYpgeTfnngG0y4XJhKBfkw3EC5TaMIltbpTqzccUIMVezuKMA-a9sKx-aj309iJx5Ln_tBsESqLy-7IFHG2VekMLtw3xQEPKwxGBMNog9rnsK47JVDABpHq1eVFMt1ZnWAeYr0mjHm9kwlVFeO73Pb7uJQCAUFSKAE40xd56QH6EgbA0CeYYZ9nvCyZs7jgphWhhu0H3l_cZQFvun10nGUf_Vp4nXKBTor9BuEFsj1acjos6tDia2DCJvooJlGCwfipE1CfI3hFRPj0B8bnxRDmH3L3Pe5kGmNUJmzVqfwW5RHRRKGknVLfKetkq279XeP41k00N4PMSZK9ryFXdOtiCyHxw9pweyXo1yiQ5rW1nsfezk-10OaGneGtit82X3J9O8b3JtORCiD3FMoZtTFKlhd8bDQkC4TPkxfOXjnyAnPTAJf5cRHNm-3XV18ldpDk1VqcdWrwyHt6ysOrKJy0A7HckYEU-8f6dCi9NhfP0usa3FofHyc46cmv4PcWYoN9e_rOYAHOSinj7HEj8i3cBk0uSyIwQWQAiI3HejPra6PyvKeYx6oPWt-atBazWxgiMXZa7LpwGfjJWwUKSmYpP9RXT72ovnmsEy-ElZ5lBPb2FFix3-xPtwXIHQHz-aaWx6gOFyH6qr3uZOFrNm6kUY_9wRNHT46HfWDAy43PgIUUzaYbKB5ogKFhbRSCB_h5VNokRPHwWkP5huLKPBKw76p5qrc4FnK_UvKFmPkoI74j74cDQYWqTWIn1jRxzQ3G7Ji0z4JuwxBJBdHGW-pgaTQGcnMAvrFpY7tzacyXFf0eNBb2p9euR3uRCq7AfP-9-5iah78qzrLV816dVxWl3i0KawVKacbbOlML3tpvdZeS5odhsOOEdUQO4SCi0-AUgfb1o6RrzFUhzJZkUD_dVDdHYbZ_gBGrY_NNNKaFuBetdELO4mfi8y1cFboetSQklOWif5yJUTtBscu0diF6ZOx5Fh9IBsHs3RYSbHfOyhqrLbOQqCVT71kobSWNzvrvYOcXkupALFtF74HkkvusVFTKXhIgweBgMyysTKLVkJUfbnRgezuOWRmLikEugdsAxqDZ2VEYZNiDkdT-dD4szMxncEMc5H_dgJD6qjVF3e6raj0hTF1XomZPCLxvzw30-2YxxzbsDYTs7dRVXvSA6Frzc5Il9kbhy0pvAM4tMeg-puOb7ph_zEPlXSNWcsJhxINEOHtR6ZK-toRhIeQAH2DwjtAHn3wj1iAHzeMTYXojzSH6sTZPJHrwpc2i2eGkHdvwKWMq4&cid=CAASEuRoUCDgR0866FgjYYHkjXONKA&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:31:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
188
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
3159
x-xss-protection
0
server
cafe
etag
1394524276809619753
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:31:24 GMT
abg_lite.js
pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/ Frame 8AF5
24 KB
9 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20220209/r20110914/abg_lite.js
Requested by
Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DXuk5226jgKY2aUDQGHbqJlkKC_8-K5Q1iBefi33JnzOsV9fy7af_SpT7Zg5NNnOTA9H8y33e6Y3Fu9Yd1x_FioclfR-N-tHe9yCliFOjCbfWxU4gasnqv6B4wqtbZtvMX6up7VsQ4i2Nc3NHfLxAuPUp_XQ&dbm_d=AKAmf-Cfap_I2YF92JMvEtu45NpKfj_NeWxouT6G6hNnyUKKKSPXZWf3D_VwaJrJoRcCiT7hdzrmrCIMxTYCecM0Px63KocklAft4mD_1uo37GkYqY45Sxnn0oJELbiFTLvrGRt6Pd3SECAPNn7AJjdLirTpSALhRyYLtVfqgle7Cin5oH8jxztuzSXXGblaiQZ8QbFGR-95kQ0oJioR98VMB0KD6W1ttPXlyYthu74hWaLDRlfcso044oEs1-AuWa4isinbzcZiznSdQf8K00VQC3Wl3PWop9HBqdohDYSal3b5dJ4KTxglyhA1UgeBdiekCpZtAvXeCzIrm8jCDrJaZJRov5nBqj90G2uUBCDKIIl2gSmsJMeX7xWVZjK5qdtqQLaTE0B6zZOiADTY_lte3pLfZqbGtJIp7eSMODy2M0WTLwALGSr_uUcyZtHHH6S7-jhSNZBrzWjt-YsEnEsTRYfFMYghK-yC74W4-bntajWplMaHOE4Ar5iCmZaKmu_qnhutAT7B8mGaLotI3lkhWI7W4kjbmh8-aO7QstqVzuGRAXC9ARN_qOSaG3sTaDrPn40MjQPN5tKVhJKs78TSRfYZORGt4-LggsWBXVHEcc0Id6Je3mrOr4fh2mTmRpAEfNHzeKvXLWBezRO3jvejX_trfFafK_KprPPnZlu7B_nMGLsCD7yZAfEH91TityGD6KgUVW0et_HfLzzjDXi1k8c7z4ni6ztUqhkyy3Uz8ywGXi2KnscqLweF7mZ5Y1K-_lmit5oTBLq6rvpESXZYioLA5L2DjC5DI9E8lcoQ2ShLRMJSUIjceHzDuu5v4l0-AVDVsaaV3CJ35HtHeWJWyag5W2Ft7KOAvvG1bUbAmMXxyLOsv5Z2q64_xfdtFmMJ7hj8YYv0pk_7RKG_mq9K1ysFcN8h41Q3iX-APW6eAKsbHw1sQMEkkIVCKgy-66_tMWVY_5r7H1iSCr0otqC3TfTxNw_7PvZhZyrg_H8K1KBugIRrk7ugKITWZ0QSRN8xgO8yJGfntKaHGSAe_1M9gKAe7mU8WZd6JhCaNMVca6CrQgoNSFya5JQVCaS9XXoV2p4zMvLNuXxd_MGt8q82QuuBa4ILfi5Ar4lUHP5sI5Yczcxm_Y9ur26Ua9XjkkV-hTxW5FGZnUWEwgPYROGMMyWgzfRRm1-iogJK6z_TjzIpitB-4RyLJVtrKNAsa632Ir7CgzrP_wMxhqMlfoCRzBWgnm7vBPzupLGnGZk38j5VLrL8ctW53l0dcZdcIOX82Ln5oDesiXb8NObfPPhigRIJRVDAdvuLP4c0QEA1LxadSPbmoDEz-e1ni3tOToTD4_quNWgXioA3Dx1zkWwsppY35sQzm124asashKPQKkEnEHjvyHGEC3S_S8yD2YTNCWPrD2drjeP-0ecAiA2iNwDh46t8gGT8a49SRkMWsRU_sePkBES43ZEKGi-Yklbew353mwBoytHRncv-ogFaNJieSqDnLwdiBipuZsh_YUqkROS3of0IPTYdzz0EwqpeBSsX5AqR83SMkj69sdanQKBoZyzFtYNnPIw9XM08PE0Q295p3NvzIB79X0z3MVL_5Tpy5LY3vmraBL0pjJ94Wx5nozGjF2LdMyQ5SbQsRgPYsZf1Z85WZCmfWXMvNeOw2T_WhP5PgbdYRRolF2LQSWTOgCWnMG2XZbcRk_eqUFcFEcut2WpdNm_tuHWShU93LWDW6qLYrvJXw3TsFqxpoQoMDSsX88DnDgUOgNoOYpgeTfnngG0y4XJhKBfkw3EC5TaMIltbpTqzccUIMVezuKMA-a9sKx-aj309iJx5Ln_tBsESqLy-7IFHG2VekMLtw3xQEPKwxGBMNog9rnsK47JVDABpHq1eVFMt1ZnWAeYr0mjHm9kwlVFeO73Pb7uJQCAUFSKAE40xd56QH6EgbA0CeYYZ9nvCyZs7jgphWhhu0H3l_cZQFvun10nGUf_Vp4nXKBTor9BuEFsj1acjos6tDia2DCJvooJlGCwfipE1CfI3hFRPj0B8bnxRDmH3L3Pe5kGmNUJmzVqfwW5RHRRKGknVLfKetkq279XeP41k00N4PMSZK9ryFXdOtiCyHxw9pweyXo1yiQ5rW1nsfezk-10OaGneGtit82X3J9O8b3JtORCiD3FMoZtTFKlhd8bDQkC4TPkxfOXjnyAnPTAJf5cRHNm-3XV18ldpDk1VqcdWrwyHt6ysOrKJy0A7HckYEU-8f6dCi9NhfP0usa3FofHyc46cmv4PcWYoN9e_rOYAHOSinj7HEj8i3cBk0uSyIwQWQAiI3HejPra6PyvKeYx6oPWt-atBazWxgiMXZa7LpwGfjJWwUKSmYpP9RXT72ovnmsEy-ElZ5lBPb2FFix3-xPtwXIHQHz-aaWx6gOFyH6qr3uZOFrNm6kUY_9wRNHT46HfWDAy43PgIUUzaYbKB5ogKFhbRSCB_h5VNokRPHwWkP5huLKPBKw76p5qrc4FnK_UvKFmPkoI74j74cDQYWqTWIn1jRxzQ3G7Ji0z4JuwxBJBdHGW-pgaTQGcnMAvrFpY7tzacyXFf0eNBb2p9euR3uRCq7AfP-9-5iah78qzrLV816dVxWl3i0KawVKacbbOlML3tpvdZeS5odhsOOEdUQO4SCi0-AUgfb1o6RrzFUhzJZkUD_dVDdHYbZ_gBGrY_NNNKaFuBetdELO4mfi8y1cFboetSQklOWif5yJUTtBscu0diF6ZOx5Fh9IBsHs3RYSbHfOyhqrLbOQqCVT71kobSWNzvrvYOcXkupALFtF74HkkvusVFTKXhIgweBgMyysTKLVkJUfbnRgezuOWRmLikEugdsAxqDZ2VEYZNiDkdT-dD4szMxncEMc5H_dgJD6qjVF3e6raj0hTF1XomZPCLxvzw30-2YxxzbsDYTs7dRVXvSA6Frzc5Il9kbhy0pvAM4tMeg-puOb7ph_zEPlXSNWcsJhxINEOHtR6ZK-toRhIeQAH2DwjtAHn3wj1iAHzeMTYXojzSH6sTZPJHrwpc2i2eGkHdvwKWMq4&cid=CAASEuRoUCDgR0866FgjYYHkjXONKA&rfl=1%2Chttps%253A%252F%252Fconsulteportal.com.br%252F%240
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:16 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
256
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
9577
x-xss-protection
0
server
cafe
etag
11201793935764353180
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 19:30:16 GMT
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame EF6A
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 10:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120488
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Feb 2023 10:06:24 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame B38C
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Fri, 11 Feb 2022 05:53:44 GMT
expires
Sat, 12 Feb 2022 05:53:44 GMT
cache-control
public, max-age=86400
age
49248
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame EF6A
218 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a64e82e555d588d94ec48e88d15d1945290807baa3dec79b976b01ed2710ca64

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 4B0A
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 10:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120488
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Feb 2023 10:06:24 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame E252
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Fri, 11 Feb 2022 05:53:44 GMT
expires
Sat, 12 Feb 2022 05:53:44 GMT
cache-control
public, max-age=86400
age
49248
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 4B0A
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
99f6018fcf7caa1290f96ec271438ceb136aa314aa8ce58b6ac16a233a88d13f

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame A957
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 10:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120488
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Feb 2023 10:06:24 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame C261
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Fri, 11 Feb 2022 05:53:44 GMT
expires
Sat, 12 Feb 2022 05:53:44 GMT
cache-control
public, max-age=86400
age
49248
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame A957
214 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3a2b5ec69aadc644a9439be318a6fa1a55fb26311460c3607dd2b66646010d94

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 6948
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 10 Feb 2022 10:06:25 GMT
expires
Fri, 10 Feb 2023 10:06:25 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
120487
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
UFYwWwmt.js
tpc.googlesyndication.com/sodar/ Frame 8AF5
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Thu, 10 Feb 2022 10:06:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
120488
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15207
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 10 Feb 2023 10:06:24 GMT
cookie_push_onload.html
pagead2.googlesyndication.com/pagead/s/ Frame 2F96
1 KB
749 B
Document
General
Full URL
https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
vary
Accept-Encoding
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
724
x-xss-protection
0
date
Fri, 11 Feb 2022 05:53:44 GMT
expires
Sat, 12 Feb 2022 05:53:44 GMT
cache-control
public, max-age=86400
age
49248
etag
48472445140208031
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
truncated
/ Frame 8AF5
217 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
21d70d3f607473ef14b4cdfcfee88ab8230e70de910f26c4242d7eae3234dc6c

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame F53A
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 10 Feb 2022 10:06:25 GMT
expires
Fri, 10 Feb 2023 10:06:25 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
120487
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
i.match
s.tribalfusion.com/z/ Frame B38C
Redirect Chain
  • https://a.tribalfusion.com/i.match?p=b6&u=CAESEBL91P1lk0kgaf558NcYDUU&google_cver=1&google_push=AYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0&r...
  • https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL91P1lk0kgaf558NcYDUU&google_cver=1&google_push=AYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0...
43 B
423 B
Image
General
Full URL
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL91P1lk0kgaf558NcYDUU&google_cver=1&google_push=AYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
Protocol
H2
Server
2606:4700::6812:c05 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
cf-cache-status
DYNAMIC
x-function
302
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6dc003e928275b6e-FRA
p3p
CP="NOI DEVo TAIa OUR BUS"
cache-control
no-cache, private
content-type
image/gif; charset=utf-8
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
43
expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
cf-cache-status
DYNAMIC
x-function
206
server
cloudflare
x-reuse-index
142
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6dc003e77acf5b6e-FRA
p3p
CP="NOI DEVo TAIa OUR BUS"
location
https://s.tribalfusion.com/z/i.match?p=b6&u=CAESEBL91P1lk0kgaf558NcYDUU&google_cver=1&google_push=AYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0&redirect=https%3A//cm.g.doubleclick.net/pixel%3Fgoogle_nid%3Dexp%26google_push%3DAYg5qPLolLC_EY3q0L186tOdlT4lesFeP6JePKqWXkSzv4zjevl131qnHpIPIhHk4y2KV4k0wpc-DQMoWJ2dLOt1eWDAmOzHMH0%26google_ula%3D2786954%26google_hm%3D%24TF_USER_ID_ENC%24
cache-control
no-cache, private
content-type
text/html
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame B38C
Redirect Chain
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENXYfXt9YiFZO-VXxt81lVY&google_cver=1&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C0...
  • https://c.eu1.dyntrk.com/adx/ga/us.php?dynk=ga2ex&google_gid=CAESENXYfXt9YiFZO-VXxt81lVY&google_cver=1&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C0...
  • https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C08HJo_RvWzxJuiEtLzg&google_hm=
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C08HJo_RvWzxJuiEtLzg&google_hm=
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 11 Feb 2022 19:34:32 GMT
server
nginx
access-control-allow-origin
*
transfer-encoding
chunked
access-control-allow-methods
POST, GET, OPTIONS
p3p
CP="NOI DEV OUR BUS UNI"
location
https://cm.g.doubleclick.net/pixel?google_nid=dynadmic&google_push=AYg5qPIC-uoPY82u-4B98xG38wfcat9NLNH7PL506Br-3RVP7JUO0pRo1ivFCeia2TYPtpGprp2u2jn6C08HJo_RvWzxJuiEtLzg&google_hm=
cache-control
no-cache
content-type
text/html; charset=UTF-8
access-control-allow-headers
Origin
keep-alive
timeout=10
pixel
cm.g.doubleclick.net/ Frame B38C
Redirect Chain
  • https://sync3.sniperlog.ru/?src=ggl_nga&google_gid=CAESEDWw_yeZ6pC_kpvEsF6JV4g&google_cver=1&google_push=AYg5qPJiCvO7wRqMV5Hz09cWhpClX90kKitFWU2EtGYW3CcEaKEgjqBtmqCifpnglIjtCRojOI8GK1ZyPJFJMncaTWi5...
  • https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJiCvO7wRqMV5Hz09cWhpClX90kKitFWU2EtGYW3CcEaKEgjqBtmqCifpnglIjtCRojOI8GK1ZyPJFJMncaTWi52wwOrKuc
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJiCvO7wRqMV5Hz09cWhpClX90kKitFWU2EtGYW3CcEaKEgjqBtmqCifpnglIjtCRojOI8GK1ZyPJFJMncaTWi52wwOrKuc
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 11 Feb 2022 19:34:32 GMT
Server
nginx
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Location
//cm.g.doubleclick.net/pixel?google_nid=adsniperru&google_push=AYg5qPJiCvO7wRqMV5Hz09cWhpClX90kKitFWU2EtGYW3CcEaKEgjqBtmqCifpnglIjtCRojOI8GK1ZyPJFJMncaTWi52wwOrKuc
Cache-Control
no-cache, must-revalidate, post-check=0, pre-check=0, no-cache=Set-Cookie, max-age=0, proxy-revalidate, s-maxage=0
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
pixel
cm.g.doubleclick.net/ Frame B38C
Redirect Chain
  • https://d5p.de17a.com/cookies/google?google_gid=CAESELcaxL1SQbWDxi_fsyh7MdY&google_cver=1&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_...
  • https://d5p.de17a.com/cookies/google;c?google_gid=CAESELcaxL1SQbWDxi_fsyh7MdY&google_cver=1&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7...
  • https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_NvToL
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_NvToL
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AYg5qPLvb2Udp62LWkRrDs1fty0PZacjK5dmGLWc2Xkzmga3wgtZw1SsAfQvxWXlsk7EoMXwLRxe3a406uJJrU_CuqaC7l_NvToL
content-length
0
p3p
CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV
pixel
cm.g.doubleclick.net/ Frame B38C
Redirect Chain
  • https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEOc6Vx59z6yYQ_TqKtJlu-g&google_cver=1&google_push=AYg5qPKJ3eCoMwn2oGs-6yKdpejG7103l4DG-LaiMsd7Z7phRrC-JiZqPrlK0Qm_R4GzB...
  • https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKJ3eCoMwn2oGs-6yKdpejG7103l4DG-LaiMsd7Z7phRrC-JiZqPrlK0Qm_R4GzBonzYH2GAkwuD6U0i6n03a-UVdVtDnYu&google_hm=QUVsRlFZLTVZelBZX0xpS0FZ...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKJ3eCoMwn2oGs-6yKdpejG7103l4DG-LaiMsd7Z7phRrC-JiZqPrlK0Qm_R4GzBonzYH2GAkwuD6U0i6n03a-UVdVtDnYu&google_hm=QUVsRlFZLTVZelBZX0xpS0FZNXZxd0E=
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPKJ3eCoMwn2oGs-6yKdpejG7103l4DG-LaiMsd7Z7phRrC-JiZqPrlK0Qm_R4GzBonzYH2GAkwuD6U0i6n03a-UVdVtDnYu&google_hm=QUVsRlFZLTVZelBZX0xpS0FZNXZxd0E=
Date
Fri, 11 Feb 2022 19:34:33 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
pixel
cm.g.doubleclick.net/ Frame B38C
Redirect Chain
  • https://google-sync.rutarget.ru/sync?google_gid=CAESEICMZ-Y8BX8uax1ocKyRvtM&google_cver=1&google_push=AYg5qPK4XrPojTu9jqdBBglIvF8m92VlyzztPmQdtZueJqz-uEDY_Lgl47e86JiaPQ3IjIgv2JlPTeo_Ml-WfqxA04i6TuF...
  • https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WTR1ZXZkU3N2UDBK&google_ula=2046794&google_push=AYg5qPK4XrPojTu9jqdBBglIvF8m92VlyzztPmQdtZueJqz-uEDY_Lgl47e86JiaPQ3IjIgv2JlPTeo_Ml...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WTR1ZXZkU3N2UDBK&google_ula=2046794&google_push=AYg5qPK4XrPojTu9jqdBBglIvF8m92VlyzztPmQdtZueJqz-uEDY_Lgl47e86JiaPQ3IjIgv2JlPTeo_Ml-WfqxA04i6TuFyDbK4
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=segmentoru&google_hm=WTR1ZXZkU3N2UDBK&google_ula=2046794&google_push=AYg5qPK4XrPojTu9jqdBBglIvF8m92VlyzztPmQdtZueJqz-uEDY_Lgl47e86JiaPQ3IjIgv2JlPTeo_Ml-WfqxA04i6TuFyDbK4
Date
Fri, 11 Feb 2022 19:34:33 GMT
Server
nginx
Connection
keep-alive
Content-Length
0
P3P
CP="This is not a P3P policy. Please visit http://rutarget.ru/p3p/ to get more information."
exptsync
ads.yieldmo.com/ Frame B38C
0
35 B
Image
General
Full URL
https://ads.yieldmo.com/exptsync?google_gid=CAESENmKYuMWk1Q8I3rgGmK0mHE&google_cver=1&google_push=AYg5qPI5549IPk-ppvCrZS4ubx2E9DUwxuiyZMj2ncP71XXlTyX9FIF5Y5GAsShXvdWTeSI7I4Kwpd7NaXiwap5gdU1o06v4hbij
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.212.203.142 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-212-203-142.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
attr
cm.g.doubleclick.net/pixel/ Frame B38C
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13KFbolp6sYAcpPrSAW_5Tru7aN-hP67IumdquORypnqHpR3Cj_ExxL91VgT93OS7iJbFoEi
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame 3135
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 10 Feb 2022 10:06:25 GMT
expires
Fri, 10 Feb 2023 10:06:25 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
120487
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
300x250.html
s0.2mdn.net/sadbundle/4539605209889898496/ Frame FA8F
45 KB
11 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a01a61ef739a2a7d2262de68d7430c81d6ac5a2984c8d743b3fe6396820610df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 24 Sep 2021 03:34:43 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame EF6A
0
61 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuzGr0gVqkMgRulRX_nnMhJCDnlnGjnoGqioPMWHaIOWBZEkaKJHFz5O1frKQRCjOg3KP2_WMiORErJYawrYML4C9oQgh66RelepWUr6Gsrjda55kQfJsp9JIIQYhnGEK84uaj_dwze_0UASPOUWY2upANZoymGLK3c8KM83k3kfyI54i1BabXX0GOF8Kd4XdEVkYLk6uy2wWNfWQ6Riu4lAWvBVOkcTRxMERt5XV686zYIDxjuAdm-SxC5TXWANsNQyVgwz5Hc35_T90S-shc5YPZZoMWk-VT87bcWYTLGeuCCbRJhSRQzOiVa-UvSy4fgD2vpEinvG3uUToVV4RkUi5_EiCOR9PRTBfEVBHWODV4_f7Wnas1tbsyHuCSZMD8zyva9R2kcciO4J6mX5XsTWlPd1axPG6_yO1FaJmxAlTVb5PU3MimpBn6khfMxg3C8ND1H5kSwS2VX-a9YP_nwIwwtgV59iPbbGFzE6eREtGjRL3gxOmmi3VAO4PGjeVYW3B5BcrnuJt_lUIUaNsUVwa8PricY00rNDUYgGnzwr0hJheGx61brBdnlNA_WMCqy1-GHrkNwc-wOen72DNJyi3oQlcWZchcBW4gvssiBvxMWGwu1680Vc9j-UuHOYITqPOklK5bWf_BX_4ApZDB7Y3DejsL7d8xkxhON06a9Vr3y5Lbii2tr8ekiYJiu8iQrk-l-1PrCzD5p-BTZCmKCBUxdLDD0Qaq-D7yFid8L2ruZq_ZcD3pi4kijIq_x31i7UFckd9RFX9zVYHowApqU9PT9Z2DXYawQYRu0r_zFU44VIq6CAcJRzdg31FubGzonm9KUmwevZnq6XWu7SDamnZA6XFcomcTKO5JOAsm5lhsnOSGinRFAPirqzYrU6qKpjxFO1nrcyk8uoy97B6H4W1ReiiBygmbra-7nK-a844Hu8DoKiT__oBJP6tqfIoSd4SnFmQp_Uz1bsjwgelsAonNm2uNPy1B9dcG21tIILreLZQD35AG-Ks7JpjBw6CYNEwlfVFijun4XkJxx-5hVORTEXO57b4LhyvRCpp_RyIkw9_Qw_aygFKjATntm1R0ZgZWgCZZ6pbrdTR3W47dQB6NQCyMMMR0qHDkdJlmbzD-vupvg2ooyrchJWeyf0o3pXhqeS444OEdeX079qCGIFjOa4emCXhPqX6ZdO0g9VC5xmEFsOCauHZd3gqi5ifIWCsZEJYE4yZgpf5GT&sai=AMfl-YQYbV6yHtTxrMtm_ucOUvJChGA98jVX9-DLEQKFoEjT-KohEe0O247I8Mn0oe1tmnII4uyRJEZIytUfAwNA8kNtcORFcc1dWURv1gfCxKhRIthFqNqc6CRJfGJ1IyFnXUZdty-g7XpNKhPHsO_ruSXvkwi48w&sig=Cg0ArKJSzP6QES_4isMWEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=188&cbvp=1&cstd=182&cisv=r20220209.88478&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Fri, 11 Feb 2022 19:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
728x090.html
s0.2mdn.net/sadbundle/6973237858530230272/ Frame 11D6
47 KB
11 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
74987e0ef6673e2d698cf0cd53f7c13ddf2480ce0859c50a84dc56f1a0fc2f06
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 24 Sep 2021 03:35:07 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 4B0A
0
61 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvgIWWORxnQZ4lriN9SbdjYoi4sq6nwYAh8-erLH5whHdCWt9pUxQZP6gKbhcOSYdqru9F-3seKrkSS25bz13_FWHv2kU-VO2X4VZljql91F_XdyfalHcaee5nVW8I7ndP0cwRtKt9fsA9xmIDmNmxxYHw1ujcve9waqjBgHXG2z2BdtwxlqijvKbAADDRlB2CeoGvBJ3zak4ogtScjRkXxBG9f8cngEquKXTpDNqwJUA_QneJXqGxmvaqUOJe5-cmyL6cSrlymVbOTlMh9UVQkdn3E-0g_e9UJFUeQzlrpwEJJkMpMjbl34xjy8rWKetr0h6wVkRn0ufNSJ5YtfekPawEQposAJ5aKwfHsc7-8RXYWEPpr3z3iKl48PVKLkAOCvJDPTBVMgx5j1bUaG5ru6CF-3MO7ysi-7Tt8Afn7YdC4O26TcuRKhE-qS1vBO_4VKHq0spx4cMil1buqp3IYHPMY17oC8pPplXs87VFUB-SS3ZesSxVz7U92HajyFwZ6jeGYTLvwF0sqw4Z_oqUMElejyA2AIqbV5hPShZjPb8CXWxshcpCCNA1pa8Kqy8cLgBJvtylRkaHLfXwWLQiDxhCjPX3Mc6fKhUbKXoeLcn4FKx2o3HhjlcpxeVCGWaH8KC_i3aqzZNwpEvBj8Z0pKbvpvmD3CCTbVxC8Ez4Bh68lpmJSGb7SvVODxsoy80tSbufWFZkmnWphpOu7FLo5iIHxTPJrj8WJeK5Kfpg5pLlpzmKMZ7ezg83JAwKbxWkvXNvgI-EwVm9SwCKFAGiXSCGD37c4wReL0MDIIHB4o5SXnDVf0XK3PjNKz9JyhTefGSJsMRQUIQm77ZVb3Uae35OTk7_duyO8pSIatTqW2L-pFWwXrdqtOGtiAimrweCPa6DOBnbpJPEUnsOIJ0kaOJNm5Bn5sbHhYMWiqHyBBGWQRhDLFLC19PqX5Aaw1w-X7GBdBSXAEptfWiTe9kW_vcmuhHv2_L4oeuRVwLy2nLYdUNbZjeh6BmrPrTMruhzbNXFPiA7BcEqtjNg3A4inra7LNYIOYY6LMT5F-TMC49wTfl6yZ9EJ7hu9hJbJKLEpdP6Soe8CvsCZ-3Z31zfpzhRxBjXmL3Pl31LJaQQSk-Ujor42nMdmd7Tz5FQ3tl6hOhkhPbI0b7kcW3fUEY26Pct4_92xmO0Yfjw8kC3onz-213Wnefp2Rxs0CA1phpac6Iw0CGbq0h4PqYQ&sai=AMfl-YS5QqXLgN6hDGSgg8c2mM00dl--0m4_5b8abI-Z85uRbIwt0QL1iAFtvs3nGHUowmugjvHjWEjevYFLkaBU_FdwJXh6vsOstTsxx0HdcEQ7L-ntBKEQ3HKB3KMzGpmZ6PIP3spS9ATaBbn3Svn_KGIVrLUZkg&sig=Cg0ArKJSzHLVc2QXL9eiEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=174&cbvp=1&cstd=171&cisv=r20220209.61708&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Fri, 11 Feb 2022 19:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
Enqz_20U.html
tpc.googlesyndication.com/sodar/ Frame A638
22 KB
8 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
timing-allow-origin
*
content-length
8395
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Thu, 10 Feb 2022 10:06:25 GMT
expires
Fri, 10 Feb 2023 10:06:25 GMT
cache-control
public, max-age=31536000
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/html
age
120487
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
300x250.html
s0.2mdn.net/sadbundle/4539605209889898496/ Frame 3164
45 KB
11 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a01a61ef739a2a7d2262de68d7430c81d6ac5a2984c8d743b3fe6396820610df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 24 Sep 2021 03:34:43 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame A957
0
61 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvw04nQdyP22eQmXMWZ7YbhInkmDQQP4mslBidjUpFUXrmyGQewWcq5s7hQ93yiK5ZqwPAarsryjay5y4wIrm75z_yfRzL8_AFm_7a9eYkxAi7hm9zht4eaieAUgvM8eMhzbklfP4bBUm9lomsPz5YkpoJpnCVz-gXGz-qYt1YOlhAw0WOrx3wpXWmr5IiztVGhvYNgiR8ghd8CTh9G7cL0mAIrfMU5PZdNhQCgzmiTcG7obJ12Oe40BCq7sUQwbgYqe9P2IgsYaZnOEgTOhi0cA0VWbzuQVzQz_mOooO4jrnReoXwBWta5Mkdwxx9tBzq83amqRBLUEWB9NJDldpYyiSQFFtZxO2RdzpbE2vtv4fc07oONM-pI96Qfmta0l8737KCuMVK7x5O2gP947YW0905tEBDtqt0n7CkBTj-r5Srl37cMJ_JC1uNtKphZ0Lksfw1Fgx3BK4Y08lRxYpk3TtQHOrvvCet30XuSAWWU_paga8RjA7hLgaQ_Psjgnaioo9JX8vtUCv_p7MPExskxjkBqGeRhaTJJH1zEFm2SRPtOWYBiIj5vnt782zKaJZju0VS3qXO_pmyPSJr0PL7awH4_DkIsZnVa1TKDcXWsCGtVPR4jwZWrO_AESUlCRN7ZvtydOW2x2roapnm4ArUEtWlZtKggDvaYyJI7JHELmcYXaEsASbhknNNl4u-ZnjIcDDTszcHignKUnjL0TcuMtFL2dFJNRtjGPgbGLdJYDKncPPqdfVMHmhY1NWi21Flyu0ag_bcwND2fzf1n4GjNRnUP7xodjXR3ZkLDGDVdXnBL1jvy1a9ewiJkXESq_VGFC0CfzXIYboYT1w4fZU2X9zOr_cViBrZ1Gg1F6-OTyFJTUnu_q6KUTzsS-RuSLmPf0MJKPm2iK8FrEKWRntVW8FvtnM0NK2qoCdWprqUyJjjhMG6xpApJnByJZ4rALKV56IcOgHcU4th_p2-iNsVNOdG6qY7-z0JFX9j3BGVNe14GDzNslovayEOZGtINWyxAeGGjAi35PxDC7OWALRzuCHCVbxEIXZ5ZNuYes1rx1FpQVD4BGIi1edTxlJvg0fHOPodYXsladAC2UbgeLBH0qdCQWDkwpeSdwALB5vw0cCEehc34FAhhqdq3t2Jbags4yuwotMVbmKSNMvSzNIvRp01UySDyIsz_C3AT_Z2NCurv5qTtwhCNhoFaocpM5XSNfDiw3WPK9Q&sai=AMfl-YTiXkYgR4rVr9PI8nHMwz4pzZFyKqAOZ8Cs2BCl2DZ46vpcRFWWtq_cZShGl2e8oGZjiCQaPuJjMp-LdczmZ_i9vi6fzIZqp0KXSyQ3xnUE9vPGLPE_WfCwHi9vK1oOWy6WTlsX8i3lZB6KEzQyHVIm0OqD3A&sig=Cg0ArKJSzJ9SPKqrNMg1EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=172&cbvp=1&cstd=168&cisv=r20220209.25353&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Fri, 11 Feb 2022 19:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
300x250.html
s0.2mdn.net/sadbundle/7880880706497282048/ Frame AA0C
41 KB
10 KB
Document
General
Full URL
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_275.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9a8c37b891d1d5e805442542f294b9b2ec1a231277a19d65edd8419eb7a60e9e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-type
text/html
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:32 GMT
expires
Sat, 11 Feb 2023 19:34:32 GMT
cache-control
public, max-age=31536000
last-modified
Fri, 11 Jun 2021 18:35:09 GMT
x-content-type-options
nosniff
x-dns-prefetch-control
off
content-encoding
gzip
server
sffe
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
view
googleads4.g.doubleclick.net/pcs/ Frame 8AF5
0
571 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJyAe7Q36WoiLYkbHQZvHWBxLGktcsgZpTzS2hIq-oLgToCpKLwXozKxr_Y05xKbaJtIjiM4H7dGAQDc8QguY8EQTShKiYKPXUDkfKjCWeT866KRHlPVDtz4YFwR-sCCwDYuISJo565G8sA_8DdNR-1NdoW7Hx0UXv46cGsdYHyciTiMaVks_1p9iB4rsmzzsZh03u9wvqbSURliRDYSIGDq_YHk7eEIwLhkYugV47XIymhnJfL4qV1-hiM4U0RnBDcik-ry9-Fsveto6-mSzeLS51wIAJIP19LZQDEX8f3UUMTKAPayBwagQrlu5NQbCQ3wf3-IQP9fi51eCM46XgFL1pbyadPOybaDnmiN2b9t3DEkr4AU1tg9UHmps7E6z3R3Scif0hWASFrUspUpPO98TK6Q_-SryjQt6zFKuD0c9bktusRo8bTaF0_Q1r5HTlW20mV2cC0KYjHPPFZRUg8WncK5Yt2Mn51_sGSBUh5Lo53OjMJ42_Ov4TKsRAc1JJFDW6liwzeRFImmLmPRD_UQLjj0_inWBpSVTy2d557JlREw-6PdxILcpTwQVOrPxQK7EgiU1HGvabAZBg74W0jY3zeFuzNos0mIzsrvKwc53f2rNJbvdNFIWhVQJt-FVC0pTKbGLjX45ciDzm4Tnm9JUJuN6NOddK5xeYwgTbo9BtpgpRz9NoYb4YGZS86SN4xk7THaMUR125wIuMOq6jqBSe4tEbKZDMC_qJfS711czUIqV7ptL34GVgplx9serut2JZJEpBRXYfL3kuXCxEXgjXgllU9y9NVU1QOid3ytICQHsXe7UWZbBHx8R88d_c4hawGNVWMocYzdU_RodMJek2K9vbOZ5O2HZg1-Z-EUVzj9WlG0b-kslrVJsGMDK5MGVnpItc4L7_nigEW6V-QHx6057pox2LM54DTghVgTRy1SziaHpwGJ2pscy9Gl7WSN1uPefOLVhcudw58HzJyjfekO3tnIb-vdeDPWjYBi78XAxpxS6DwBrgVuT17YloA9Rox9e71pDGK49ETykZdTubT3cSFpaE9sdtcZn2eJaBBy0sgp0s9N2DybaEBI6i7ygygPEHZGxzZUvOBt8346PljHHgJtiJFi9Koelj50G3LYNKTI2iH5JQOvMEJOHsT_0FfPAFV9gYorDB9t3TMm69DqKHzVDcmXG4tHM1JU58ZXIwKB3RoEEwtmh643RbGd0PbO90hMHIEICp&sai=AMfl-YQ7CrnrXZ8ItHZABXUCbOAwMuUAEq1fcOMA6HlPKbJgL1cTh93KRy_2R2Tn-WnuF7BtcgzcOFVZM8OFU9d2xMO5_Vj4MWCgkYPAqms1n5IFIiR37G9aFvNe9MTf82Na8vzoeK4L_5Edgxs_G8CcAHiFecQGcQ&sig=Cg0ArKJSzLPGJ1v2sFbJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=165&cbvp=1&cstd=161&cisv=r20220209.32644&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
date
Fri, 11 Feb 2022 19:34:32 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
dpixel
cms.quantserve.com/ Frame E252
35 B
463 B
Image
General
Full URL
https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEBc9jNT-fXiKWcgSGFo3Kjw&google_cver=1&google_push=AYg5qPKkAvEOH_zyP028EgksaxuSfYD0sI2XHfJo2j3yeTSN_KLJIZK0B4J6_6mpqZpeDNOlOsgedGZXEschH-jQ5xIfY2UApf3t
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800d:21:36a9:ecb:e518:b308 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
strict-transport-security
max-age=86400
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
cache-control
private, no-cache, no-store, proxy-revalidate
content-type
image/gif
content-length
35
expires
Fri, 04 Aug 1978 12:00:00 GMT
current
dclk-match.dotomi.com/match/bounce/ Frame E252
0
104 B
Image
General
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBzlPRNC22hL6zsUv3BZaTs&google_cver=1&google_push=AYg5qPKlFCwiWWg9D32ENVZKBYIZJ5cosdhtHa9EX41ogyzQFufdf9zMpNWvhQOMZWnfMNeqCgpi5Z1U-aCFPqEyMuyQ-41zJhUE
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixelSync
pixel-sync.sitescout.com/dmp/ Frame E252
0
191 B
Image
General
Full URL
https://pixel-sync.sitescout.com/dmp/pixelSync?nid=8&google_gid=CAESEEy5ppzvf4HcmtqLsrWYJqg&google_cver=1&google_push=AYg5qPLR6DxjfU3v0k8duTbrL48fSb9_K5g90YMD_WWKkfM4CTHYGHccvgzH0CiWyanXkdoawMMGpXJxJqFPxtoCPd7h7VvFoXE
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
66.155.71.149 Portsmouth, United Kingdom, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
AC1.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:32 GMT
cache-control
max-age=0,no-cache,no-store
server
AC1.1
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
expires
Tue, 11 Oct 1977 12:34:56 GMT
pixel
cm.g.doubleclick.net/ Frame E252
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLBBv...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKv...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjE3NjI3MDU1MzA3MTg2NzMyMg&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLB...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjE3NjI3MDU1MzA3MTg2NzMyMg&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLBBvUJUY4Emp_FLMqvzS-G_M
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MjE3NjI3MDU1MzA3MTg2NzMyMg&google_push=AYg5qPLyuttQ5TRkpm2Unlb2Pu1fXU5RwPQxAQAJ8abhZyEPsRL7v2b5NXt8_b9uXdP7A7PUVKvSLBBvUJUY4Emp_FLMqvzS-G_M
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pub
cs.chocolateplatform.com/ Frame E252
0
122 B
Image
General
Full URL
https://cs.chocolateplatform.com/pub?pid=ebda&google_gid=CAESEBdTfVm9F3zVgcapPttF2-4&google_cver=1&google_push=AYg5qPIkpIuKWFA_n9Gh5lfszJgv-Uw5VjQhUwQM5V__qDDfhU8jm_lJlHYhZCZgzyldfGAK0ipR3oExahzpMOrw6OyKrum9F8DK
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.212.101.174 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
174.101.212.35.bc.googleusercontent.com
Software
Chocolate Cookie Sync Powered by Vdopia /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
via
1.1 google
server
Chocolate Cookie Sync Powered by Vdopia
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
sync
ssbsync.smartadserver.com/api/ Frame E252
0
75 B
Image
General
Full URL
https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESECRfoM0qJmNA4oI2ydIwLqA&google_cver=1&google_push=AYg5qPLrZZCduyb6oliy-d8cMMRaru672k9EhcxuuMKjHwEIRHPwnvI1PE0tlxO3ZvQdewqc7aJe2kC5dWTK5kYDUIcIRoiwfTru
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.138.131 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-length
0
um
cs.emxdgt.com/ Frame E252
0
59 B
Image
General
Full URL
https://cs.emxdgt.com/um?ssp=google_ob&google_gid=CAESEOiMwdiLZSAtf7dTlggGXzs&google_cver=1&google_push=AYg5qPI3ca4aF8AN7ZJ4hV0dUQGYp2eh8r8vUle1xh7vyQtMw9sgswgx7x1A_6Wp8y4aMBIyRZpgIX7I-JF7pPxidUR_0YEqoKs1iQ
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.195.155.181 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-195-155-181.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
content-length
0
content-type
text/html
attr
cm.g.doubleclick.net/pixel/ Frame E252
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IOXR3K-_nZyLT0EGR2oVE98J-00DSVYI3D-wTjGGmHlbbG844DSirrcp9jbo_RyZcsggkzNQ
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
google
match.adsrvr.org/track/cmf/ Frame C261
70 B
265 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/google?google_gid=CAESEKI8nvQ-85Ja_vn4cmImv1k&google_cver=1&google_push=AYg5qPL6afNQU5a33X5_sPQxjitoToHuS2GSpynv8Ol7bwYWvEObPgZYmUbSNikEALD7yx02YSDQKAD586JMm0INU8z1BDCSO5J5
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
AdxPixel
tr.blismedia.com/v1/api/sync/ Frame C261
0
173 B
Image
General
Full URL
https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEMFptpbTQf2kB3ZOfG7Iq1M&google_cver=1&google_push=AYg5qPKZic5xoT93Z2sBr7B25-2vQw2DfbPp_3BG-Bypj7ju8fnwhqV4Qw0EKFGcYePD7rNGzoxo3CB_TYGk4kyQLjOnBgBzEqM
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.96.105.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.105.96.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pixel
cm.g.doubleclick.net/ Frame C261
Redirect Chain
  • https://ssp.adriver.ru/cgi-bin/sync.cgi?ssp_id=10&external_id=&google_gid=CAESEOc6Vx59z6yYQ_TqKtJlu-g&google_cver=1&google_push=AYg5qPIZnOk2QJZv2nV0Ev0-P9aWgHcon0gJv5j2K93ns2QsitZChbFniTGCnQXSO8PWY...
  • https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPIZnOk2QJZv2nV0Ev0-P9aWgHcon0gJv5j2K93ns2QsitZChbFniTGCnQXSO8PWYJDYirykA2wwUf2M6XBIcl-5Cz-R96Su&google_hm=QUFvU0VTUUtCZ3JsMHNjcnRs...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPIZnOk2QJZv2nV0Ev0-P9aWgHcon0gJv5j2K93ns2QsitZChbFniTGCnQXSO8PWYJDYirykA2wwUf2M6XBIcl-5Cz-R96Su&google_hm=QUFvU0VTUUtCZ3JsMHNjcnRsLXZqbFE=
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
//cm.g.doubleclick.net/pixel?google_nid=ADR&google_push=AYg5qPIZnOk2QJZv2nV0Ev0-P9aWgHcon0gJv5j2K93ns2QsitZChbFniTGCnQXSO8PWYJDYirykA2wwUf2M6XBIcl-5Cz-R96Su&google_hm=QUFvU0VTUUtCZ3JsMHNjcnRsLXZqbFE=
Date
Fri, 11 Feb 2022 19:34:33 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
pixel
cm.g.doubleclick.net/ Frame C261
Redirect Chain
  • https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXliA...
  • https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEN41_fq4wJeDrx_QbrQnOJo&google_cver=1&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYy...
  • https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQ5MjEyNjA0MDU5NTMwMjM3MQ&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXl...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQ5MjEyNjA0MDU5NTMwMjM3MQ&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXliAZ0xUFsF-4_J7Dg17eDrp
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=NTQ5MjEyNjA0MDU5NTMwMjM3MQ&google_push=AYg5qPKQRC7oihdVHBbRoNDImkRSk88Azo37geX_4z4gUF0nYRh3LGRYIMLszd5sg8kAMb-pTYywXliAZ0xUFsF-4_J7Dg17eDrp
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
pixel
cm.g.doubleclick.net/ Frame C261
Redirect Chain
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://image6.pubmatic.com/AdServer/UCookieSetPug?oid=1&rd=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dpmeb%26google_sc%3D1%26google_hm%3D%23%23B64_16B_PM_UID%26google_redir%3Dhttps%...
  • https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IcUY1ffvQiKMORRz9B4nxg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mp...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IcUY1ffvQiKMORRz9B4nxg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLYbpIzCKi-BrTMTOVDc18ltRL3qd9LA6KoN26Es7J7gX2023scuwcKE9jNAwqlNEhEPsexypBTM5bG8JQnN91H1Bhk5Co
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=pmeb&google_sc=1&google_hm=IcUY1ffvQiKMORRz9B4nxg%3D%3D&google_redir=https%3A%2F%2Fimage8.pubmatic.com%2FAdServer%2FImgSync%3Fsec%3D1%26p%3D156578%26mpc%3D4%26fp%3D1%26pu%3Dhttps%253A%252F%252Fimage4.pubmatic.com%252FAdServer%252FSPug%253Fp%253D156578%2526sc%253D1&google_push=AYg5qPLYbpIzCKi-BrTMTOVDc18ltRL3qd9LA6KoN26Es7J7gX2023scuwcKE9jNAwqlNEhEPsexypBTM5bG8JQnN91H1Bhk5Co
date
Fri, 11 Feb 2022 19:34:33 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
pixel
cm.g.doubleclick.net/ Frame C261
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&googl...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
  • https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnX...
0
0

pixel
cm.g.doubleclick.net/ Frame C261
Redirect Chain
  • https://sm.rtb.mts.ru/p?ssp=googleban&pm=1&google_gid=CAESEKHH0D-KGZAlZvzSpH24Y4I&google_cver=1&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUi...
  • https://sm.rtb.mts.ru/match/second?ssp=12&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n&exu=CAESEKHH0D-KGZAlZvzSpH24Y4I
  • https://tech.rtb.mts.ru/?dsp_uid=ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388&return_url=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dstream_llc%26id%3Dff8e9c4f-fad1-4315-bd4a-72ebe9c8f388%26g...
  • https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SU...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Date
Fri, 11 Feb 2022 19:34:33 GMT
Server
nginx/1.13.12
Transfer-Encoding
chunked
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Content-Type
text/html; charset=utf-8
Location
https://cm.g.doubleclick.net/pixel?google_nid=stream_llc&id=ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388&google_push=AYg5qPJK-fTSrRRcJGoEPLWKFQQHVN4ZfhWnQJa2wyAJYWhGAMhGmXQYqqBovZtNTiXZ28nNZzmK-Sa33eWN64SUiptl5pYfJp7n
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
attr
cm.g.doubleclick.net/pixel/ Frame C261
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13I2DoHdjOJZzybrKJ4CLHdxwPG1ZXAXTS82n6RxU8DdKdTJ93W4l0v4ZPuXMF8sWAXuDZhsCA
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
current
dclk-match.dotomi.com/match/bounce/ Frame 2F96
0
103 B
Image
General
Full URL
https://dclk-match.dotomi.com/match/bounce/current?networkId=14000&version=1&google_gid=CAESEBzlPRNC22hL6zsUv3BZaTs&google_cver=1&google_push=AYg5qPLJVhfyqRBwLDaa8laaphQg-Ucts0ny2Crl1scOgmRcGV4acrExR-aV9ZNISGy7YssPI9ewDMbb8i2Mrk7ZG677lHAINMI
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:fa8:8806:20::2040 , Singapore, ASN41041 (VCLK-EU-SE, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
cache-control
no-cache, private, max-age=0, no-store
server
nginx
expires
0
pixel
cm.g.doubleclick.net/ Frame 2F96
Redirect Chain
  • https://um.simpli.fi/gp_match?google_gid=CAESEEH6pbfdIKWK_q9Js7lNvl8&google_cver=1&google_push=AYg5qPLoZLao2o8jUZjfcdGsauL61Qf_eMWIWgdJLeaOEPhrwYHZ5rKUlgvbRxXar0ZpLZdTfbhOGqtnoZrYvyEw_8soVmrWFnY
  • https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C955EEB5C11D4A9BB0DE9873DA9CB125&google_push=AYg5qPLoZLao2o8jUZjfcdGsauL61Qf_eMWIWgdJLeaOEPhrwYHZ5rKUlgvbRxXar0ZpLZdTfbhOGqtnoZrYvyE...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C955EEB5C11D4A9BB0DE9873DA9CB125&google_push=AYg5qPLoZLao2o8jUZjfcdGsauL61Qf_eMWIWgdJLeaOEPhrwYHZ5rKUlgvbRxXar0ZpLZdTfbhOGqtnoZrYvyEw_8soVmrWFnY
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
server
nginx
location
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=C955EEB5C11D4A9BB0DE9873DA9CB125&google_push=AYg5qPLoZLao2o8jUZjfcdGsauL61Qf_eMWIWgdJLeaOEPhrwYHZ5rKUlgvbRxXar0ZpLZdTfbhOGqtnoZrYvyEw_8soVmrWFnY
strict-transport-security
max-age=63072000; includeSubdomains; preload
access-control-allow-methods
GET, POST, OPTIONS
content-type
text/html
access-control-allow-origin
*
cache-control
no-cache
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length
138
expires
Thu, 10 Feb 2022 19:34:32 GMT
pixel
cm.g.doubleclick.net/ Frame 2F96
Redirect Chain
  • https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEGe9vRJFM1YPnrZc8rcz3uk&google_cver=1&google_push=AYg5qPKFkUY5Hn4M4LXn5Xv3n4hif0HxRdn-MBsIdRnPcY-PXutONQCeIcfwvj5xbRywNpUN8qC4lX9jynOIZQ8gULWcdH3GAA
  • https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKFkUY5Hn4M4LXn5Xv3n4hif0HxRdn-MBsIdRnPcY-PXutONQCeIcfwvj5xbRywNpUN8qC4lX9jynOIZQ8gULWcdH3GAA&google_hm=NTIzMzY0OTg5MTI4MjA3MjY3...
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKFkUY5Hn4M4LXn5Xv3n4hif0HxRdn-MBsIdRnPcY-PXutONQCeIcfwvj5xbRywNpUN8qC4lX9jynOIZQ8gULWcdH3GAA&google_hm=NTIzMzY0OTg5MTI4MjA3MjY3NQ%3D%3D
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date
Fri, 11 Feb 2022 19:34:33 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AYg5qPKFkUY5Hn4M4LXn5Xv3n4hif0HxRdn-MBsIdRnPcY-PXutONQCeIcfwvj5xbRywNpUN8qC4lX9jynOIZQ8gULWcdH3GAA&google_hm=NTIzMzY0OTg5MTI4MjA3MjY3NQ%3D%3D
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
dot.gif
s0.2mdn.net/ Frame 2F96
43 B
65 B
Image
General
Full URL
https://s0.2mdn.net/dot.gif?google_gid=CAESEJKahsic6LphcT3BtIGZaGI&google_cver=1&google_push=AYg5qPIBP04ZzbuqdWgW7cHZ8gK0J7K-4SGXKCBzpvj9OKoAwld5oQOfXaJ5Z0gH6D5qdO42dspmXm4ixOSE0P2KWb3Dsm1m-A
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
x-content-type-options
nosniff
last-modified
Sun, 01 Feb 2009 08:00:00 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/gif
access-control-allow-origin
*
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
43
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 19:34:32 GMT
pixel
cm.g.doubleclick.net/ Frame 2F96
Redirect Chain
  • https://s.uuidksinc.net/match/47/?remote_uid=CAESEDEYhPJ_sovXTI3n6CQOxiQ&c_param1=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA&google_cver=1
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
  • https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
0
0

us
sync.go.sonobi.com/ Frame 2F96
0
0

/
cc.adingo.jp/adx/push/ Frame 2F96
0
44 B
Image
General
Full URL
https://cc.adingo.jp/adx/push/?google_gid=CAESEJrZau_rC3pVlAO6ArcUliU&google_cver=1&google_push=AYg5qPLFX4DkQb76EsM38-TMuQH8kKvWbTRQvpG6y0HeFb3dKYOOe8hWS5MG64d_whh4AcVMRnye5wEvKB-dXoLPHkf3qkfVBw
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.199.32.167 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-199-32-167.ap-northeast-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
server
awselb/2.0
attr
cm.g.doubleclick.net/pixel/ Frame 2F96
0
12 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel/attr?d=AHNF13JrGXbwm5ofllhA2r4QUdSr0ABYsljRPKa52JGhHk2RGpC4KUUhjEVayPhIXJJZR0U7iCKH
Requested by
Host: c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
URL: https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://pagead2.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
server
HTTP server (unknown)
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
content-type
text/html
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 6948
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169457
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
Enabler_01_245.js
s0.2mdn.net/879366/ Frame AA0C
110 KB
38 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_245.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 18:18:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4550
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38568
x-xss-protection
0
last-modified
Wed, 14 Oct 2020 19:32:54 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 18:18:42 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame AA0C
60 KB
24 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:34:32 GMT
Enabler_01_246.js
s0.2mdn.net/879366/ Frame FA8F
116 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_246.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 11:11:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30186
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40237
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 20:54:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 11:11:26 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame FA8F
60 KB
24 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:34:32 GMT
Enabler_01_246.js
s0.2mdn.net/879366/ Frame 11D6
116 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_246.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 11:11:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30186
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40237
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 20:54:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 11:11:26 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 11D6
60 KB
24 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:34:32 GMT
Enabler_01_246.js
s0.2mdn.net/879366/ Frame 3164
116 KB
39 KB
Script
General
Full URL
https://s0.2mdn.net/879366/Enabler_01_246.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 11:11:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
30186
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40237
x-xss-protection
0
last-modified
Wed, 30 Jun 2021 20:54:51 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 11:11:26 GMT
gsap_3.5.1_min.js
s0.2mdn.net/ads/studio/cached_libs/ Frame 3164
60 KB
24 KB
Script
General
Full URL
https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.5.1_min.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24155
x-xss-protection
0
last-modified
Mon, 31 Aug 2020 21:23:17 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:34:32 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame F53A
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169457
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 3135
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169457
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame A638
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169457
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
view
googleads4.g.doubleclick.net/pcs/ Frame 8AF5
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssJyAe7Q36WoiLYkbHQZvHWBxLGktcsgZpTzS2hIq-oLgToCpKLwXozKxr_Y05xKbaJtIjiM4H7dGAQDc8QguY8EQTShKiYKPXUDkfKjCWeT866KRHlPVDtz4YFwR-sCCwDYuISJo565G8sA_8DdNR-1NdoW7Hx0UXv46cGsdYHyciTiMaVks_1p9iB4rsmzzsZh03u9wvqbSURliRDYSIGDq_YHk7eEIwLhkYugV47XIymhnJfL4qV1-hiM4U0RnBDcik-ry9-Fsveto6-mSzeLS51wIAJIP19LZQDEX8f3UUMTKAPayBwagQrlu5NQbCQ3wf3-IQP9fi51eCM46XgFL1pbyadPOybaDnmiN2b9t3DEkr4AU1tg9UHmps7E6z3R3Scif0hWASFrUspUpPO98TK6Q_-SryjQt6zFKuD0c9bktusRo8bTaF0_Q1r5HTlW20mV2cC0KYjHPPFZRUg8WncK5Yt2Mn51_sGSBUh5Lo53OjMJ42_Ov4TKsRAc1JJFDW6liwzeRFImmLmPRD_UQLjj0_inWBpSVTy2d557JlREw-6PdxILcpTwQVOrPxQK7EgiU1HGvabAZBg74W0jY3zeFuzNos0mIzsrvKwc53f2rNJbvdNFIWhVQJt-FVC0pTKbGLjX45ciDzm4Tnm9JUJuN6NOddK5xeYwgTbo9BtpgpRz9NoYb4YGZS86SN4xk7THaMUR125wIuMOq6jqBSe4tEbKZDMC_qJfS711czUIqV7ptL34GVgplx9serut2JZJEpBRXYfL3kuXCxEXgjXgllU9y9NVU1QOid3ytICQHsXe7UWZbBHx8R88d_c4hawGNVWMocYzdU_RodMJek2K9vbOZ5O2HZg1-Z-EUVzj9WlG0b-kslrVJsGMDK5MGVnpItc4L7_nigEW6V-QHx6057pox2LM54DTghVgTRy1SziaHpwGJ2pscy9Gl7WSN1uPefOLVhcudw58HzJyjfekO3tnIb-vdeDPWjYBi78XAxpxS6DwBrgVuT17YloA9Rox9e71pDGK49ETykZdTubT3cSFpaE9sdtcZn2eJaBBy0sgp0s9N2DybaEBI6i7ygygPEHZGxzZUvOBt8346PljHHgJtiJFi9Koelj50G3LYNKTI2iH5JQOvMEJOHsT_0FfPAFV9gYorDB9t3TMm69DqKHzVDcmXG4tHM1JU58ZXIwKB3RoEEwtmh643RbGd0PbO90hMHIEICp&sai=AMfl-YQ7CrnrXZ8ItHZABXUCbOAwMuUAEq1fcOMA6HlPKbJgL1cTh93KRy_2R2Tn-WnuF7BtcgzcOFVZM8OFU9d2xMO5_Vj4MWCgkYPAqms1n5IFIiR37G9aFvNe9MTf82Na8vzoeK4L_5Edgxs_G8CcAHiFecQGcQ&sig=Cg0ArKJSzLPGJ1v2sFbJEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=358&vt=11&dtpt=193&dett=3&cstd=161&cisv=r20220209.32644&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
googleads4.g.doubleclick.net/pcs/ Frame EF6A
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsuzGr0gVqkMgRulRX_nnMhJCDnlnGjnoGqioPMWHaIOWBZEkaKJHFz5O1frKQRCjOg3KP2_WMiORErJYawrYML4C9oQgh66RelepWUr6Gsrjda55kQfJsp9JIIQYhnGEK84uaj_dwze_0UASPOUWY2upANZoymGLK3c8KM83k3kfyI54i1BabXX0GOF8Kd4XdEVkYLk6uy2wWNfWQ6Riu4lAWvBVOkcTRxMERt5XV686zYIDxjuAdm-SxC5TXWANsNQyVgwz5Hc35_T90S-shc5YPZZoMWk-VT87bcWYTLGeuCCbRJhSRQzOiVa-UvSy4fgD2vpEinvG3uUToVV4RkUi5_EiCOR9PRTBfEVBHWODV4_f7Wnas1tbsyHuCSZMD8zyva9R2kcciO4J6mX5XsTWlPd1axPG6_yO1FaJmxAlTVb5PU3MimpBn6khfMxg3C8ND1H5kSwS2VX-a9YP_nwIwwtgV59iPbbGFzE6eREtGjRL3gxOmmi3VAO4PGjeVYW3B5BcrnuJt_lUIUaNsUVwa8PricY00rNDUYgGnzwr0hJheGx61brBdnlNA_WMCqy1-GHrkNwc-wOen72DNJyi3oQlcWZchcBW4gvssiBvxMWGwu1680Vc9j-UuHOYITqPOklK5bWf_BX_4ApZDB7Y3DejsL7d8xkxhON06a9Vr3y5Lbii2tr8ekiYJiu8iQrk-l-1PrCzD5p-BTZCmKCBUxdLDD0Qaq-D7yFid8L2ruZq_ZcD3pi4kijIq_x31i7UFckd9RFX9zVYHowApqU9PT9Z2DXYawQYRu0r_zFU44VIq6CAcJRzdg31FubGzonm9KUmwevZnq6XWu7SDamnZA6XFcomcTKO5JOAsm5lhsnOSGinRFAPirqzYrU6qKpjxFO1nrcyk8uoy97B6H4W1ReiiBygmbra-7nK-a844Hu8DoKiT__oBJP6tqfIoSd4SnFmQp_Uz1bsjwgelsAonNm2uNPy1B9dcG21tIILreLZQD35AG-Ks7JpjBw6CYNEwlfVFijun4XkJxx-5hVORTEXO57b4LhyvRCpp_RyIkw9_Qw_aygFKjATntm1R0ZgZWgCZZ6pbrdTR3W47dQB6NQCyMMMR0qHDkdJlmbzD-vupvg2ooyrchJWeyf0o3pXhqeS444OEdeX079qCGIFjOa4emCXhPqX6ZdO0g9VC5xmEFsOCauHZd3gqi5ifIWCsZEJYE4yZgpf5GT&sai=AMfl-YQYbV6yHtTxrMtm_ucOUvJChGA98jVX9-DLEQKFoEjT-KohEe0O247I8Mn0oe1tmnII4uyRJEZIytUfAwNA8kNtcORFcc1dWURv1gfCxKhRIthFqNqc6CRJfGJ1IyFnXUZdty-g7XpNKhPHsO_ruSXvkwi48w&sig=Cg0ArKJSzP6QES_4isMWEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=466&vt=11&dtpt=278&dett=3&cstd=182&cisv=r20220209.88478&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
googleads4.g.doubleclick.net/pcs/ Frame A957
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjssvw04nQdyP22eQmXMWZ7YbhInkmDQQP4mslBidjUpFUXrmyGQewWcq5s7hQ93yiK5ZqwPAarsryjay5y4wIrm75z_yfRzL8_AFm_7a9eYkxAi7hm9zht4eaieAUgvM8eMhzbklfP4bBUm9lomsPz5YkpoJpnCVz-gXGz-qYt1YOlhAw0WOrx3wpXWmr5IiztVGhvYNgiR8ghd8CTh9G7cL0mAIrfMU5PZdNhQCgzmiTcG7obJ12Oe40BCq7sUQwbgYqe9P2IgsYaZnOEgTOhi0cA0VWbzuQVzQz_mOooO4jrnReoXwBWta5Mkdwxx9tBzq83amqRBLUEWB9NJDldpYyiSQFFtZxO2RdzpbE2vtv4fc07oONM-pI96Qfmta0l8737KCuMVK7x5O2gP947YW0905tEBDtqt0n7CkBTj-r5Srl37cMJ_JC1uNtKphZ0Lksfw1Fgx3BK4Y08lRxYpk3TtQHOrvvCet30XuSAWWU_paga8RjA7hLgaQ_Psjgnaioo9JX8vtUCv_p7MPExskxjkBqGeRhaTJJH1zEFm2SRPtOWYBiIj5vnt782zKaJZju0VS3qXO_pmyPSJr0PL7awH4_DkIsZnVa1TKDcXWsCGtVPR4jwZWrO_AESUlCRN7ZvtydOW2x2roapnm4ArUEtWlZtKggDvaYyJI7JHELmcYXaEsASbhknNNl4u-ZnjIcDDTszcHignKUnjL0TcuMtFL2dFJNRtjGPgbGLdJYDKncPPqdfVMHmhY1NWi21Flyu0ag_bcwND2fzf1n4GjNRnUP7xodjXR3ZkLDGDVdXnBL1jvy1a9ewiJkXESq_VGFC0CfzXIYboYT1w4fZU2X9zOr_cViBrZ1Gg1F6-OTyFJTUnu_q6KUTzsS-RuSLmPf0MJKPm2iK8FrEKWRntVW8FvtnM0NK2qoCdWprqUyJjjhMG6xpApJnByJZ4rALKV56IcOgHcU4th_p2-iNsVNOdG6qY7-z0JFX9j3BGVNe14GDzNslovayEOZGtINWyxAeGGjAi35PxDC7OWALRzuCHCVbxEIXZ5ZNuYes1rx1FpQVD4BGIi1edTxlJvg0fHOPodYXsladAC2UbgeLBH0qdCQWDkwpeSdwALB5vw0cCEehc34FAhhqdq3t2Jbags4yuwotMVbmKSNMvSzNIvRp01UySDyIsz_C3AT_Z2NCurv5qTtwhCNhoFaocpM5XSNfDiw3WPK9Q&sai=AMfl-YTiXkYgR4rVr9PI8nHMwz4pzZFyKqAOZ8Cs2BCl2DZ46vpcRFWWtq_cZShGl2e8oGZjiCQaPuJjMp-LdczmZ_i9vi6fzIZqp0KXSyQ3xnUE9vPGLPE_WfCwHi9vK1oOWy6WTlsX8i3lZB6KEzQyHVIm0OqD3A&sig=Cg0ArKJSzJ9SPKqrNMg1EAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=439&vt=11&dtpt=267&dett=3&cstd=168&cisv=r20220209.25353&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
view
googleads4.g.doubleclick.net/pcs/ Frame 4B0A
0
23 B
Ping
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvgIWWORxnQZ4lriN9SbdjYoi4sq6nwYAh8-erLH5whHdCWt9pUxQZP6gKbhcOSYdqru9F-3seKrkSS25bz13_FWHv2kU-VO2X4VZljql91F_XdyfalHcaee5nVW8I7ndP0cwRtKt9fsA9xmIDmNmxxYHw1ujcve9waqjBgHXG2z2BdtwxlqijvKbAADDRlB2CeoGvBJ3zak4ogtScjRkXxBG9f8cngEquKXTpDNqwJUA_QneJXqGxmvaqUOJe5-cmyL6cSrlymVbOTlMh9UVQkdn3E-0g_e9UJFUeQzlrpwEJJkMpMjbl34xjy8rWKetr0h6wVkRn0ufNSJ5YtfekPawEQposAJ5aKwfHsc7-8RXYWEPpr3z3iKl48PVKLkAOCvJDPTBVMgx5j1bUaG5ru6CF-3MO7ysi-7Tt8Afn7YdC4O26TcuRKhE-qS1vBO_4VKHq0spx4cMil1buqp3IYHPMY17oC8pPplXs87VFUB-SS3ZesSxVz7U92HajyFwZ6jeGYTLvwF0sqw4Z_oqUMElejyA2AIqbV5hPShZjPb8CXWxshcpCCNA1pa8Kqy8cLgBJvtylRkaHLfXwWLQiDxhCjPX3Mc6fKhUbKXoeLcn4FKx2o3HhjlcpxeVCGWaH8KC_i3aqzZNwpEvBj8Z0pKbvpvmD3CCTbVxC8Ez4Bh68lpmJSGb7SvVODxsoy80tSbufWFZkmnWphpOu7FLo5iIHxTPJrj8WJeK5Kfpg5pLlpzmKMZ7ezg83JAwKbxWkvXNvgI-EwVm9SwCKFAGiXSCGD37c4wReL0MDIIHB4o5SXnDVf0XK3PjNKz9JyhTefGSJsMRQUIQm77ZVb3Uae35OTk7_duyO8pSIatTqW2L-pFWwXrdqtOGtiAimrweCPa6DOBnbpJPEUnsOIJ0kaOJNm5Bn5sbHhYMWiqHyBBGWQRhDLFLC19PqX5Aaw1w-X7GBdBSXAEptfWiTe9kW_vcmuhHv2_L4oeuRVwLy2nLYdUNbZjeh6BmrPrTMruhzbNXFPiA7BcEqtjNg3A4inra7LNYIOYY6LMT5F-TMC49wTfl6yZ9EJ7hu9hJbJKLEpdP6Soe8CvsCZ-3Z31zfpzhRxBjXmL3Pl31LJaQQSk-Ujor42nMdmd7Tz5FQ3tl6hOhkhPbI0b7kcW3fUEY26Pct4_92xmO0Yfjw8kC3onz-213Wnefp2Rxs0CA1phpac6Iw0CGbq0h4PqYQ&sai=AMfl-YS5QqXLgN6hDGSgg8c2mM00dl--0m4_5b8abI-Z85uRbIwt0QL1iAFtvs3nGHUowmugjvHjWEjevYFLkaBU_FdwJXh6vsOstTsxx0HdcEQ7L-ntBKEQ3HKB3KMzGpmZ6PIP3spS9ATaBbn3Svn_KGIVrLUZkg&sig=Cg0ArKJSzHLVc2QXL9eiEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=454&vt=11&dtpt=280&dett=3&cstd=171&cisv=r20220209.61708&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0.&adurl=
Requested by
Host: consulteportal.com.br
URL: https://consulteportal.com.br/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Full-Version
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
server
cafe
OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 11D6
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:05 GMT
x-content-type-options
nosniff
age
268
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47676
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:39 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:45:05 GMT
OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 11D6
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:11 GMT
x-content-type-options
nosniff
age
22
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:49:11 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame 11D6
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
490c82e881271d51534d76b89187012c5739554524cec4dee3bc7deb5aef9e55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5581
x-xss-protection
0
60005582_20180201040701083_empty.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 11D6
95 B
121 B
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20180201040701083_empty.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 11:11:13 GMT
x-content-type-options
nosniff
age
30200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
95
x-xss-protection
0
last-modified
Thu, 01 Feb 2018 12:07:01 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 11:11:13 GMT
60005582_20211207053248120_728x090.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 11D6
22 KB
22 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211207053248120_728x090.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4716532263c9a8da2b2953abb508db027a0971bd0a8f51641917f967406e4d84
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:00:08 GMT
x-content-type-options
nosniff
age
2065
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
22241
x-xss-protection
0
last-modified
Tue, 07 Dec 2021 13:32:48 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 19:00:08 GMT
60005582_20220131064027339_AP-Sparen_Stoerer.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 11D6
2 KB
2 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220131064027339_AP-Sparen_Stoerer.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f599a9c44739898de4083ea546da4940d9f7f5eb1e76b509aa90741b8f5531d0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 16:06:50 GMT
x-content-type-options
nosniff
age
12463
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2461
x-xss-protection
0
last-modified
Mon, 31 Jan 2022 14:40:27 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 16:06:50 GMT
60005582_20211201073131751_o2_HomeSpot-2-LTE_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 11D6
20 KB
20 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211201073131751_o2_HomeSpot-2-LTE_ASSET.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1c176742040fa0fa7d0c6ddb5bdb7a7c81e1e0b091a9aded5fb9dff7ef223b1a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/6973237858530230272/728x090.html?e=69&leftOffset=0&topOffset=0&c=Cno46NysCU&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 18:59:48 GMT
x-content-type-options
nosniff
age
2085
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20819
x-xss-protection
0
last-modified
Wed, 01 Dec 2021 15:31:31 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 18:59:48 GMT
postview.gif
portal.o2online.de/nws/img/ Frame 11D6
43 B
609 B
Image
General
Full URL
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252030_146336071_-0&ref=27008872_4307561_324252030_146336071_-0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.132 Kassel, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.o2online.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:33 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame FA8F
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:05 GMT
x-content-type-options
nosniff
age
268
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47676
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:39 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:45:05 GMT
OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame FA8F
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:11 GMT
x-content-type-options
nosniff
age
22
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:49:11 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame FA8F
7 KB
6 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
87acfb5de3aa64f5a830b479a87d61133e642a9b9cf3a65692f902ccfde7c2cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5647
x-xss-protection
0
60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame FA8F
26 KB
26 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=yfvJ3tMdRe&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 11:00:24 GMT
x-content-type-options
nosniff
age
30849
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26568
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 06:54:40 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 11:00:24 GMT
postview.gif
portal.o2online.de/nws/img/ Frame FA8F
43 B
609 B
Image
General
Full URL
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252033_146033529_-0&ref=27008872_4307561_324252033_146033529_-0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.132 Kassel, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.o2online.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:33 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 3164
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:05 GMT
x-content-type-options
nosniff
age
268
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47676
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:39 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:45:05 GMT
OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 3164
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:11 GMT
x-content-type-options
nosniff
age
22
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:49:11 GMT
60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 3164
26 KB
26 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20211014235440811_APP_iPhone-13-Pro_Asset.png
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 11:00:24 GMT
x-content-type-options
nosniff
age
30849
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
26568
x-xss-protection
0
last-modified
Fri, 15 Oct 2021 06:54:40 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 11:00:24 GMT
postview.gif
portal.o2online.de/nws/img/ Frame 3164
43 B
609 B
Image
General
Full URL
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252033_146033529_-0&ref=27008872_4307561_324252033_146033529_-0
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/4539605209889898496/300x250.html?e=69&leftOffset=0&topOffset=0&c=q0FxMHWDjc&t=1&renderingType=2
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.132 Kassel, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.o2online.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:33 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
sodar
pagead2.googlesyndication.com/getconfig/ Frame 3164
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_246&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
87914c39b75b1d69e2deb58f2fb51f41707cc344a6ca4e4b529ca7c31ae73d84
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5598
x-xss-protection
0
OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame AA0C
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:30:05 GMT
x-content-type-options
nosniff
age
268
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47676
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:39 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:45:05 GMT
OnAir-Regular.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame AA0C
47 KB
47 KB
Font
General
Full URL
https://s0.2mdn.net/creatives/assets/4140742/OnAir-Regular.woff2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
Origin
https://s0.2mdn.net
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:11 GMT
x-content-type-options
nosniff
age
22
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
47848
x-xss-protection
0
last-modified
Thu, 06 May 2021 11:38:29 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=900
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Fri, 11 Feb 2022 19:49:11 GMT
sodar
pagead2.googlesyndication.com/getconfig/ Frame AA0C
7 KB
5 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_245&st=int
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
8fc9992233eaa7ade3ec4548a18c8dfe5ef75ba311e541c31269e31226a6b589
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
application/json; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5605
x-xss-protection
0
60005582_20220110062024247_300x250_LOOK-01.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame AA0C
30 KB
30 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220110062024247_300x250_LOOK-01.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9d4b90e4e60a6ed6be197b23d4c0537a6275b49094c65dccbe25c9111c1cc814
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 15:30:16 GMT
x-content-type-options
nosniff
age
14657
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
30234
x-xss-protection
0
last-modified
Mon, 10 Jan 2022 14:20:24 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 15:30:16 GMT
60005582_20220110061737726_S20FE_Tab_ASSET.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame AA0C
65 KB
65 KB
Image
General
Full URL
https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20220110061737726_S20FE_Tab_ASSET.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b9ab67d9a55a7ccb9efc03a9f952d84218103c558c873ae08577e8f0ea834457
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/sadbundle/7880880706497282048/300x250.html?e=69&leftOffset=0&topOffset=0&c=dNj8LrFrvl&t=1&renderingType=2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 15:29:52 GMT
x-content-type-options
nosniff
age
14681
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
67002
x-xss-protection
0
last-modified
Mon, 10 Jan 2022 14:17:37 GMT
server
sffe
report-to
{"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=86400
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="ads-doubleclick-media"
expires
Sat, 12 Feb 2022 15:29:52 GMT
postview.gif
portal.o2online.de/nws/img/ Frame AA0C
43 B
609 B
Image
General
Full URL
https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252033_145982135_-0&ref=27008872_4307561_324252033_145982135_-0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
82.113.101.132 Kassel, Germany, ASN6805 (TDDE-ASN1, DE),
Reverse DNS
portal.o2online.de
Software
Apache /
Resource Hash
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:33 GMT
Last-Modified
Wed, 26 Aug 2020 10:11:24 GMT
Server
Apache
ETag
"2b-5adc50abeeb00"
P3P
policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection
close
Accept-Ranges
bytes
Content-Type
image/gif
Content-Length
43
runner.html
tpc.googlesyndication.com/sodar/sodar2/225/ Frame 05EB
13 KB
5 KB
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

accept-ranges
bytes
vary
Accept-Encoding
content-encoding
gzip
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length
5046
x-content-type-options
nosniff
server
sffe
x-xss-protection
0
date
Fri, 11 Feb 2022 17:45:58 GMT
expires
Sat, 11 Feb 2023 17:45:58 GMT
cache-control
public, max-age=31536000
last-modified
Mon, 21 Jun 2021 20:47:05 GMT
content-type
text/html
age
6515
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
aframe
www.google.com/recaptcha/api2/ Frame 2C85
783 B
1 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
a9b7ce715462fa38f371310d55fbdc7efc7570b45f7844316d46cfa4a4359277
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-P+DCpPoccGZncq/pfehvOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires
Fri, 11 Feb 2022 19:34:33 GMT
date
Fri, 11 Feb 2022 19:34:33 GMT
cache-control
private, max-age=300
content-type
text/html; charset=utf-8
content-security-policy
script-src 'report-sample' 'nonce-P+DCpPoccGZncq/pfehvOQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
510
server
GSE
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 11D6
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:33 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame FA8F
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:33 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame 3164
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_246.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:33 GMT
sodar2.js
tpc.googlesyndication.com/sodar/ Frame AA0C
17 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_245.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://s0.2mdn.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6386
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
etag
"1637097310169751"
vary
Accept-Encoding
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type
text/javascript
cache-control
private, max-age=3000
accept-ranges
bytes
expires
Fri, 11 Feb 2022 19:34:33 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame B530
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169458
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame AC79
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169458
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 0AE3
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169458
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 71CA
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169458
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 6948
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BCCssSLoGYrDJI8mgrAS27bjACwAAAAA4AeAEAg&bg=!s7ClsPTNAAbAtJCDwLQ7ACkAdvg8WmAvlt1IvfrLpNpOtPE0lyJGl-D4l2JwRYhTDFNOtO5npM2lvQIAAAIkUgAAAAJoAQeZAw2PKsyu2f5V8Ll0uyuz_TwsteUZE437b-k8T56PHVof_fjLPvjCC3g7QBYHbyLCLflESCPFukDnMsG73i2l9zPv7NOtLjNcXHeAIa_JkP8nV6IIF5_B03enPSOaMmwurIQFkaZnQBv_X7CqpalZJz5bEpxiyWfE33h_LT4YimmehFQStWwdHxKuh5ANfnta1NbqCIxxOU0lGjFeYsEcqFaIMqWQVFBreIthtpOI6m7vjKtaFMFvMGAzjCQWlVdaoezE_dwE1u7Y3thKZ-XVemSlChV2jconsQ-o6dwQtGKJYlcBGmqJEBOr7hL1JKB_lCgQ7Rnz-dOzP8j30ZG_x_aljNLwqwmo7moGDjqROg0KgggifXedB1Q4Gwt95RNweK-grhG_u6x8OSJg7GtL9qh6O2C-iqg1mhrUtwKSOQX8RicRO9vGKRYhfZX14f-MaL5_A99b_HAg8MqRtYtY1OETP9WBBSY-ji4FxiGh4Lrq0cgmBOwx-n2iPGrAuh1mk_XrcIs-ixA15J7mB-8lbedZavFVHs4IxXetAQfbvZdyQ-L29pWHCPCIwsLMSZDqmkjgzeaFOF2gJwUvoyOHYd1snAPojLraDrOQqty6KGcuPfw7S8dfSABsXHsP3IMREccdWjCD8B8psp4x6KJOs_kjos8C-KPY9Yqev_sfTTw1MY6fOCd7zOUDFSowt7M5WoobDaN98djwIqBL3Hz00taSdCcQO-U-Dtz1qB3lV7hJaIB493_Yc-Chr64GuAAuP63NdBxeTM_wxbiJQQLnt19SKJwC6u3GSmLEwx_O_RxpMDLSuHHvi6JeMKwKnDDi4HPA-z-aQDfZEsIpQhrvkN9aAUwGjpc4Y1ofV1tmHNsjRXKqonWgm3EVDzARYRPiJg4DZVWRIEupBBgmnZrHiaFN3spUgr52gOzg01eghPNYN1bCk_si2YbrTfFZeC7246JwwPuazqTEDNE8hgSsMuA_v1M0LiClq7Eh2RQPEjjKtUdU-yPeyO31byqHG8fUUW65UyKnTZ7RGzI9zjTd
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame F53A
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BRzoKSLoGYvzaI9KBjuwPkamQ0AQAAAAAOAHgBAI&bg=!sbKlsvbNAAbAtJCDwLQ7ACkAdvg8Wk8NkKM1c69JCZFxE-ylTQReXb7TrN-oIm0Ib9WNIHYKxxXC3QIAAAITUgAAAAJoAQeZAw8phTL0mjCOe7_AWxxhoKIm_f3x2RZCINpkigno2OdxsOA3cRl2zzR2ZzODxC90CBZepcVqRdufAapTcOovGJqlcYmb9lraBQmxJA_mrYvs9BRliE0A1BI86w4NZQNv9ob8Y9AJ5uagefnfNeJ2oTmETsQhWYD_L1AhRhrqF7uTqHzEoXvKTbMLIMENRv64tXH9l_lqMQHpnt65IimNHU87LiEMJpw_rJJl_czD799P54hF7q8UyfmZAJLWMvjN5VxyGlF-dJQpeDdQik6iOu_feNfPGa8Brukd0BDeFs-E2QWScmjyvPTH-JjKG-TCIZb4CLJw5FpCl935f2gJEl2u-hsjUwrtB9fPZHN-P-gdod5PikuGLtgmLwq-CJUC-ciB3FhtQdyFL00O0s0SxOHh3p02eofPLdtWnBjec7MZfpXaap3GzG1Cxyf6y1EFZBBFlDkD1yeQ_avN-cGcNcRbpNCl7YiH5I5POICmCsFnOVup01KN1v2JywBf4YxNQgEH7C3anZmwb7MJRkqfsHcJaI8UKgIqWqN4wELy1Fo4eHXodp88XFiwy5ihZ09ci84nQFjGMALOT3iCwrSQMkfoaO5xOjzC7X4ga191ZHDmZsAOoP1Kvs1pzk0VnCoq5tJXGY7GXxU0ydLAbXB1jnIaGabO8u8IfR_wBgA6kEAjTgGwIIVNoTWy48uxIYxv9InBrunvtVBhSAku_B3OKErQc1Ne1A7WHMqamNvwPYI1tcPj8iB04jv1IsEhlN_C6o8mW715i9zYqKv0Kdm8wM3txPoFUXDx9jUx2nM0sHqaLP5uf1Wg4QQU6oB8DvPPxkvG7nuiIwxUbTzE9R5wX4UBHS4kXB_b3hKxQg3g9R0ELlCx0mZ7L9JJFGdZLsQksSINDqgk4pkMFUGzrJ-XMq-vhTv9ZkbVteUuw7xI4cc8tscWYYqLBw6h8wcvyOUny7KFZxzq8QiaVxYjKwO5oYUFIgkOVeonqrLry_xpE2t0MgdI67RSi14CbmNzPeKrzXt3xdtt6qy0A-pSGtwc6Oc
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame 3135
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BY2mSSLoGYviRJISE3gOztovgDQAAAAA4AeAEAg&bg=!jI-lj8vNAAbAtJCDwLQ7ACkAdvg8Wh43CIPGZrH8xKCkZdkYNfjSKtj9vZonpdSemPFJdceQQslUqgIAAAIOUgAAAAJoAQeZAwIeqwZrqeqjZ9WKl9bA9PpmOKvFDsCa9OHS2Qhcl8k0fOdMp3LOS4cHYq6ARUdB7h43l2r1I5PgTbZiXWC72R5iJYZqFpL_-5sxJrAas7WJBGuErQfbpfc0vqNc4FmZmBsgLOpLZBLkjXWVsXm75_fi_2b1d3HRKisOXDVtDFg04_E6zq8xA9Q-ZuC8oQIel_sA4F4BZNaUfOaT8h4JnpbVKzzDabFz5pmgENqeinNg9J3yw6PYcT0_ms074nLfa-bwQfxaMDb4vcld_fhnDSjx8_UTG7sCGDf5H3v85VB91BpvfTpEEEmz4V0o-MM2cBbd4jng5kTCMaVBZUUvXLBP6H4jTKHRAqQlZsNGiRGPqWk_ID8MKuoKtQKQ6SLrE7P82brCN6Rf9ubyiB2XY6qpZ-SM933wkF5PoQJ6oYGsAlPDsiCKv9uTZj1r359Iss__YxDYR9VPTjLvHz7jblY8U1TVjxvMxrpMBtQHEPrl7ldUL4ZFMVn8op4JUAfCoHP8nOJdZlTl_aqTXpBFS26smbFZGVtyVZzupoVwtEc7cKONKmilUvm4Y8Q63TXRGXt2KS7Ipev02A5vDqO918lKpLXkqouof3W_87LxDMv5kixKADxULJ3i7rhG6xhwHI0KocEfv3Y-_QfxP2QjUOKJ3v2T65oAilr75dAoNP55_GDgobMPxAUKWzFkUxRYcf2P1JFaNRDfyxLv7b97LKrGaAT0SJyTIEv3YxsRFTaWejbGGOZplbEwdBV9_fGFG3v2LV2a-nhkcvABjEX2c99NIKSj0W8VE0xDIUwqaZp-lo2n7LurCmkv1J6wJDnGqqmXH757ttpnfm_1UCVRDFwpEzuaGzJjJna1EwZ0ucN9ksLXrSwDfP6DUwhYcrZi5HNXd81K5K4K2yXlHiqCMAGk_VUBIMxTiBvi1H8LKH3URdc_jxfWjVKVMmlU6W_mf0_-SiH7V_HblrWkSXpMikZ2LLjrXrzX7ACq8sKxcR-SsLoCsJUJ8HVU1_ynGEwgPN0k5Q
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
gen_204
pagead2.googlesyndication.com/pagead/ Frame A638
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BYjmkSLoGYqGNJM-B3gOehZSACQAAAAA4AeAEAg&bg=!LC-lL2vNAAbAtJCDwLQ7ACkAdvg8WtMn2gBVpRnBj5au6XmBRQ4UFuTvYnChWCWidc7HzIYasnKHkQIAAAIEUgAAAAFoAQeZAxBoNdHjBUy31Hwwhq28PTpzal11S3J4I3f7AKkXQl0HhmwRSwQtfq_j-ltT6tptCX0rD74D3ZrHg0Dlf1eDb7OWGiQ2lS6JO_Qd8DbYJBKONa4GfyrunSnns5Zy2RpPCyAl4_R3_-fvt4yl2NXk_6nr0ef_ERp-McT-5y5dRFjWj7K8yLMu_woWCXmjbYuejwFCOqoM89DUTezInjRroRfhqfQBsBw9InF2GJQCDk9KF0cUaeSC9OvIhz5DY8i-c_121Jp1TF6ccSwiXePihuR-VCqnt6WlIpbqH4o655JFXcpFexgR4VIfcIpuignf1nRRVLVicUIC8hdzRLJWnS-vAeB1MTxa62XoTHRq8ZMdcZKi_cixTOFW7UYkI0inXXUjZiCWa585d2RnXzN1oYdefv-iCtaGXwhX-Z0E7ZqM56G3PU_ThGlo5cSOk2ou9TFILpTQ1JidyySeQlnKDbAX1sIbj0_Ed1EDChnRoKp7btadb8dTiOrvHHSaUN1DYmwo0Sri2UqfWmJ2-LpBy0AdxxarVrQgv6kr4S0nXFfhESIk-NRYLd4EM_GyQ1FP-GCvuNJiMNbwjNnI2pL2-M3ascu0r_F5wUyK_yw5YArKqWdfKNcXbvTFvBT6ftehSCLCJRL4lFtF_7Rm9r0Uuq7EUanEbjhnjxp38ggGCBiwMcynxoYlXmJ_teGHeQN6kYJr26i1Ydg-pnvgrSpNtR4Z6t8MWPi5S34qU1VQGn1ZL6qNddpvfWEAUt-KC7zBJ9WW_j9n8d2A4-B6yvH10Ki_Wliyl6LPywPJOaMsBNHqcW2-oRq-5HqPUUoIKvGvRM7vHjlg6McU2jyQerO04Vin0MhPixjQOhWpnU8HTiVQKay9SS3Ivpu1KkNajjAaLCk9MmfBVKxWn3krhpX1zLGeCWDAmPK2Of6omiGb-SVXouT7L1RWJDXaXpkfmm1UNkLUC5zujf7jW43qAoNjxHnNMnqBYPnFAeQIR3y1vby9yUK_vSwHfNYLMFPCeF_SruMrJM6bKGM25D5VntYkviz4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sodar
pagead2.googlesyndication.com/pagead/ Frame 2C85
0
0
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20220209&jk=2592607545491287&rc=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
pagead2.googlesyndication.com/bg/ Frame 05EB
35 KB
13 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/bg/QXXtNV2_rimJ59THO8yAvlzUBzNnyKLIOF0f-vbqXN4.js
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Wed, 09 Feb 2022 20:30:15 GMT
content-encoding
br
x-content-type-options
nosniff
age
169458
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
13571
x-xss-protection
0
last-modified
Tue, 08 Feb 2022 16:08:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 09 Feb 2023 20:30:15 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame 4B0A
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjssXdrVZdAf26-Mt9IfZyMhvcaGhp9cvoyfE8H61tPT969it_NfVZwiZAymoOsW3vUBFf_Zcft4pWXf5quZXqwe7OsV4YZAvOPzmtTFw7xg9RdsRjczwQw&sai=AMfl-YT84Zm9pU_qikJ22aFcadkmNJNIDVAXRzeYibA9U8RHs2aK7B7r7_2HZyxv_2yf_bdzgkiztFt5Anf4JbrGOwG4ivEhwcjc7uIG2xABuq1WfT5-MAZOh87CB7w&sig=Cg0ArKJSzG7SX4rtyQaqEAE&cid=CAASEuRoIU4AkzLJ-_0RYV-gv-1qAQ&id=lidar2&mcvt=1041&p=1110,436,1200,1164&mtos=1041,1041,1041,1041,1041&tos=1041,0,0,0,0&v=20220209&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=859550183&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644608072487&rpt=250&isd=0&lsd=0&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activeview
pagead2.googlesyndication.com/pcs/ Frame A957
42 B
64 B
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuz1Yv70DvDrBYHQNSUvdAiDh3YTHa97bfajVs5iMSy-HC-caJDGun11OnzUjSrriluJshM2q1jmqXJZUZyMvFp5UBcgYTn1v-i80_VOOEe1Y0ycHtmFA&sai=AMfl-YT1SWW7F0i5uAyslgSWvlkAwwXsV_ozC8CrqKw7ik5tHJeGl4ot8ymueui4hE7moDepTvhXSGel84lXaRvvshYvhKIqyTx4iXSSjcanLIDSToAWXPZzixhswes&sig=Cg0ArKJSzJ4F1UZ1SBCpEAE&cid=CAASEuRo8aPOuWLI8cCj3FCr9Bu-Sg&id=lidar2&mcvt=1042&p=416,482,666,782&mtos=1042,1042,1042,1042,1042&tos=1042,0,0,0,0&v=20220209&bin=7&avms=nio&bs=0,0&mc=1&if=1&app=0&itpl=20&adk=4163497950&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLG51bGwsbnVsbCwiIixbXV0%3D&vs=4&r=v&rst=1644608072464&rpt=288&isd=0&lsd=0&met=ce&wmsd=0
Requested by
Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
generate_204
tpc.googlesyndication.com/ Frame 05EB
0
9 B
Image
General
Full URL
https://tpc.googlesyndication.com/generate_204?liD9dw
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
gen_204
pagead2.googlesyndication.com/pagead/
0
20 B
Image
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar2&v=225&t=2&li=gda_r20220209&jk=2592607545491287&bg=!9fal9rLNAAbAtJCDwLQ7ACkAdvg8WjppVRwTUYKMA7rOKFLDrFkr0sH-LY0P-cgOEG6esl9oO4YyaQIAAAC0UgAAAAJoAQcKAF1eicUvhd3iLby0LdumZawoYjWhjDu-4MZwFwtN10lHJ8cKYWSgZxW05KeV6qq_OcijBjXrqHuNtTfzZf5V6OSb0m2m9h9qAVzf-4w5KdtUxfAB2dfaULvEjUcHYaiZAr5DMq7KHRPRBoM4P116Rew6o9XmXkcG8kcRkf72UTg7Ygj5nsB9gcnssr8tfRYneVcQkJpCQ7rEhhb78yXf2nBA4ePXXhbT1ruX9_EJsSKeiZzzxly6yaow8o634N0HzcLfAJRI7t3I_FYgCqUBj0GQ5HGqVVblGx_1jv-qHZ9Jm54Xryq6uzSQIQV_OG-2U1HVevPsQLTRFrZ0AwRhpbHmC38gEqllSjp8KAWpejBVmoFROGVrfIRYqUWEpcY1CDPp1QfeNLn7zg7zNmTyn3UDCnCREEWeu9t67KjIhXH0eNLKdDXGnSLCArBiAuwBKVeVGBGYxpCKd8xH-alFghr8dRU9kk_vzSWZ9F3Shhqtf3aJk_Gz-IDg8H2QdE6sWq0L2E67WXg6akbZXMzVvIe0dvoFHl0WQaV0U-Ad9tsxmd6Hr_9Qu_yE2Oke8GPkej2D2x6DSJkzMGVXz_rvyMpGzrWp4j2ew7yNdPoWtQLdyZE1Wm_sK78ukkQtn-pohgBBBpTwnJifkPrdzNBpH-y2F256nPElIhcox1o2ctoHSo2ijy2r5tOMr0vrZuFuv3X7GMSq7VdE7555wY1k_VbsI97KyTCOqwbvc8n0vBWT6QXYD98G71pP5s06q3WGzNllvrXopInYz67mE_JOFzu7jnMtQlq5tDpzUoYEMKYIa-rfc2B30Q0pqapyMNtiBlQMhrAIrZEI87aqCbisWIY8NGf9KUuxUaL5PaB4qKrt3L0iMbFO4q-ivt5PZzS14TthmkiUTq9gmEfPw5XeA-2OjL2G733mkJ4ebBndmZ9lSKs65jGu7O6wYbRwHaB-uxB-Ep0hfpwKc44ZILd7Mnhcs0aHUZzOnMFg-5cod8WaDfZr1DMZKwvEAS2ngTAF5yUIXIkvfmb0P2sI_ykg2D7y7YdCD9k12EthSZ-FQ3w
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=v&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608074477&cb=0.07329267980929122&aa=intext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:34 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003f18eb55b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=v2&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608074478&cb=0.24045820118291794&aa=intext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:34 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003f18eb75b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=v2&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608074478&cb=0.050926820499582304&aa=intext
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:34 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003f18ebe5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
api.gif
tags.denakop.com/
0
308 B
Image
General
Full URL
https://tags.denakop.com/api.gif?a=10406&d=desktop&b=Chrome&o=Windows&v=4.12.0&sw=1600&sh=1200&ac=v&p=https%3A%2F%2Fconsulteportal.com.br%2F&t=1644608074490&cb=0.6471771696421769&aa=under
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:160e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-authenticated
0
date
Fri, 11 Feb 2022 19:34:34 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
DENY
content-type
image/gif
pragma
no-cache
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-ray
6dc003f19edc5b50-FRA
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
expires
Sun, 01 Jan 2014 00:00:00 GMT
usync.html
eus.rubiconproject.com/ Frame 74CE
281 B
554 B
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

Server
Apache/2.2.15 (CentOS)
Last-Modified
Tue, 14 Dec 2021 23:07:59 GMT
ETag
"402b2-119-5d32342a551c0"
Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
233
Content-Type
text/html; charset=UTF-8
Date
Fri, 11 Feb 2022 19:34:35 GMT
Connection
keep-alive
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 99D4
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 11 Feb 2022 04:03:13 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Fri, 11 Feb 2022 19:34:35 GMT
Age
55881
X-Served-By
cache-lga21943-LGA, cache-hhn4031-HHN
X-Cache
HIT, HIT
X-Cache-Hits
1, 894292
X-Timer
S1644608075.084289,VS0,VE0
Vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame 4BC7
52 KB
17 KB
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.65.108 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

Connection
keep-alive
Content-Length
17053
Server
nginx/1.18.0 (Ubuntu)
Content-Type
text/html
Last-Modified
Wed, 02 Dec 2020 20:56:47 GMT
ETag
W/"5fc7ff8f-cf34"
Expires
Fri, 11 Feb 2022 04:03:13 GMT
Cache-Control
max-age=86402
Access-Control-Allow-Origin
*
Content-Encoding
gzip
Via
1.1 varnish, 1.1 varnish
Accept-Ranges
bytes
Date
Fri, 11 Feb 2022 19:34:35 GMT
Age
55881
X-Served-By
cache-lga21943-LGA, cache-hhn4034-HHN
X-Cache
HIT, HIT
X-Cache-Hits
1, 893022
X-Timer
S1644608075.087988,VS0,VE0
Vary
Accept-Encoding
/
spl.zeotap.com/ Frame CF4E
7 KB
2 KB
Document
General
Full URL
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea3042e7d5d11e171f2a9b8d5a3cde2e55995d2b1a23ae7071a958973a1af694

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
content-type
text/html
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://consulteportal.com.br
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6dc003f51817922c-FRA
content-encoding
br
/
onetag-sys.com/usync/ Frame F63F
2 KB
814 B
Document
General
Full URL
https://onetag-sys.com/usync/?cb=1644608071418
Requested by
Host: tags.denakop.com
URL: https://tags.denakop.com/prebid.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.75.86.98 , France, ASN16276 (OVH, FR),
Reverse DNS
ip98.ip-51-75-86.eu
Software
/
Resource Hash
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://consulteportal.com.br/

Response headers

content-type
text/html
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
strict-transport-security
max-age=15552000
usync.js
eus.rubiconproject.com/ Frame 74CE
32 KB
10 KB
Script
General
Full URL
https://eus.rubiconproject.com/usync.js
Requested by
Host: eus.rubiconproject.com
URL: https://eus.rubiconproject.com/usync.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.92.74.8 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-92-74-8.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) / PHP/5.3.3
Resource Hash
7aa3de3cbeaac194729834621c09a127dfba2d7fc731a0807e81219a6f69b079

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/usync.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:35 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Dec 2021 23:04:16 GMT
Server
Apache/2.2.15 (CentOS)
X-Powered-By
PHP/5.3.3
Vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa TAIa OUR # BUS IND UNI COM NAV INT"
Cache-Control
max-age=75185
Connection
keep-alive
Content-Type
text/html; charset=UTF-8
Content-Length
9702
Expires
Sat, 12 Feb 2022 16:27:40 GMT
getuid
ib.adnxs.com/ Frame CF4E
0
0
Image
General
Full URL
https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pixel
cm.g.doubleclick.net/ Frame CF4E
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=zeotap_ddp&google_cm&zpartnerid=1&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/push?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26...
  • https://pixel.tapad.com/idsync/ex/push/check?partner_url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BTA_DEVICE_ID%7D%26zpartnerid%3D5%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent...
  • https://mwzeom.zeotap.com/mw?cid=2accbc87-2f90-4e77-bc4a-9fd97f61afde&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=2accbc87-2f90-4e77-bc4a-9fd97f61afde&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f61a75922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?cid=2accbc87-2f90-4e77-bc4a-9fd97f61afde&zpartnerid=5&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
/
dmp.adform.net/serving/cookie/match/ Frame CF4E
0
330 B
Image
General
Full URL
https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.234 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
nginx
access-control-max-age
86400
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length
0
expires
-1
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D9...
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=2xlgrzl&ttd_tpi=1&ttd_puid=env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D9...
  • https://mwzeom.zeotap.com/mw?cid=efcbe9b3-0785-4e43-abb5-caee2056d131&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810...
95 B
164 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=efcbe9b3-0785-4e43-abb5-caee2056d131&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f61a61922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://mwzeom.zeotap.com/mw?cid=efcbe9b3-0785-4e43-abb5-caee2056d131&zpartnerid=6&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
481
cm
trc.taboola.com/sg/zeotap/1/ Frame CF4E
0
161 B
Image
General
Full URL
https://trc.taboola.com/sg/zeotap/1/cm?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::300 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-vcl-time-ms
8
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 varnish
server
nginx
x-timer
S1644608075.163462,VS0,VE8
x-cache
MISS
x-cache-hits
0
accept-ranges
bytes
content-length
0
x-served-by
cache-hhn4028-HHN
u
dmp.v.fwmrm.net/ad/ Frame CF4E
0
411 B
Image
General
Full URL
https://dmp.v.fwmrm.net/ad/u?mode=echo&cr=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1368%26env%3DmWeb%26cid%3D%23%7Buser.id%7D%26gdpr%3D%24%7BGDPR_ENFORCED%7D%26gdpr_consent%3D%24%7BGDPR_CONSENT%7D
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f16:e61:3f02:363e:3490:f8eb:b263 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:35 GMT
P3P
policyref="https://www.freewheel.tv/w3c/p3p.xml",CP="ALL DSP COR NID"
Cache-Control
no-store
Connection
keep-alive
Content-Type
text/html
Keep-Alive
timeout=300
Content-Length
0
Expires
0
UCookieSetPug
image6.pubmatic.com/AdServer/ Frame CF4E
0
41 B
Image
General
Full URL
https://image6.pubmatic.com/AdServer/UCookieSetPug?gdpr=1&gdpr_consent=&rd=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1384%26env%3DmWeb%26cid%3D%23PM_USER_ID%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d4b5df-6670-4dbc-4c20-a61a4acfb3d3%26reqId%3D934a5c81-f550-4810-40e8-05aee3c1a915%26zdid%3D1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.190.78 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
0
content-type
text/html; charset=UTF-8
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
  • https://sync.tidaltv.com/genericusersync.ashx?dpid=3169&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=136...
  • https://mwzeom.zeotap.com/mw?cid=596d8883-70ce-4259-9477-13cecb85e0da&zpartnerid=317&gdpr=1&gdpr_consent=
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=596d8883-70ce-4259-9477-13cecb85e0da&zpartnerid=317&gdpr=1&gdpr_consent=
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f80f12922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
Apache-Coyote/1.1
location
https://mwzeom.zeotap.com/mw?cid=596d8883-70ce-4259-9477-13cecb85e0da&zpartnerid=317&gdpr=1&gdpr_consent=
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-length
0
x-xss-protection
1; mode=block
expires
0
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://dpm.demdex.net/ibs:dpid=199624&dpuuid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env%3DmWeb%26eventType%3D...
  • https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=199624&dpuuid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%24%7BDD_UUID%7D%26zpartnerid%3D314%26env...
  • https://mwzeom.zeotap.com/mw?cid=83340668355120521200458428045136337382&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=83340668355120521200458428045136337382&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f6dc13922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

DCS
dcs-prod-irl1-2-v027-0eab81db2.edge-irl1.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
3FR1/IYGTuU=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://mwzeom.zeotap.com/mw?cid=83340668355120521200458428045136337382&zpartnerid=314&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
/
loadeu.exelator.com/load/ Frame CF4E
0
324 B
Image
General
Full URL
https://loadeu.exelator.com/load/?p=709&g=008&j=0&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.143.3 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-254-143-3.eu-west-1.compute.amazonaws.com
Software
nginx / Undertow/1
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
cache-control
no-cache
access-control-allow-credentials
true
server
nginx
x-powered-by
Undertow/1
p3p
policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://bn01.er.bemail.it/zeotap.php?_bid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&_from=Zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-...
  • https://mwzeom.zeotap.com/mw?cid=BE1-2022021120-58222-0.663283001644608079-2859da8b76f8dfde00ab7ee9a29943a8&zdid=533&env=mWeb
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=BE1-2022021120-58222-0.663283001644608079-2859da8b76f8dfde00ab7ee9a29943a8&zdid=533&env=mWeb
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f64aed922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=BE1-2022021120-58222-0.663283001644608079-2859da8b76f8dfde00ab7ee9a29943a8&zdid=533&env=mWeb
Date
Fri, 11 Feb 2022 19:34:39 GMT
Server
nginx/1.10.2
Connection
keep-alive
X-Powered-By
PHP/5.4.16
Transfer-Encoding
chunked
Content-Type
text/html
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://dsp.adfarm1.adition.com/cookie/?redirect=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%25%25COOKIE%25%25%26env%3DmWeb%26zpartnerid%3D563%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_con...
  • https://mwzeom.zeotap.com/mw?cid=7063537896866707604&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-...
95 B
176 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=7063537896866707604&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:37 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f5fa1c922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Location
https://mwzeom.zeotap.com/mw?cid=7063537896866707604&env=mWeb&zpartnerid=563&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Date
Fri, 11 Feb 2022 19:34:35 GMT
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
p3p
policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"
check
pixel.tapad.com/idsync/ex/receive/ Frame CF4E
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=2885&partner_device_id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
95 B
425 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
Protocol
H2
Server
35.227.248.159 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
159.248.227.35.bc.googleusercontent.com
Software
/
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
content-type
image/png
alt-svc
clear
content-length
95
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Redirect headers

location
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2885&partner_device_id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
alt-svc
clear
content-length
0
strict-transport-security
max-age=31536000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://idsync.frontend.weborama.fr/ids?key=zeotap&value=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fwebouuid%3D%7BWEBO_CID%7D%26env%3DmWeb%26zpartnerid%3D431%26...
  • https://mwzeom.zeotap.com/mw?webouuid=CcwllbMfv.Awm9WN5s/mPe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-48...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?webouuid=CcwllbMfv.Awm9WN5s/mPe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f67b3d922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
last-modified
Fri, 11 Feb 2022 19:34:35 GMT
server
nginx/1.12.0
location
https://mwzeom.zeotap.com/mw?webouuid=CcwllbMfv.Awm9WN5s/mPe&env=mWeb&zpartnerid=431&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
p3p
CP="NOI DSP COR CURa DEVa PSAa OUR STP UNI DEM"
access-control-allow-origin
*
cache-control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Tue, 03 Jul 2001 06:00:00 GMT
2.gif
dmp.theadex.com/d/949/i/ Frame CF4E
36 B
335 B
Image
General
Full URL
https://dmp.theadex.com/d/949/i/2.gif?axd_fuid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&axd_pid=175
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
89.163.159.104 , Germany, ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE),
Reverse DNS
Software
nginx /
Resource Hash
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
nginx
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate
access-control-allow-credentials
true
content-length
36
expires
0
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://bcp.crwdcntrl.net/map/c=13620/tp=ZEOT/tpid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_con...
  • https://bcp.crwdcntrl.net/map/ct=y/c=13620/tp=ZEOT/tpid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3?https://mwzeom.zeotap.com/mw?pid=${profile_id}&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdp...
  • https://mwzeom.zeotap.com/mw?pid=5e87c3820b9b18f18e51405b4f8934bb&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f5...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?pid=5e87c3820b9b18f18e51405b4f8934bb&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f74cf5922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://mwzeom.zeotap.com/mw?pid=5e87c3820b9b18f18e51405b4f8934bb&zpartnerid=637&env=mWeb&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
cache-control
no-cache
x-server
10.45.28.64
content-length
0
expires
0
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://cms.analytics.yahoo.com/cms?partner_id=ZTAP
  • https://mwzeom.zeotap.com/mw?cid=y-wWT49dBE2oreoG_EIB5fQ_lDVuAahlWNww--~A&zpartnerid=570&env=mWeb
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=y-wWT49dBE2oreoG_EIB5fQ_lDVuAahlWNww--~A&zpartnerid=570&env=mWeb
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f77d73922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

date
Fri, 11 Feb 2022 19:34:35 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
text/html;charset=utf-8
location
https://mwzeom.zeotap.com/mw?cid=y-wWT49dBE2oreoG_EIB5fQ_lDVuAahlWNww--~A&zpartnerid=570&env=mWeb
x-xss-protection
1; mode=block
strict-transport-security
max-age=31536000
content-length
0
x-content-type-options
nosniff
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://aa.agkn.com/adscores/g.pixel?sid=9212299398&zctry=DEU&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zd...
  • https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=iKVlrKLyaRhuGTpoDn3L6Qwy0ua9d5VB%2BS41iYitP1U%3D
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=iKVlrKLyaRhuGTpoDn3L6Qwy0ua9d5VB%2BS41iYitP1U%3D
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f75d2b922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
AAWebServer
p3p
policyref="https://www.agkn.com/p3p/p3p.xml",CP="NOI NID"
location
https://mwzeom.zeotap.com/mw?zpartnerid=660&env=mWeb&zctry=DEU&zdid=1361&cid=iKVlrKLyaRhuGTpoDn3L6Qwy0ua9d5VB%2BS41iYitP1U%3D
cache-control
no-cache, no-store, must-revalidate
content-length
0
expires
0
usermatch.gif
beacon.krxd.net/ Frame CF4E
0
338 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?partner=zeotap&partner_uid=141838&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.18.40.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-40-211.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
cache-control
private, no-cache, no-store
x-request-time
D=38 t=1644608075
x-served-by
beacon-n020-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
/
sync.richaudience.com/1988B3F6BED450961C9D70DD91/ Frame CF4E
95 B
361 B
Image
General
Full URL
https://sync.richaudience.com/1988B3F6BED450961C9D70DD91/?uuid=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
168.119.79.223 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.223.79.119.168.clients.your-server.de
Software
nginx/1.14.2 /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
server
nginx/1.14.2
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
content-type
image/png
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://sync-tm.everesttech.net/ct/upi/pid/cQZGoH6Q?redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D876%26env%3DmWeb%26cid%3D${TM_USER_ID}%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr...
  • https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yga6SwAFbJEMLAAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05a...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yga6SwAFbJEMLAAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&_test=Yga6SwAFbJEMLAAy
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f79da4922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 varnish
server
Varnish
x-timer
S1644608075.440242,VS0,VE0
x-served-by
cache-hhn4067-HHN
x-cache
HIT
location
https://mwzeom.zeotap.com/mw?zpartnerid=876&env=mWeb&cid=Yga6SwAFbJEMLAAy&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&_test=Yga6SwAFbJEMLAAy
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://pixel.mathtag.com/sync/img?mt_exid=10092&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fcid%3D%5BMM_UUID%5D%26env%3DmWeb%26zpartnerid%3D979%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_co...
  • https://mwzeom.zeotap.com/mw?cid=bac96206-ba4b-4800-be81-a797fbd3e0a4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c8...
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?cid=bac96206-ba4b-4800-be81-a797fbd3e0a4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f82fb4922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

Date
Fri, 11 Feb 2022 19:34:35 GMT
Server
MT3 4133 baa842e master cdg-pixel-x27 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location
https://mwzeom.zeotap.com/mw?cid=bac96206-ba4b-4800-be81-a797fbd3e0a4&env=mWeb&zpartnerid=979&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Content-Length
0
Expires
Fri, 11 Feb 2022 19:34:34 GMT
usermatch.gif
beacon.krxd.net/ Frame CF4E
Redirect Chain
  • https://usermatch.krxd.net/um/v2?partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
  • https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1...
0
337 B
Image
General
Full URL
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
52.18.40.211 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-18-40-211.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
cache-control
private, no-cache, no-store
x-request-time
D=23 t=1644608075
x-served-by
beacon-n017-dub-prod.krxd.net
p3p
policyref="https://cdn.krxd.net/kruxcontent/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
https://beacon.krxd.net/usermatch.gif?kuid_status=new&partner=zeotap&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
date
Fri, 11 Feb 2022 19:34:35 GMT
x-cache-hits
0
x-age
0
content-length
0
x-cache
MISS
x-served-by
usermatch-a002-ash-prod.krxd.net
dcm
aax-eu.amazon-adsystem.com/s/ Frame CF4E
Redirect Chain
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c2...
  • https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c2...
43 B
645 B
Image
General
Full URL
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&dcc=t
Protocol
HTTP/1.1
Server
52.95.115.255 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:35 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
DK7FQXQSV9R438AVGBF4
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:35 GMT
Vary
Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent
Server
Server
x-amz-rid
4DV0DQ3X7EXCXWC0T8DP
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://aax-eu.amazon-adsystem.com/s/dcm?pid=cda341cb-196c-4da8-897b-752ce4bb588d&id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Permissions-Policy
interest-cohort=()
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
87734
tags.bluekai.com/site/ Frame CF4E
0
225 B
Image
General
Full URL
https://tags.bluekai.com/site/87734?id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.90.192.27 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-90-192-27.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 11 Feb 2022 19:34:35 GMT
Connection
keep-alive
Content-Length
0
P3P
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
mw
mwzeom.zeotap.com/ Frame CF4E
Redirect Chain
  • https://obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com/zeo?url=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1395%26env%3DmWeb%26eventType%3Dmap%26gdpr%3D1%26gdpr_consent%3D%26id_mid_4%3D46d...
  • https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
95 B
153 B
Image
General
Full URL
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin
content-type
image/png
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
cf-ray
6dc003f8b92c922c-FRA
access-control-allow-headers
*
content-length
95

Redirect headers

location
https://mwzeom.zeotap.com/mw?zpartnerid=1395&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
date
Fri, 11 Feb 2022 19:34:35 GMT
cross-origin-resource-policy
cross-origin
content-length
0
cmp.min.js
spl.zeotap.com/ Frame CF4E
557 B
499 B
Script
General
Full URL
https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e84f95c3cea09624eaa4878e947c8921ee9a84075fd6320d01ac601dd4f4a441

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

cf-ray
6dc003f5892f922c-FRA
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 google
cf-cache-status
MISS
last-modified
Fri, 11 Feb 2022 19:34:35 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://spl.zeotap.com
access-control-allow-credentials
true
content-encoding
br
access-control-allow-headers
*
async_usersync
ib.adnxs.com/ Frame 99D4
0
731 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:35 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
1b3ed985-38d2-423e-baa9-a0037862d54f
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 4BC7
0
731 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:35 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
c73b9296-0e4c-4e42-abd4-2b61677994ab
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cmp
spl.zeotap.com/ Frame CF4E
0
0
Document
General
Full URL
https://spl.zeotap.com/cmp?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361&cmp=0
Requested by
Host: spl.zeotap.com
URL: https://spl.zeotap.com/cmp.min.js?env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:1857 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://spl.zeotap.com/?zdid=1361&env=mWeb&gdpr=1&gdpr_consent=&eventType=map

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
access-control-allow-credentials
true
access-control-allow-headers
*
access-control-allow-origin
https://spl.zeotap.com
vary
Origin
via
1.1 google
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
6dc003f5e9f0922c-FRA
tap.php
pixel.rubiconproject.com/ Frame 74CE
Redirect Chain
  • https://sync.mathtag.com/sync/img?mt_exid=9&redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4222%26nid%3D1512%26put%3D%5BMM_UUID%5D
  • https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=bac96206-ba4b-4800-be81-a797fbd3e0a4
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=bac96206-ba4b-4800-be81-a797fbd3e0a4
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
78e3bdce5107450057bade54d54a0a7e
Content-Type
image/gif

Redirect headers

Date
Fri, 11 Feb 2022 19:34:35 GMT
Server
MT3 4133 baa842e master zrh-pixel-x30 config:1.0.0
Access-Control-Allow-Origin
*
P3P
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://pixel.rubiconproject.com/tap.php?v=4222&nid=1512&put=bac96206-ba4b-4800-be81-a797fbd3e0a4
Cache-Control
no-cache
Connection
keep-alive
Content-Type
image/gif
Keep-Alive
timeout=360
Content-Length
0
Expires
Fri, 11 Feb 2022 19:34:34 GMT
rubicon
match.adsrvr.org/track/cmf/ Frame 74CE
70 B
264 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/rubicon
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.197.193.217 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
/
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
cache-control
private,no-cache, must-revalidate
x-aspnet-version
4.0.30319
content-type
image/gif
content-length
70
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
tap.php
pixel.rubiconproject.com/ Frame 74CE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2974&pt=n&a=1
  • https://pr-bh.ybp.yahoo.com/sync/rubicon/tx4HULGn3N7yScKDoULlfA?csrc=
  • https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5233649891282072675
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5233649891282072675
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

date
Fri, 11 Feb 2022 19:34:35 GMT
referrer-policy
strict-origin-when-cross-origin
server
ATS
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
strict-transport-security
max-age=31536000
location
https://pixel.rubiconproject.com/tap.php?v=31950&nid=2974&put=5233649891282072675
x-xss-protection
1; mode=block
content-length
0
x-content-type-options
nosniff
pixel
cm.g.doubleclick.net/ Frame 74CE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=25470
  • https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pJVDZMRzMtNi0yOTlK
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pJVDZMRzMtNi0yOTlK
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=S1pJVDZMRzMtNi0yOTlK
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
v1
ads.yahoo.com/cms/ Frame 74CE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=26594
  • https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZIT6LG3-6-299J&sigv=1&esig=2~9bf8792d9ee26c1e5059a87ed7b9df286579d276
0
194 B
Image
General
Full URL
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZIT6LG3-6-299J&sigv=1&esig=2~9bf8792d9ee26c1e5059a87ed7b9df286579d276
Protocol
H2
Server
2a00:1288:80:800::7000 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 11 Feb 2022 19:34:35 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

Location
https://ads.yahoo.com/cms/v1?nwid=10000010181&eid=KZIT6LG3-6-299J&sigv=1&esig=2~9bf8792d9ee26c1e5059a87ed7b9df286579d276
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
tap.php
pixel.rubiconproject.com/ Frame 74CE
Redirect Chain
  • https://sync-tm.everesttech.net/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D
  • https://sync-tm.everesttech.net/ct/upi/pid/btu4jd3a?redir=https%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D191940%26nid%3D3778%26put%3D%24%7BUSER_ID%7D&_test=Yga6SwAFfeLzEwBH
  • https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yga6SwAFfeLzEwBH&_test=Yga6SwAFfeLzEwBH
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yga6SwAFfeLzEwBH&_test=Yga6SwAFfeLzEwBH
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
de8527bfa1ccfd6c1590da0d3b6cff52
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
via
1.1 varnish
server
Varnish
x-timer
S1644608075.367299,VS0,VE0
x-served-by
cache-hhn4067-HHN
x-cache
HIT
location
https://pixel.rubiconproject.com/tap.php?v=191940&nid=3778&put=Yga6SwAFfeLzEwBH&_test=Yga6SwAFfeLzEwBH
cache-control
no-cache
accept-ranges
bytes
content-length
0
retry-after
0
x-cache-hits
0
tap.php
pixel.rubiconproject.com/ Frame 74CE
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_cm&google_sc
  • https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMMAXladO9may-gWj0Kveco&google_cver=1
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMMAXladO9may-gWj0Kveco&google_cver=1
Protocol
HTTP/1.1
Server
69.173.144.138 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
78e3bdce5107450057bade54d54a0a7e
Content-Type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://pixel.rubiconproject.com/tap.php?v=7751&nid=2249&expires=30&put=CAESEMMAXladO9may-gWj0Kveco&google_cver=1
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
326
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel
cm.g.doubleclick.net/ Frame 74CE
Redirect Chain
  • https://token.rubiconproject.com/token?pid=2249&pt=n
  • https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGEyYjM1NmViNmQ1MjkzZTRjNDBkOGQzZDJlMDdmYzBhYTdjMjY3NA
170 B
188 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGEyYjM1NmViNmQ1MjkzZTRjNDBkOGQzZDJlMDdmYzBhYTdjMjY3NA
Protocol
H3
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://eus.rubiconproject.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 11 Feb 2022 19:34:35 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://cm.g.doubleclick.net/pixel?google_nid=rubicon&google_hm=MGEyYjM1NmViNmQ1MjkzZTRjNDBkOGQzZDJlMDdmYzBhYTdjMjY3NA
Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
content-length
0
X-RPHost
4cdacfaa68e4ab216fffbcc107c5b898
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
async_usersync
ib.adnxs.com/ Frame 99D4
0
731 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:36 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f59d4b82-c7ea-424b-be50-32dfeb139764
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
async_usersync
ib.adnxs.com/ Frame 4BC7
0
731 B
Script
General
Full URL
https://ib.adnxs.com/async_usersync?cbfn=queuePixels
Requested by
Host: acdn.adnxs.com
URL: https://acdn.adnxs.com/dmp/async_usersync.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.33.221.52 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
725.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://acdn.adnxs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 11 Feb 2022 19:34:36 GMT
X-Proxy-Origin
84.19.175.165; 84.19.175.165; 725.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f516bd96-0b5e-422a-92f5-f40d2ae622fe
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
Domain
sync.go.sonobi.com
URL
https://sync.go.sonobi.com/us?loc=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dsonobi%26google_push%3DAYg5qPJkwrgVkECM6QtqiUD_qk0OxgSaH4Jpm_j3-TzZU2dzq6_iNj3KmQN_y8A25vJ7-y3sz25el_2fA22wAmHnYKfrezEVdYQ%26google_hm%3D%5BUID%5D&google_gid=CAESED40FVg8A5YE6yj5Nszy2J8&google_cver=1

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 function| structuredClone object| _wpemojiSettings undefined| $ function| jQuery function| gtag object| dataLayer object| _mmunch object| denakop string| sf_position string| sf_templates string| sf_input object| adsbygoogle boolean| jQueryScriptOutputted function| initJQuery string| sbiajaxurl object| truepush object| eeb_ef function| _classCallCheck function| mailmunchGetMethodChain function| mailmunchGetOrCreateMethodChain function| MailMunchBaseForm function| _createClass object| _mailmunchInstances function| MailmunchMethodChain function| MailmunchUrlChangeTracker object| MailMunchDeviceDetect object| MailMunchAjax object| MailMunchHelpers object| mailmunch object| MailMunchWidgets object| truepushVersionInfo string| r object| HTTP object| tie object| google_tag_manager function| createTicker boolean| isInTag function| typetext object| tie_isMobile object| html5 object| Modernizr function| yepnope object| google_tag_data string| GoogleAnalyticsObject function| ga object| googletag object| google_js_reporting_queue number| google_srt object| google_logging_queue number| tmod object| google_ad_modifications object| ggeac boolean| google_measure_js_timing object| google_reactive_ads_global_state boolean| _gfp_a_ object| google_sa_queue function| google_process_slots object| google_persistent_state_async function| google_spfd number| google_unique_id object| google_sv_map number| google_lpabyc object| browserPrefixes string| google_user_agent_client_hint function| sf_addItem object| sb_instagram_js_options boolean| sbi_js_exists function| sbi_init function| _mJquery object| jQuery1113007096549510392758 object| $fade_object number| height object| $window object| $the_post object| $wrapper object| php_js boolean| isActive object| sbi number| sbiWindowWidth number| sbi_photo_width_manual undefined| key object| browserData undefined| subscription undefined| permissionAllowed undefined| iFrameReference undefined| skipSubscriberReport undefined| subscriberIdCallback boolean| isSubscribed string| optinStatus string| host string| cdnUrl string| imgUrl string| subDomainsHost boolean| fromSubDomain string| EnableHTTPLocalTest string| version string| defaultKey boolean| fromIframe boolean| fromWordpress boolean| fromshopifyDomain boolean| forShopifyCall object| xhttp object| desktopAllowedVersions object| mobileAllowedVersions function| isNotifAllowed function| CheckBrowserCampatability function| isPrivateMode function| truepushSDK function| loadAppJs object| gaplugins object| gaGlobal object| gaData object| twemoji object| wp function| google_sa_impl object| googleToken object| googleIMState boolean| _gfp_p_ object| google_image_requests function| processGoogleToken number| google_global_correlator object| google_prev_clients object| ampInaboxIframes object| ampInaboxPendingMessages function| dkpbjsChunk object| dkpbjs object| _pbjsGlobals function| MailMunchPopover object| google_llp object| promise object| GoogleGcLKhOms

60 Cookies

Domain/Path Name / Value
.consulteportal.com.br/ Name: _ga
Value: GA1.3.2117562331.1644608071
.consulteportal.com.br/ Name: _gid
Value: GA1.3.1912235956.1644608071
.consulteportal.com.br/ Name: _gat_gtag_UA_10134671_18
Value: 1
consulteportal.com.br/ Name: denakop_freq
Value: {}
.denakop.com/ Name: uxid
Value: lMk0j3r0TcSmtRMdB6NOIw%2F0
pbjs.e-planning.net/ Name: CT
Value: 1
.e-planning.net/ Name: E
Value: ABI/dWA2OO95LiiW
.rubiconproject.com/ Name: khaos
Value: KZIT6LG3-6-299J
.rubiconproject.com/ Name: audit
Value: 1|hLZGFuTafB2srUcMEajBP+bASkO6QPb7E03ikE5KqM12wHsFnqwQFD/3ubZIQu0ci5Mx2sIKXowwOD3+lVQI81ww/adD15BgcqcasMdJV06NKPCqKoc5Ow==
.doubleclick.net/ Name: IDE
Value: AHWqTUnKUf_8VKeUs_gRZeIEvUenCnYaSbSo5YM9wE5io6tQleb8qHwKKZWwhG0TUo8
.adnxs.com/ Name: icu
Value: ChgItMlZEAoYASABKAEwx_SakAY4AUABSAEQx_SakAYYAA..
.adnxs.com/ Name: uuid2
Value: 2769672989077157059
.consulteportal.com.br/ Name: __gads
Value: ID=276008c41dcaf4ae:T=1644608070:S=ALNI_MY36C9gf_aazm-HaboJh_K63m-41w
.adnxs.com/ Name: anj
Value: dTM7k!M41.D>6NRF']wIg2C%soooWy!]tbPl1M>e)ZlrFUfJ+tGXxp?>X>-g::p76PnMXQ9zteJ<[MJnaaS'X_V5sN3If)y3KL9D3I?+:bg^ps
.casalemedia.com/ Name: CMPS
Value: 3186
.casalemedia.com/ Name: CMST
Value: Yga6SGIGukgA
.casalemedia.com/ Name: CMID
Value: Yga6SEaeh7tzZU2gvZo4BwAA
.casalemedia.com/ Name: CMPRO
Value: 1121
.casalemedia.com/ Name: CMRUM3
Value: 2d6206ba482760CAESEGbFePAV2aq14rukUPkjYws
.sniperlog.ru/ Name: guid
Value: 3C7B3A9A5B549DE0
.de17a.com/ Name: guid2
Value: 1.8676454615186974075
.blismedia.com/ Name: b
Value: 6206BA484890A37F57E74BFEBLIS
.quantserve.com/ Name: d
Value: EAgBCQG1JYEA
.quantserve.com/ Name: mc
Value: 6206ba48-eac6e-a95c3-2f779
.adform.net/ Name: C
Value: 1
.pubmatic.com/ Name: KTPCACOOKIE
Value: YES
.uuidksinc.net/ Name: jcsuuid
Value: MYZPDatIJoc7sgT0ZwjE
.simpli.fi/ Name: suid
Value: C955EEB5C11D4A9BB0DE9873DA9CB125
.mts.ru/ Name: dspid
Value: ff8e9c4f-fad1-4315-bd4a-72ebe9c8f388
.adform.net/ Name: uid
Value: 2176270553071867322
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 21C518D5-F7EF-4222-8C39-1473F41E27C6
.yahoo.com/ Name: A3
Value: d=AQABBEm6BmICEPalhXn2P3nXe2N-qrvwUbgFEgEBAQELCGIQYgAAAAAA_eMAAA&S=AQAAAm7QznzoduNUoE9Df-BhyQo
.rutarget.ru/ Name: userId
Value: Y4uevdSsvP0J
.o2online.de/ Name: webShopPV
Value: ?partnerId=O2_DSP_TRA_HAV_14112_PV&mediacode=27008872_4307561_324252033_145982135_-0&ref=27008872_4307561_324252033_145982135_-0
.tribalfusion.com/ Name: ANON_ID
Value: aEnsIHRZdySaAIUMnYFxOqovSfb4j7gp3xdZdqbAmpNLwCJHOP3gWDpXxEQihDq9a1wooQcxrUYjMifZbqtbb5I6hfx
.mts.ru/ Name: mts_id
Value: 6be80722-af0f-440b-8a21-d4770e710510
.mts.ru/ Name: mts_id_last_sync
Value: 1644608073
.zeotap.com/ Name: zc
Value: 46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
.zeotap.com/ Name: zsc
Value: 10bTu%2C%BC%C76%9F%D4%1B%CE%22T%DC%E5%03%84%2Fu%D5%3B%EE%D4%DE%FF%2C%CBu%CD%3F%F9%EB%E0D%F2J%E8P%C0%F8C%11%18%B2f%40%B4c%FBn%18%CA%F7Pys%A5%0FJ+m%07%0En%D7H%60%90k%9B%2C%A9%84%95%DF%1Eq%8F%AB%2F%D9%AB%22%E5%08y%EE%B1N%B1cp+P%3D%DC0%0C%3C%13%1F%00%B7%AC%F3%AC%98%9ET%F7%29%1A8O%23%18%D4%80J%40%A3%93%B1%92%12%C7%AAW%CBd%CA%E2J%90%02%3F%C0%5CS%E3%97%D7%D3%82%14D%18%E1r%40%92%3C%19%B6T%D0tfe%84YD%EF%B9%E7%F9
.adsrvr.org/ Name: TDID
Value: efcbe9b3-0785-4e43-abb5-caee2056d131
.tapad.com/ Name: TapAd_TS
Value: 1644608075169
.tapad.com/ Name: TapAd_DID
Value: 2accbc87-2f90-4e77-bc4a-9fd97f61afde
.adfarm1.adition.com/ Name: UserID1
Value: 7063537896866707604
.adsrvr.org/ Name: TDCPM
Value: CAEYBSABKAIyCwjAjaK_iOi2OhAFOAE.
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value:
.weborama.fr/ Name: AFFICHE_W
Value: lfv3DoFENdaV43
.mathtag.com/ Name: uuid
Value: bac96206-ba4b-4800-be81-a797fbd3e0a4
.demdex.net/ Name: demdex
Value: 83340668355120521200458428045136337382
.theadex.com/ Name: axd
Value: 4285633444783641063
.theadex.com/ Name: tis_UgL
Value: UgLeAoww
.dpm.demdex.net/ Name: dpm
Value: 83340668355120521200458428045136337382
.crwdcntrl.net/ Name: _cc_dc
Value: 1
.crwdcntrl.net/ Name: _cc_id
Value: 5e87c3820b9b18f18e51405b4f8934bb
.agkn.com/ Name: ab
Value: 0001%3Axa4KwsZXWbvRKGYZQb2wrYtrrRckoD6R
.richaudience.com/ Name: avcid-zeo-uid
Value: 46d4b5df-6670-4dbc-4c20-a61a4acfb3d3
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yga6SwAFbJEMLAAy
.krxd.net/ Name: _kuid_
Value: OqBziRUK
.tidaltv.com/ Name: tidal_ttid
Value: 596d8883-70ce-4259-9477-13cecb85e0da
.tidaltv.com/ Name: sync-his
Value: "H4sIAAAAAAAAADM0NjAytTK0MAIAutpmOQkAAAA="
.fwmrm.net/ Name: _uid
Value: "o1342_7063537896863404747"

5 Console Messages

Source Level URL
Text
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=index&google_hm=Yga6SEaeh7tzZU2gvZo4BwAABGEAAAAB&google_gid=CAESELBjf8CAy3IMOWR4yDIXt_g&google_cver=1&google_push=AYg5qPI4Cei_V7ARpJAKo0Ni2ADNW1OfacAnXdA_08Jz4yYqtpu0HVZc_FETomdbzrghaUksPUsR1CucxOvvufGCZW6qoNpf8wBe
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://cm.g.doubleclick.net/pixel?google_nid=kadam&google_push=AYg5qPIlcGVwVI9SxOxRoiMLxLaEsFzL5zUz3qCAkj-snEkEHKKIDmiINI76ji13DxmcUoPgXl1QXJ77N8lJWLVtK8NssDnsYHA
Message:
Failed to load resource: net::ERR_TOO_MANY_REDIRECTS
network error URL: https://ib.adnxs.com/getuid?https://mwzeom.zeotap.com/mw?adnxs_uid=$UID&zpartnerid=2&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Request failed due to privacy signals)
network error URL: https://dmp.adform.net/serving/cookie/match/?party=1105&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://tags.bluekai.com/site/87734?id=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&gdpr=1&gdpr_consent=&redir=https%3A%2F%2Fmwzeom.zeotap.com%2Fmw%3Fzpartnerid%3D1202%26env%3DmWeb%26cid%3D%24_BK_UUID%26BK_SWAP_DEST%3D87734&env=mWeb&eventType=map&gdpr=1&gdpr_consent=&id_mid_4=46d4b5df-6670-4dbc-4c20-a61a4acfb3d3&reqId=934a5c81-f550-4810-40e8-05aee3c1a915&zdid=1361
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.mailmunch.co
a.tribalfusion.com
aa.agkn.com
aax-eu.amazon-adsystem.com
acdn.adnxs.com
ads.yahoo.com
ads.yieldmo.com
adservice.google.com
adservice.google.de
ajax.googleapis.com
analytics.mailmunch.co
bcp.crwdcntrl.net
beacon.krxd.net
bn01.er.bemail.it
c.eu1.dyntrk.com
c1.adform.net
c1ea1e80e59b871955c0114dfb9deb79.safeframe.googlesyndication.com
c2shb.pubgw.yahoo.com
c2shb.ssp.yahoo.com
cc.adingo.jp
cm.g.doubleclick.net
cms.analytics.yahoo.com
cms.quantserve.com
consulteportal.com.br
cs.chocolateplatform.com
cs.emxdgt.com
d5p.de17a.com
dclk-match.dotomi.com
dmp.adform.net
dmp.theadex.com
dmp.v.fwmrm.net
dpm.demdex.net
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
forms.mailmunch.co
google-sync.rutarget.ru
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
ib.adnxs.com
idsync.frontend.weborama.fr
image6.pubmatic.com
loadeu.exelator.com
match.adsrvr.org
mwzeom.zeotap.com
obgpm76tt0a0sgogzhdfe.redinuid.imrworldwide.com
onetag-sys.com
pagead2.googlesyndication.com
partner.googleadservices.com
pbjs.e-planning.net
pixel-sync.sitescout.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
portal.o2online.de
pr-bh.ybp.yahoo.com
prebid-us.creativecdn.com
prg.smartadserver.com
s.tribalfusion.com
s0.2mdn.net
sdk.truepush.com
sdki.truepush.com
securepubads.g.doubleclick.net
sm.rtb.mts.ru
spl.zeotap.com
ssbsync.smartadserver.com
ssp.adriver.ru
sync-tm.everesttech.net
sync.go.sonobi.com
sync.mathtag.com
sync.richaudience.com
sync.teads.tv
sync.tidaltv.com
sync3.sniperlog.ru
tags.bluekai.com
tags.denakop.com
tech.rtb.mts.ru
token.rubiconproject.com
tpc.googlesyndication.com
tr.blismedia.com
trc.taboola.com
um.simpli.fi
us-u.openx.net
usermatch.krxd.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.gstatic.com
cm.g.doubleclick.net
sync.go.sonobi.com
104.90.104.248
104.90.192.27
104.92.74.8
135.125.160.77
137.59.203.101
142.250.184.226
142.250.185.98
142.250.186.162
15.197.193.217
151.1.205.165
151.101.130.49
151.101.65.108
168.119.79.223
169.50.137.182
18.156.195.47
18.168.101.220
18.195.155.181
18.203.74.39
18.205.36.100
185.184.10.30
185.29.132.245
185.33.221.52
185.64.190.78
185.86.138.131
185.86.139.96
2.18.233.201
212.82.100.182
213.155.156.185
213.87.44.187
217.66.147.162
2600:1f16:e61:3f02:363e:3490:f8eb:b263
2600:9000:214f:f000:7:6b7b:1000:93a1
2600:9000:224a:d200:4:c961:9640:93a1
2602:803:c004:200::140
2606:4700:10::6816:1857
2606:4700::6812:160e
2606:4700::6812:c05
2620:116:800d:21:36a9:ecb:e518:b308
2a00:1288:80:800::7000
2a00:1450:4001:800::2002
2a00:1450:4001:800::2006
2a00:1450:4001:801::2008
2a00:1450:4001:803::2003
2a00:1450:4001:809::2002
2a00:1450:4001:810::2001
2a00:1450:4001:810::200e
2a00:1450:4001:811::2003
2a00:1450:4001:813::2004
2a00:1450:4001:82a::2002
2a00:1450:4001:82b::200a
2a00:1450:4001:82f::2001
2a00:1450:4001:82f::2002
2a00:1450:4001:830::200a
2a02:fa8:8806:20::2040
2a04:4e42:600::300
2a05:d018:24:b001:3357:fdd3:4721:80d2
2a05:d018:d29:3605:748b:6429:9458:3e3e
3.232.242.170
31.172.81.159
34.195.210.70
34.254.143.3
34.96.105.8
35.157.246.167
35.201.81.244
35.212.101.174
35.227.248.159
35.244.159.8
37.157.2.234
45.55.51.225
5.178.65.246
51.75.86.98
52.18.40.211
52.199.32.167
52.212.203.142
52.214.166.97
52.215.102.174
52.95.115.255
66.155.71.149
69.173.144.138
69.173.144.139
80.64.106.152
81.222.128.213
82.113.101.132
85.114.159.93
89.163.159.104
92.122.254.129
0199e862df7ad2f070799607872ef943351a65658b572f3305818a5d72b7d3b6
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
038159e3c290af5e6df691f78ddc73d8be95e03d197bfc112ac4cd11f4b59360
0636a9c2555964f82ef58cdae2df38b99cd57eb87acc3d6356a5a3c6542ee080
0665f5f3dfc038e410e2f0004a1a5ff6d2d91f392dd32208606eb8ff51195172
06c572e99c878362d40d1f358efdfe400ae1310f35cf22174dcdd5db022dd810
0719f2a768579e4cc98a0cb91a570d1e8905cbeb67a86838001c11e259c6d733
07f6decefd1b385e41f2b2320b15a71fa6fb600121f5b2c14ea974614472424b
096ebe5196b95f66c1c0b9f3dcea9e6e3f40f2d55cd5933af5e4942adb232593
0b8418d945d198bcd16959f0ca3380b229e4242a9db124a741e89c2c4cd4c4a5
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0dfb1017b3f967a81f1ad1c155c54a1f79af835718ee2046766121338f6f0b44
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0f266202b591aab2563e8ef52fcc7cf8d2358f48600ad7f52bc62462787dca01
1026fcb73fb1a15f6d5e68385511113f8c40b7ef86a2a38f578cc2621e0214a2
109b034825b816394cf881b86316dbf3df78c3f0ed832e211a7e580390c6d44b
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
144822a1b5316a4e9a06ffbf5802b8c1cbbc0a3f230d81b98f362f7fe4c128c8
1460e4ba5d8a29324c75f80802081c73d2143d8c9581a84ca3df707fbc6e477c
1831fbde2aeb785cc1b8690bfcb85be88eda1279096e122e7b132d73de59830a
185e052fec954622af7a1ae789eb921176f67fe0342ae5f4033d81bae75aa1ec
1c176742040fa0fa7d0c6ddb5bdb7a7c81e1e0b091a9aded5fb9dff7ef223b1a
1f560c3e9fb5beeed86da7d5be1ae459c22af6ec1d58f77e2a89a20063ef7ba2
204265a6f1fc8529e4a64cff2c17c04709b46455f93003d24edb50bd78977223
21d70d3f607473ef14b4cdfcfee88ab8230e70de910f26c4242d7eae3234dc6c
2225345a40b3389624bc596ce6bf6dc654645143fc7d1837c1eb6bcad72ad095
22d0e4edd0c97ed165ae59f06677086d986ad00ea793ce7b466b56b92aa7b266
23c79bb552706be2ca97bdb259921e3269a5263326b147676c2f7909a45b58c9
2422933c30df509b7f90bccb83fb8e17c37db3308efa4dc5d8304a76bbf193ce
28f18d39406a4b70dfa6cd479fe03f7ed918ca5c05cee26b87d9e1626cea1ed9
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2cef3a9d0606aecfe2476867e61f76535b9bb5b8e9d31957cc9504cdd1e69396
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
33530b007071281a97e79baab13ddf7cc4b9de942ebd3e212224857335f7cb97
341e0d761251ee538d0cad6322c66abdbf78dc7d6f3ca62f3459fab822a2103f
37a31642af0a7fe695ed0fd68a06a55af44e854d083dc7f5d0e70535f0189ae0
3a22b29e11f6ad3ed458e71525b4edfaf0b9ab4cd962ae9a239b9509c106c826
3a2b5ec69aadc644a9439be318a6fa1a55fb26311460c3607dd2b66646010d94
3a7b5f2e7e3fd51102d05b2706291210864e7890361d932311a18048073374ae
3d649c0b3e87fd6abcb983656a0a1b3923a2a59885c3a30538641fd4f7126cbd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3f30dd590395286337ce5b7b31925de09159c5b6028764afbad58e2f8cc829ec
3fdf2ee487005f6505d00cc9d7a3757a1942d56bcaea69929cbd5ba110494390
406dae81a8e95037a3bca53ca771f446df097cf86084d76de62fd308e2bf32a5
4175ed355dbfae2989e7d4c73bcc80be5cd4073367c8a2c8385d1ffaf6ea5cde
42e4b568436b29320d64d25114e0c6681f90282220ce6424bf116d7409397e5c
437e6e23bb4219f1dd245da75b1729666e71fbf31985189fa35be75702b8cab9
460536973244a66560fa46c0d94dfccd16e57879b3458883ab3b50b7619d92dc
4642568b405b3750fb18df621889e27def95e8162c1cdd256a21b319c9a4e24b
4716532263c9a8da2b2953abb508db027a0971bd0a8f51641917f967406e4d84
490c82e881271d51534d76b89187012c5739554524cec4dee3bc7deb5aef9e55
49c6ada02581a965fd6689b280033b717427644eb8c18175bbfc7b64b81b985d
4b31f597e9852f3e8ef045d9f6032a8ecfe9d8e5c6cde3196c6964e193fe6615
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4cbd0db8a560e9f9a31aba536d913ac14e2a172ba3ca1027bb4f167d1381a63b
4d45982f2dc34f36c9045ee46a75a1943666bb7fd64e103cac8c7429e7012840
4d72e121e6414f0db7700ee7b5cfb3f17341194adde652a63fd005ecd151e748
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
5003dd0f2d316ec6a68c6189a14d9278f0730a6d162cf24fc918e41e6391ee38
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
51fd59816d031a2f778b4afadcf1c02fce7dfd88a0574fd6edd1202897a6eaa7
52beff4f0451de4950d8151aa4aae0c3828f1f1139d634d497e1924d8ad93259
53b432abc7b7bca1b37ea5a8eff17f1cf42c6bfee994afdac382516816eba433
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
5914b7f0f1f50a92aa385db730e252b008d77899afc0a62506ba5c5e874ac034
59f93c8637fa1e41eb70ab270cc6a5dff7887d9ab040daec1a8fba1e3edc4cd5
5b28f2855e57c8643dee5bd9709d83a52140be2ce80d56fe02863e359de0389c
5c4a713ee4250851232be9f9f68d41586be39b299528cfc7266e0b0e7e582e1b
5dea9fadd73b5ab48310aacd81562164b521da81fa8083ca6afff184dc0e241f
6039cdb2c8028b73ddb9d711e7eb22834a8e11ba865283a7ed2fd2c75a401040
60b6fb70c39877b90333526914dbc0d47052cd8c4c298c421aaee2f9d6b48bcc
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
659b4a7bea46261aca61fe107917ebe69fcced12570cdbf7c30ea019a38474b8
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6ab26cf4413be7aebe15958c9464d2993e42d4ed4bf306e9d58845b53dbdd804
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
71120292c1c264d86922684ad25cc91b9b8c5c29858161f775196aedbbc4cc44
72cba973a13281d33ddcf12be4f495c0ecc6608ab483fc8f14c7de4b5027d0fb
74987e0ef6673e2d698cf0cd53f7c13ddf2480ce0859c50a84dc56f1a0fc2f06
76d9481e23807702e585bf0363685e03251e228865f7b27308f010189f0b8c45
7a33f619b998c5b6289f5122ec27eae81a253631b797a4afeda7f3c46d567d5c
7a6ac6e588a725241e6f43feaad46fb36de9682576f5f29c570edc3ec5247477
7aa3de3cbeaac194729834621c09a127dfba2d7fc731a0807e81219a6f69b079
7b6fef0a63424245b31b293b1a3bfd074c9da482e28fb9e920e1cf306e54e8a2
7f284e12eb95657cff313442d191444703dcf3da8b5c7158c6b1656361d8191d
82ee4652668b1770191d857cebb7c8f403b91effbe430715a2a308136913a2db
85564387b8c51f31a300060509d0126d69fa349e7eeed675e6b9affe0f092caf
87914c39b75b1d69e2deb58f2fb51f41707cc344a6ca4e4b529ca7c31ae73d84
87acfb5de3aa64f5a830b479a87d61133e642a9b9cf3a65692f902ccfde7c2cb
88915cdc03fc5b9a20aec966fe93ee38aa3fd76bfef296e41d305271b3541c96
88e64ea35e412cf2d2fcafa9a28c6492f60162f5047677236717f91a463ea086
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8f4b70778aa21c1c093c6acbad70c70b2e69d4d22e47d9405ee137db16ca050b
8fc9992233eaa7ade3ec4548a18c8dfe5ef75ba311e541c31269e31226a6b589
926b43e18093d6ffce776e1c39fcc7e091737ec3b9b4d24ec2add928bb65e54f
949448840982c267cbacb0aadde067218f404646e15e92b72991715a2988d1f0
99f6018fcf7caa1290f96ec271438ceb136aa314aa8ce58b6ac16a233a88d13f
9a8c37b891d1d5e805442542f294b9b2ec1a231277a19d65edd8419eb7a60e9e
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9d4b90e4e60a6ed6be197b23d4c0537a6275b49094c65dccbe25c9111c1cc814
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a01a61ef739a2a7d2262de68d7430c81d6ac5a2984c8d743b3fe6396820610df
a0888c1fbb7483936160ef75bffbaa54591bfd6f910fa0909dcadc6b127e944c
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a285337ae3fac1859a2f626f20d9a8d1a46e36e59ef427f85e7deda94afffb62
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a575e2f63d79cdaf5a92b4453bfcaadb462119aa1216b4f28920e37e2d9b8e7b
a615849237c0ce94e73fc69d86e5f9c58bdaca8d9756a5ff4c88fa86b14e6177
a64e82e555d588d94ec48e88d15d1945290807baa3dec79b976b01ed2710ca64
a73730123a43c3040d889aaee11ec35094277ce5f778076b262c23a293870adb
a857f96865a3f84bef5d55176d17c4683d0b2c4aa5deec4575243c7f7e872bed
a9b7ce715462fa38f371310d55fbdc7efc7570b45f7844316d46cfa4a4359277
aaf41e16a9e36530e0a71ce3b18eb32e915ad26e9f0e61ee7c610933ac888682
ab7475d461d9f613ef90faa375ec3387987dd7536af23c13cacd6be9c0c0e370
ae30adfee35b575d449c46a59e67b77a6c57d24ee05b04a4dbe469623e372a82
aec3d419d50f05781a96f223e18289aeb52598b5db39be82a7b71dc67d6a7947
af8b8852aac239c3c3ae4dc25794896f8c851d1716bc55a099441b59f448f146
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b25ac99d50352ead8b958bc1becb09c376df0c0e1540ea1fd2f4ab9dbc11f55e
b64291fc91dc77833930ffcead244193c5cfd9e882af312ecc89b580160c22a1
b9ab67d9a55a7ccb9efc03a9f952d84218103c558c873ae08577e8f0ea834457
bd4de6a3fc0fb68d6f76ba7b93514b96a92e585c295b5351c31ad92a4b0777ea
c0c394da8d74dbd52fb6b05fe19e4c01b583af5dda0cafdb2df0788e0c402dba
c110419995948214e5b16d9d0df8f7d91536cc42783edd90c7fc1810308309ac
c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c600adb1e3d6281621818ba058f98a8fa9ba43bd31a97c2cf98901400ba6f461
c6add8a7845483e489786f13488bf8051991e046e51f27f246b03704a3de129f
c74949ccc30d960afd18a0fa7a18bc89ce22df320748298c8c027c836ac6a539
c97bb3ca107ce9dff21b27d98703b6b7e6cd813d252ce8b1afb1bca174ce49fb
cc139bb571ba15adcd2e6f37859679ce715e5de67720f0724595e5b8a6dfe9b5
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0c1ea7be1218f841b258db97dc5f0e68d2c4f630753650eb5126c2af2394359
d0e8821e889280c3b745b859e6b3971924723a4562bac65ba8aa0fe44bfc83b2
d1a8a8690f6159e281cfc9a287e8dab64c36c20ead13c1880ab15e1334862b4a
d6c6d0b6440485f2536e96758b074c4713ef69a56511f2af2128f23ce6eebdca
dafaefdf8bdad0fb2ee2ed172dfbfcc6ef1227614e094b0cd71b9207ffbcfcbc
dc9f0a3d9a45cef63f8e4c94e763fcb9eea3ca35a326579d3376804d34d65c16
def5de6254be138b8b35d680d1fdd8b07827d03b8626daebfeeb4157ec330ea7
dfa74f388e1880583f00404a3a4e88c7fd1887f3577120cd4f1ec59fa7c3b174
e30f3479d6ce52ce1c83c50e5568a4a7c1080c3214b23aacbc9d21efdd52f95a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
e586a84d8523747f42e510d78e141015b6424cf67d612854e892a7bcedc8ec9e
e84f95c3cea09624eaa4878e947c8921ee9a84075fd6320d01ac601dd4f4a441
e8c2e4d6ab0ad2f055a6cc3c777d31531e665758db5ca815f2613afad72f7088
e9ec9ebf944bc428590b4c2b665ad3086a0f991bf785341635e876beaf048e7b
ea3042e7d5d11e171f2a9b8d5a3cde2e55995d2b1a23ae7071a958973a1af694
eacb3c40fa1c1773c8159aba39af3b7203f0b0cb6eb3bec701fbb1a460cb1ebd
eeb72af19255aa6d90fe2b39649b9b18c09a1d61e5f069068adaeb3e9169b93e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f599a9c44739898de4083ea546da4940d9f7f5eb1e76b509aa90741b8f5531d0
f623564c53c2e08780c064012cfbdbde0a80ee56816f4d5d3d52c46ed285cb95
f7e71cb147c3e4876cfd1609b3f0808d72fd977903bcc5ab705271741d6fd147
f93d0298dd39f7dff18566a5b2754067e26c0182b469fd6b24e5d63429fef88b
fd11fa353cc6a8560f4c35e67c6fb8a3a4061ed3de4309cdf83fca65f8319bb4